I have a question about storage of private keys outside of the FIPS
module and about CSPs in general -
In section 4.1, Rules of Operation, rule 10 is given as:
Secret or private keys that are input or output from an application
must be input or output in encrypted form using a FIPS approved
hi
when i try to sign my request i
get an error saying the country name field need to be same in CA cert and
in the req. !!
Any idea..?
here is the snip..
OpenSSL ca -in expired_req.csr -cert
... -keyfile ... -key -startdate 051201101010 -enddate
051230101010 -out expiredCert.pem
Using
On Wed, Feb 01, 2006, Samy Thiyagarajan wrote:
hi
when i try to sign my request i get an error saying the country name
field need to be same in CA cert and in the req. !!
That's because the policy section of the configuration file says they must
match.
If you don't want that use an
Is EVP_get_digestbyname() safe for usage in multithreading programs
(multiple concurent calls)?
Thank you in advance,
Milan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Thanks Steve.
I got it
-Samy
Dr. Stephen Henson [EMAIL PROTECTED]
Sent by:
[EMAIL PROTECTED]
01.02.2006 13:59
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
Re: Error in signing
Classification
On Wed, Feb 01, 2006, Samy
On Wed, Feb 01, 2006, Milan Tomic wrote:
Is EVP_get_digestbyname() safe for usage in multithreading programs
(multiple concurent calls)?
It should be since certificate verification uses it.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core
This is my understanding of the rules, and I will freely admit that I
am probably not qualified to give an appropriate discourse on this.
The secret key that is used to encrypt a private key is generated from
the passphrase, which itself is not the secret key. It is a Key
Generator.
In order
is there a tool (command line or graphic) which enables creation of
self-signed certificates with rSASSA-PSS?
View this message in context: X.509 tool generation
Sent from the OpenSSL - User forum at Nabble.com.
On Wed, Feb 01, 2006, majorsoul (sent by Nabble.com) wrote:
is there a tool (command line or graphic) which enables creation of
self-signed certificates with rSASSA-PSS?
Not currently in OpenSSL. The RSA PSS algorithm is not at present fully
integrated into OpenSSLs public key framwork.
All you would need are the two packages at the first two links, and you are
there.
You don't need the compiler, since these are pre-built installers.
Once they are installed, they will run natively on Windows, no need for
Cygwin.
After that, it's just a question of reading the manuals for
Can you recommend a tool which can do the work?
View this message in context: Re: X.509 tool generation
Sent from the OpenSSL - User forum at Nabble.com.
I just fixed an interesting problem I was having with OpenSSL-0.9.8a running with the wcecompat-1.2 library on WinCE5.0.
I have multiple CA certs in a cert directory hashed by the c_rehash
function. The CA certs are in a hierarchy 2 levels deep. My
app (wpa_supplicant) is running as a client.
The function stat causes
errors in functions as by_dir used when a certificate is
verified. Windows CE, at least 4.2 version does not implement stat, and the
implementation from wcecompat is not correct.
Have a look at the code at
http://karajan.it.uc3m.es/~pervasive/wce_lite_compat/
I don't know if this has been talked about to death, sorry if it has. But
I see a big difference between the way openssl deals with shared libraries
between version 0.9.7h and 0.9.8 that doesn't seem to be addressed in the
documentation.
On Solaris 9, if I config, make and install openssl 0.9.8 (
OK, thanks for that pointer. wcecompat has been working fine in
all other respects, and with this fix, I have no issues with it.
So I think I'll just stick to that. Its good to know there are
alternative compatibility libraries around though.
Thanks,
Michael
On 2/1/06, Daniel Díaz Sánchez [EMAIL
Title: Message
Hello,
I'm
looking for a primer or how-to on setting up FakeBasicAuthwith a Wiki
portal engine running in PHP, with a MySQL backend.
Any
suggestions are greatly appreciated..!
Thomas
Thanks for the reply ,
I installed all packages ..
But my https:// is still not working ..
I enabled ..
LoadModule of mod_ssl.so, Listen 443, and modified Virtual Tag
I think that the problem is SSLEngine on
when I enable SSLEngine on , my http://server isnot working anymore
When it
Hello All, I am using OpenSSL 0.9.7e with fips configure option. I edited one of the fips source files and tried to build OpenSSL and I got the error"Your source code does not match the FIPS validated source." This error can be overcomeas follows i. Edit the fips source files.ii. Generate
Hello there openssl users.
I recently compiled and built openssl for a VC-WIN32 target, however I'm
running into problems.
I compiled static (release mode default) and did nmake -f ms\nt.mak (vc2003).
I then successfully linked against the openssl libs, only to find that
19 matches
Mail list logo
