9.8a Debug version

Hi, I am currently using the debug version of Open SSL 9.7e. I am encountering some problems in getting the debug version of 9.8a. I currently have the dlls for the 9.8a but I don't have the pdb files. I would need to use RSA-PSS using the new dell and perform some debug operations. Can anyone pl

Re: Fwd: Changing session key, IV & HMAC key regulary

Thanks JimmyOn 3/8/06, jimmy <[EMAIL PROTECTED]> wrote: Jagannadha Bhattu G wrote:> Hi,>> Can somebody help me with this?>> Thanks> JB>> -- Forwarded message --> From: *Jagannadha Bhattu G* < [EMAIL PROTECTED]> [EMAIL PROTECTED]>>> Date: Mar 6, 2006 6:49 PM> Subject: Changing sessi

Re: X509 cetificate! HELP!D!=!-!)

On Wed, Mar 08, 2006 at 03:10:23PM -0500, Doug Frippon wrote: > Hi, I am trying to generate certificate that i,ll be using for a ipsec > segment between a OBSD 3.8 and a Windows worstation. I'm using ISAKMPD > for this on the OBSD side and the security filter on Windows. If I use > a pre-shared key

X509 cetificate! HELP!D!=!-!)

Hi, I am trying to generate certificate that i,ll be using for a ipsec segment between a OBSD 3.8 and a Windows worstation. I'm using ISAKMPD for this on the OBSD side and the security filter on Windows. If I use a pre-shared key everything is fine but with the certificate I'm almost became mad. I'

Re: EC_GFp_mont_method error with _EC_SECG_PRIME_160R1

I had been setting the x and y coordinates with BN_bin2bn, not with EC_POINT_set_affine_coordinates_GFp . Some of the point setup had not been performed. Everything is good now. Steven Pauly Pitney Bowes GMS Nils Larsch <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/08/2006 12:52 PM

Re: EC_GFp_mont_method error with _EC_SECG_PRIME_160R1

[EMAIL PROTECTED] wrote: I'm getting a EC_R_POINT_IS_NOT_ON_CURVE when using _EC_SECG_PRIME_160R1 for the following public key: X:7B AE 41 B9 06 CF B6 FC D4 5B 8C 17 2F B8 30 59 E0 29 30 1C Y:FB 5C 39 C6 76 15 AB E4 B3 86 86 BA 8D 56 7D 49 08 A3 E8 1E Z:1 If I modify

Re: Wildcard ssl certificate using subjectAltName

Thanks a lot! -- View this message in context: http://www.nabble.com/Wildcard-ssl-certificate-using-subjectAltName-t1103260.html#a3305049 Sent from the OpenSSL - User forum at Nabble.com. __ OpenSSL Project

Re: Wildcard ssl certificate using subjectAltName

On Wed, Mar 08, 2006, caveman007 (sent by Nabble.com) wrote: > > BTW, when I want to extract this DNS (e.g. in the case of > authentication/identity validation) > as a char* string, I'm trying this: > > GENERAL_NAME* gen = X509_get_ext_d2i (cert, NID_dNSDomain, NULL, NULL); > if (gen && gen->typ

Re: A little help would be appreicated

e release version of 0.9.8 though: pick a recent > > snapshot or use 0.9.7. > > I've downloaded > openssl-0.9.8-stable-SNAP-20060308.tar.gz > and only found a 'CA.pl.in' file. > > There is no CA.pl file. > > But judging by its version number inside, its not

Re: A little help would be appreicated

given some simple options. > Don't > use the CA.pl in the release version of 0.9.8 though: pick a recent > snapshot or use 0.9.7. I've downloaded openssl-0.9.8-stable-SNAP-20060308.tar.gz and only found a 'CA.pl.in' file. There is no CA.pl file. But judging by its version

EC_GFp_mont_method error with _EC_SECG_PRIME_160R1

I'm getting a EC_R_POINT_IS_NOT_ON_CURVE when using _EC_SECG_PRIME_160R1 for the following public key: X:        7B AE 41 B9 06 CF B6 FC D4 5B 8C 17 2F B8 30 59 E0 29 30 1C Y:        FB 5C 39 C6 76 15 AB E4 B3 86 86 BA 8D 56 7D 49 08 A3 E8 1E Z:        1 If I modify the function EC_GROUP *EC_G

Re: [unclassified] A little help would be appreicated

Ok, I've now created a .p12 file with the CA.cer and a user's .cer I can import this into MMC and it makes no difference. my user cert is still not trusted. -- Stuart Halliday ECS Technology ltd Registered in Scotland - #212513 -Original Message- From: Peter Sylvester <[EMAIL PROTEC

Re: Wildcard ssl certificate using subjectAltName

BTW, when I want to extract this DNS (e.g. in the case of authentication/identity validation) as a char* string, I'm trying this: GENERAL_NAME* gen = X509_get_ext_d2i (cert, NID_dNSDomain, NULL, NULL); if (gen && gen->type == GEN_DNS) { char* buf = i2s_ASN1_OCTET_STRING(X509V3_EXT_get_nid(NID

RE: A little help would be appreicated

Hi Stephen, There have been a few email messages on the list recently concerning negative attributes of 0.9.8, with recommendations of using 0.9.7.x versions. Are we to assume that later versions of 0.9.7.x are really preferred for creating robust solutions with OpenSSL, instead of 0.9.8-based ve

Re: problem with converting pfx to pem and Verisign Intermediate CA

Quoting "Dr. Stephen Henson" <[EMAIL PROTECTED]>: > On Mon, Mar 06, 2006, [EMAIL PROTECTED] wrote: > > > Can you give the full error message? > > It looks like it is the wrong intermediate CA being sent. > > With the server cert do: > > openssl x509 -in cert.pem -issuer -noout > > that should matc

Re: Choice of CAs in SSL/TLS handshake

On Wed, Mar 08, 2006, Peter Sylvester wrote: > Dr. Stephen Henson wrote: > >On Wed, Mar 08, 2006, Peter Sylvester wrote: > > > > > >>Another easy way is to use self signed certs of the acceptable CAs. > >> > >> > > > >I'm not sure that would work because the path building algorithm first >

Re: Fwd: Changing session key, IV & HMAC key regulary

Jagannadha Bhattu G wrote: Hi, Can somebody help me with this? Thanks JB -- Forwarded message -- From: *Jagannadha Bhattu G* < [EMAIL PROTECTED] > Date: Mar 6, 2006 6:49 PM Subject: Changing session key, IV & HMAC key regulary To: openssl-users@opens

Re: Choice of CAs in SSL/TLS handshake

Dr. Stephen Henson wrote: On Wed, Mar 08, 2006, Peter Sylvester wrote: Another easy way is to use self signed certs of the acceptable CAs. I'm not sure that would work because the path building algorithm first tries to construct as much of the path as possible from the set of unstrus

Re: A little help would be appreicated

On Wed, Mar 08, 2006, Stuart Halliday wrote: > > If it helps, here is how I generated the certs. > > 1st, the CA. > > openssl req -config openssl.cnf -new -x509 -keyout > ECS_CA/private/cakey.pem -out ECS_CA/cacert.pem -days 3650 > > > Then I used the following commands to generate the users

Fwd: Changing session key, IV & HMAC key regulary

Hi, Can somebody help me with this? Thanks JB-- Forwarded message --From: Jagannadha Bhattu G < [EMAIL PROTECTED]> Date: Mar 6, 2006 6:49 PMSubject: Changing session key, IV & HMAC key regularyTo: openssl-users@openssl.org Hi, Can some one let me know if the SSL protocol specif

Re: A little help would be appreicated

On Wed, Mar 08, 2006 at 01:20:15PM +, Stuart Halliday wrote: > > When you create the user .P12 files, then include the CA certificate > > into it, i.e. > > use a certfile that contains the user cert and the self signed CA > > certificate. > > The p12 file contain thus the private key of a use

RE: A little help would be appreicated

> See the certificate subject (owner) and issuer: For a CA, these 2 > fields > will be same. For server cert, the issuer field will contain the DN of > the > signing authority - this CA, or any intermediate CA. Then I do have a CA type. The 'Issued to' and Issued from' fields are the same. ie: 'M

Re: A little help would be appreicated

> When you create the user .P12 files, then include the CA certificate > into it, i.e. > use a certfile that contains the user cert and the self signed CA > certificate. > The p12 file contain thus the private key of a user, the user's X509 > certificate > and the X509 certificate of the CA. Th

Re: Choice of CAs in SSL/TLS handshake

On Wed, Mar 08, 2006, Peter Sylvester wrote: > Another easy way is to use self signed certs of the acceptable CAs. > I'm not sure that would work because the path building algorithm first tries to construct as much of the path as possible from the set of unstrusted CAs with the exception of the

Re: Choice of CAs in SSL/TLS handshake

Another easy way is to use self signed certs of the acceptable CAs. Dr. Stephen Henson wrote: On Tue, Mar 07, 2006, Olaf Gellert wrote: Samy Thiyagarajan wrote: Hi, May be changing the verification of the depth level solve this issue. ( I mean check the chain only upto User CA 1 and

Re: Choice of CAs in SSL/TLS handshake

On Tue, Mar 07, 2006, Olaf Gellert wrote: > Samy Thiyagarajan wrote: > > > > Hi, > > May be changing the verification of the depth level solve this issue. ( > > I mean check the chain only upto User CA 1 and not upto the Root CA ) > > In this case it should not report about missing valid root. >

RE: A little help would be appreicated

See the certificate subject (owner) and issuer: For a CA, these 2 fields will be same. For server cert, the issuer field will contain the DN of the signing authority - this CA, or any intermediate CA. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stuart Ha

RE: A little help would be appreicated

> Its not the server cert you need in the trusted certs store - it's the > CA root cert. Surely that's what I've got? I created a CA cert I thought. __ OpenSSL Project http://www.openssl.org Us

RE: A little help would be appreicated

Its not the server cert you need in the trusted certs store - it's the CA root cert. And you'll need any intermediate CA certs in the regular CA store D. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Halliday Ok, so I put into the Trusted Root

A little help would be appreicated

Hi folks, I've entered the big complex world of Certificates and I need a little help. I've got a Windows XP network and a Linux server. We wish to use certs to sign electronic forms with MS Infopath 2003. I've read up on how to make a CA cert using openssl and I can make on the Linux Server th

Re: Choice of CAs in SSL/TLS handshake

On 3/7/06, Olaf Gellert <[EMAIL PROTECTED]> wrote: > Samy Thiyagarajan wrote: > > > > Hi, > > May be changing the verification of the depth level solve this issue. ( > > I mean check the chain only upto User CA 1 and not upto the Root CA ) > > In this case it should not report about missing valid

question regarding us of openssh with openssl-0.9.7i

Hi, I am facing a problem when using openssh-3.9 with openssl-0.9.7i. Both ssh and sshd are crashing. I have compiled openssl with fips. But openssh has not been changed at all. Openssh does not use the fips api at all. But when I try to open an ssh connection both the ssh client and the ssh d