All,
I am having trouble with verifying client certificates. I obtained a signed
server cert from CACert.org. I have been trying to use that cert to issue
client certs. The following verification error appears:
openssl verify -CAfile zmodem.crt newcerts/01.pem
newcerts/01.pem:
probably there exists a bug in current openssl binary (linux windows)
in signing or verifying certificate revokation lists with moduli-sizes
larger (2^16)-1 (for example 65536 Bits).
An valid example is added to the mail-extension.
When running openssl crl -in rootca.crl -CAfile rootca.cer
Hodie III Id. Dec. MMVII est, Stephan Bärwolf scripsit:
probably there exists a bug in current openssl binary (linux windows) in
signing or verifying certificate revokation lists with moduli-sizes larger
(2^16)-1 (for example 65536 Bits).
Apart from the fact that a 65536 bits key is a
On Sun, Dec 09, 2007 at 05:41:16PM -0500, Anthony Grossi wrote:
I am having trouble with verifying client certificates. I obtained a signed
server cert from CACert.org. I have been trying to use that cert to issue
client certs. The following verification error appears:
A server cert is not
hi!
while i was testing encoding options of openssl i found this parameter list
options are
-in file input file
-out fileoutput file
-pass argpass phrase source
-e encrypt
-d decrypt
-a/-base64 base64 encode/decode, depending on encryption flag
-k
Victor Duchovni schrieb:
On Sun, Dec 09, 2007 at 05:41:16PM -0500, Anthony Grossi wrote:
I am having trouble with verifying client certificates. I obtained a signed
server cert from CACert.org. I have been trying to use that cert to issue
client certs. The following verification error
I'm stumped so I thought I would give this list a try as I believe my problem is
an openssl issue.
Background: Building an SSL enabled Apache web server on a closed network.
Apache under Solaris 8 OS. Need to restrict access to users with ID
certificates issued by particular CA's (issued by
Hi
This is my piece of program:
EVP_CIPHER_CTX_init(ctx);
ret = EVP_CIPHER_CTX_set_padding(ctx, 0); //0 for no padding, 1 for
padding // ret ==1 here
unsigned char *key = GetKeyPtr();
ret = EVP_EncryptInit(ctx, EVP_aes_128_cbc(), NULL, NULL); // ret ==1 here
ret =
Replying to my own message to add additional information.
When I try it with Firefox, it asks which cert to use from my smart card etc.
and then throws this error dialog.:
Could not establish an encrypted connection because your certificate was
rejected by euukmoappd003n.dev.local. Error Code:
I believe I have solved the problem which was caused by some directory
permissions. That is why when I ran openssl verify by hand, everything seemed
to work. What threw me was Apache said it was reading the CA certs in the log,
but apparently wasn't really.
I spent 3 days working on this before
Hi!
Some weeks ago I tried some things with Openssl in C.
I found evp to be very handy, and so I can cypher, decypher, sign, verify,..
I can work with complete messages, or I can work with streams.
I realized the way to everything, except to blind signing.
The way I'm trying is (on the same
Hi
This is my piece of program:
EVP_CIPHER_CTX_init(ctx);
ret = EVP_CIPHER_CTX_set_padding(ctx, 0); //0 for no
padding, 1 for padding // ret ==1 here
unsigned char *key = GetKeyPtr();
ret = EVP_EncryptInit(ctx, EVP_aes_128_cbc(), NULL, NULL);
// ret ==1 here
I am tasked with identifying which systems in our network required this
patch. I have a tool that can search files for particular data. Is there
a value in a file on vulnerable systems that can positively identify which
systems need the patch?
Jaime Castells, CISSP
--
NOTICE: The
[EMAIL PROTECTED] wrote:
I am tasked with identifying which systems in our network required this
patch. I have a tool that can search files for particular data. Is there
a value in a file on vulnerable systems that can positively identify which
systems need the patch?
If you're referring to
Hi,
I have Openssl based TLS server where a java jsse (java secure socket
extention) client connects.
After a bit to exchange the server tries to renegotiate,
here's a sample code
ret = SSL_accept (ssl);
CHK_SSL_ERR(ret);
char buffer[256];
int count = 0;
static BIO
On Mon, Dec 10, 2007, Vittorio Giovara wrote:
hi!
while i was testing encoding options of openssl i found this parameter list
options are
-in file input file
-out fileoutput file
-pass argpass phrase source
-e encrypt
-d decrypt
-a/-base64 base64
16 matches
Mail list logo
