Hi ,
I am making a CA site for my college project purpose.I learned that
different browsers use different methods to generate CSR.Making CSR in IE
was easy.For vista systems I used CertEnroll.dll methods and for non-vista
IE i used xenroll.dll.I generated CSR in javascript successfully using
2009/5/29 jazeltq jaze...@163.com:
在2009-05-28,Victor Duchovni victor.ducho...@morganstanley.com 写道:
On Thu, May 28, 2009 at 11:51:42AM +0200, Ger Hobbelt wrote:
Only if the data is text. Using strlen() on binary data is another
classic/basic 'C' programming mistake.
if it is binary data, what
On 2009.05.29 at 11:31:56 +0530, tito wrote:
I want to make my project compatible for mozilla and opera too
i want to do the same for mozilla too but i guess mozilla method doesnt
generate PKCS10 format
There is window.crypto Javascript object in the Mozilla, opera and, I
think,
thank u victor,
i did generate CSR thru the object window.crypto, its generateCRFM request
object...
but it seems there is no way to sign it using openssl..i googled a lot for
it..can u tell me if i can sign it using openssl.. openssl doc doesnt tell
anything abt CRFM string signing..
2009/5/29
Folks -
I have a basic question relative to the FIPS openSSL lib and US export
control law. As I understand it, in order for the openSSL lib to run as a
FIPS certified module, it must be configured to be loaded as a dynamically
linked library. If that is so, how do you get a export classification
Hi,
I am having problem building openssl-0.9.8k on windows 32 bit server
2003 machine using visual studio 2008.
I executed the command perl Configure VC-WIN32 -prefix=c:/openssl which
was successfully completed. Then i executed the command ms\do_ms and the
below error occurred. Please help
On Thu May 28 2009, Bob Bell wrote:
Folks -
I have a basic question relative to the FIPS openSSL lib and US export
control law. As I understand it, in order for the openSSL lib to run as a
FIPS certified module, it must be configured to be loaded as a dynamically
linked library. If that is
Hi,
Non-Blocking Server Side socket on solaris.
a). Attempt to write data on with SSL_write. This returned with
SSL_ERROR_WANT_READ.
(So as I assume what should be done is,
1. wait for data from the other end on this socket in a select call,
2. when select detects data is available call
On Thu, May 28, 2009, Bob Bell wrote:
I have a basic question relative to the FIPS openSSL lib and US export
control law. As I understand it, in order for the openSSL lib to run as a
FIPS certified module, it must be configured to be loaded as a dynamically
linked library.
No that isn't
the output i got from openssl
=
C:\OpenSSL\binopenssl ca -policy policy_anything -config myopenssl.cfg
-cert certs/ca.cer -in requests/spkac.txt -keyfile keys/ca.key -days 360
-out
certs/mycert.cer
Using configuration from myopenssl.cfg
Loading 'screen' into random
Still now i was believing that to all the application should link to
libcrypto library at the compilation so that it can check the fipscanister.o
hash value in the library with the prevouisly stored fips .
As the user guide says
1. The HMAC-SHA-1 digest of the FIPS Object Module file must be
On Fri, May 29, 2009, tensy joseph wrote:
Still now i was believing that to all the application should link to
libcrypto library at the compilation so that it can check the fipscanister.o
hash value in the library with the prevouisly stored fips .
As the user guide says
1. The
On 2009.05.29 at 17:16:00 +0530, tito wrote:
the output i got from openssl
=
C:\OpenSSL\binopenssl ca -policy policy_anything -config myopenssl.cfg
-cert certs/ca.cer -in requests/spkac.txt -keyfile keys/ca.key -days 360
-out
My libcrypto.a is a shared library and also fipscansiter.o has been
incorporated in a shared library libcrypto.a .So to get the fipscanister.o
at compile time , it need to link with libcrypto.a at the compile time in
order to check hmac-sha1 integrity test of fipscanister.o embedded in the
I have gone through the user guide again , i am little confused now . This
statement makes me confuse
A HMAC-SHA1 digest of the FIPS Object Module code and read-only data must be
generated and embedded in the application executable object for use by
the FIPS_mode_set()
function at runtime
Title: sslv3 alert certificate unknown
Dear,
I have a gSOAP server, using OpenSSL for secure communication.
When I use a gSOAP client, everything works fine.
When I try a JAVA client, I get the error
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
I don't
On Fri, May 29, 2009, tensy joseph wrote:
I have gone through the user guide again , i am little confused now . This
statement makes me confuse
A HMAC-SHA1 digest of the FIPS Object Module code and read-only data must be
generated and embedded in the application executable object for use by
thnx a lot for helping..it got it working now :)
2009/5/29 tito tit...@gmail.com
the output i got from openssl
=
C:\OpenSSL\binopenssl ca -policy policy_anything -config myopenssl.cfg
-cert certs/ca.cer -in requests/spkac.txt -keyfile keys/ca.key -days 360
The platform is AIX. I have used the fipsld to link the application and
digest was properly embedded in the application executable.
I have wriitten a small pbm to test this.
main()
{
int (*dlsym_fips_mode_set)(int);
void *handle=dlopen(/usr/lib/libcrypto.a(libcrypto.so.0.9.8,RT_LAZY);
If you get an SSL_ERROR_WANT_*, you should call *exactly* the same
function that you just called -- do NOT call SSL_read if you were just
performing an SSL_write. Perform the select() for reading on that
file descriptor (to see when it's able to be read from), and then do
the SSL_write again with
Er, but what if you get a SSL_ERROR_WANT_READ while trying to SSL_write?
Surely, this likely happens because the network/SSL BIO pair hasn't handled the
peer to peer SSL session negation yet, and one would have to read or write from
the network side of the BIO pair.
This is what's confusing to
I just turned on TLS on my LDAP (per instructions on
http://www.openldap.org/faq/data/cache/185.html). Now all of my Linux
servers give the following error on login:
-bash: [: =: unary operator expected
The error goes away when I turn TLS back off. I cannot determine what
is causing this
If you get an SSL_ERROR_WANT_READ while trying to do SSL_write, you
select() for reading on the socket, then you call SSL_write again with
the same arguments when you can.
Basically, when you make a call into the black box of the library,
you're stating that you want a certain thing to happen --
Er, but what if you get a SSL_ERROR_WANT_READ while trying to SSL_write?
This means I cannot perform your write now, because some data I need to
proceed has not arrived over the socket.
Surely, this likely happens because the network/SSL BIO pair
hasn't handled the peer to peer SSL
From: owner-openssl-us...@openssl.org On Behalf Of Jerry Wang
Sent: Thursday, 28 May, 2009 16:28
I have a question about using X509_verify_cert(X509_STORE_CTX) -
Where does the root certificate get populated in the struct
X509_STORE_CTX,
is it suppose to be included?
It
From: owner-openssl-us...@openssl.org On Behalf Of Vivek Subbarao
Sent: Friday, 29 May, 2009 05:24
I am having problem building openssl-0.9.8k on [...] visual studio
2008.
I executed the command perl Configure VC-WIN32 -prefix=c:/openssl
which was successfully
Well, the BIO_write or BIO_read on the SSL BIO wrapping the decrypted side of
the SSL black box don't return WANT_* codes. They return the number of chars
transferred, or -1 in case of error. At that point, one can get the SSL Error
from the SSL session.
The thing is, sometimes I don't get
certificate unknown means that the Java side sent an alert to state
that there's a problem with the certificate, but it's not going to
tell you what it is. It probably it relates to the fact that the CA
that you're using on your openssl server isn't in the Java trust
store.
(The most correct and
That's an error in the script you're launching at startup. I don't
know what it is, but I'd bet there's an unquoted '[' character
somewhere that is only evaluated when TLS LDAP is enabled. (see the
'-bash: ' at the beginning of the line? That tells you that bash is
generating the error
在2009-05-29,Ger Hobbelt g...@hobbelt.com 写道:
2009/5/29 jazeltq jaze...@163.com:
在2009-05-28,Victor Duchovni victor.ducho...@morganstanley.com 写道:
On Thu, May 28, 2009 at 11:51:42AM +0200, Ger Hobbelt wrote:
Only if the data is text. Using strlen() on binary data is another
classic/basic 'C'
Thanks for the response, Kyle.
I've pretty much deduced what the error is, but just cannot figure out where it
is coming from. It only happens when I turn on TLS for LDAP. There are really
no 'variables' defined in the LDAP configs; nothing using the '[ $blah =
blahblah ] syntaxthat is
31 matches
Mail list logo