When openssl ca command creates a certificate from SPKAC, it
accepts option utf8, which theoretically should make it accept any
utf8 characters and place them into certificate DN using apporpriate
ASN1 STRING type (i.e. BMP_STRING or UTF8_STRING).
However, function certify_spkac in apps/ca.c
I'm trying to build a custom ENGINE, and the docs are fairly sketchy as to
how to do it.
It doesn't have to be dynamic -- my application will have the code to build
the ENGINE and register it.
Are there any good pointers on building an ENGINE?
Scott Neugroschl
XYPRO Technology
The ChangeLog entry:
Version 4.29, 2009.12.02, urgency: MEDIUM:
* New feature sponsored by Searchtech Limited http://www.astraweb.com/
- sessiond, a high performance SSL session cache was built for stunnel.
A new service-level sessiond option was added. sessiond is
available for download
Script started on Wed Dec 2 05:54:45 2009
doctor.nl2k.ab.ca//usr/source/openssl-1.0.0-stable-SNAP-20091202$ egrep bsdi
Con
figure
bsdi-elf-gcc, gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3
-march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm
On Wed, Dec 02, 2009, Victor B. Wagner wrote:
When openssl ca command creates a certificate from SPKAC, it
accepts option utf8, which theoretically should make it accept any
utf8 characters and place them into certificate DN using apporpriate
ASN1 STRING type (i.e. BMP_STRING or
The problem is that the documentation may not be correct,
sending your coders on a wild goose chase.
Anything may contain errors. I don't think this is a valid reason for
not
doing it.
Think of the source code as a safe but boring investment
(with little barrier to entry), and the
On Tue, Dec 01, 2009 at 03:23:15PM -0800, Rene Hollan wrote:
The problem is that the documentation may not be correct, sending your coders
on a wild goose chase.
Bah, if the code does not do what the documentation describes then the
*code* is incorrect. Documentation can only be incorrect if
On Tue, Dec 01, 2009 at 02:08:08PM -0800, Randy Turner wrote:
As an investor, I would rather have my coders use a product with
documentation to make progress on the actual goals of the product,
rather than reverse-engineer the information they're trying to look
for.
With the former method,
Great to hear from another former TOPS-20 userI worked on TOPS back in the
early 80s, then VMS of course.
Also reverse-engineered (to some degree, more like reverse-compiled) PDP-8
paper tape. All in all, I'll take the docs. :)
Randy
On Dec 2, 2009, at 6:42 AM, Mark H. Wood wrote:
On
Michal,
The link to stunnel-4.29-installer.exe is broken in both Firefox (error
505) and IE8. The other links I tried were ok.
Carter
Carter Browne
CBCS
cbro...@cbcs-usa.com
781-721-2890
Michal Trojnara wrote:
The ChangeLog entry:
Version 4.29, 2009.12.02, urgency: MEDIUM:
* New feature
Hi,
I'm reading this:
http://www.openssl.org/docs/crypto/sha.html
[...]
DESCRIPTION
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
SHA1() computes the SHA-1 message digest of the n bytes at d and
places it in md (which must have space for
Hi everyone,
I am trying to use OpenSSL's EVP interface with as engine a SafeNet
(formerly Eracom) ProtectServer HSM.
I have received from SafeNet a patched version of OpenSSL 0.9.8d. This
patch is called ERAC-3.30-openssl-0.9.8d.patch. I am working on Ubuntu
Linux with kernel version
Sha1sum output has 40 hexadecimal symbols. Each hexadecimal is
represented by 4 bits. So sha1sum has 40*4=160bits/20bytes output.
Probably you made some confusion about the sha1sum output representation.
2009/12/2 Sebastián Treu sebastian.t...@gmail.com:
Hi,
I'm reading this:
Sebastián Treu wrote:
are thes equivalent to each others? or should I use the openssl
toolkit? I ask this cause sha1sum results are 41 bytes long. the
SHA-1() doc says 20bytes for output.
Check whether the binary sha1 hashes are being encoded along the way. A
common way to encode sha1 hashes
- Original Message -
From: Dr. Stephen Henson st...@openssl.org
To: openssl-users@openssl.org
Sent: Tuesday, December 01, 2009 6:58 PM
Subject: Re: FIPS 140-2 and PBKD
On Tue, Dec 01, 2009, carlyo...@keycomm.co.uk wrote:
In openssl, if I try to use anything using PBKD (PKCS#5
Hi Frederik,
On Dec 2, 2009, at 7:27 AM, Frederik Mennes wrote:
Hi everyone,
I am trying to use OpenSSL’s EVP interface with as engine a SafeNet (formerly
Eracom) ProtectServer HSM.
I have received from SafeNet a patched version of OpenSSL 0.9.8d. This patch
is called
Hello,
I've been trying to wrap my head around certificate signing, and how
it differs when using x509 and ca. Please correct me if I'm wrong:
(This is wild speculation on my part) x509 is the traditional way
to sign CSR's. Somewhere along the line, someone thought it was too
complicated
On Wed, Dec 02, 2009, Jan Danielsson wrote:
Hello,
I've been trying to wrap my head around certificate signing, and how
it differs when using x509 and ca. Please correct me if I'm wrong:
Well they've been about since SSLeay so I can't comment on the precise
motivation.
I'd speculate
Am I correct in assuming that an RSA structure is contains the encryption
context for a particular instance of RSA, whereas RSA_METHOD contains the
functions that the RSA instance will use?
ScottN
On Wed, Dec 02, 2009, Scott Neugroschl wrote:
Am I correct in assuming that an RSA structure is contains the encryption
context for a particular instance of RSA, whereas RSA_METHOD contains the
functions that the RSA instance will use?
The RSA structure contains the actual key to use which
In message 001101ca72e0$8a6fbd60$9f4f38...@com on Tue, 1 Dec 2009 15:46:43
-0800, Scott Neugroschl redfl...@gmail.com said:
redfloyd I'm trying to build a custom ENGINE, and the docs are fairly sketchy
as to
redfloyd how to do it.
redfloyd
redfloyd It doesn't have to be dynamic -- my
Not quite. The docs may not indicate whether a returned reference is
dynamically allocated, statically allocated, reference counted, how to
deallocate, etc. The API will still be correct as far as a reference being
returned, but the documentation will be incomplete.
Often the library
To someone who uses code, it doesn't matter a fig what the designer was
thinking. It matter what the code does. Then you can decide if it does
something correctly enough to be usable in the state it's in.
Now, if what you're trying to do is distill some overall global design details
from
On Wed, Dec 02, 2009 at 11:17:44AM -0800, Rene Hollan wrote:
To someone who uses code, it doesn't matter a fig what the designer was
thinking. It matter what the code does. Then you can decide if it does
something correctly enough to be usable in the state it's in.
My sense is that this
Thank you very much!
In message 001101ca72e0$8a6fbd60$9f4f38...@com on Tue, 1 Dec 2009
15:46:43 -0800, Scott Neugroschl redfl...@gmail.com said:
redfloyd I'm trying to build a custom ENGINE, and the docs are fairly
sketchy as to
redfloyd how to do it.
redfloyd
redfloyd It doesn't have
That works for *future* documentation for *new* code, but it doesn't address
the existing gaps.
Perhaps examining where the existing gaps are biggest would be productive.
For me, two areas have always been confusing:
1) What objects are dynamically allocated, appropriately reference counted,
Hi Rene:
Rene Hollan wrote:
2) Things like OCSP, CRLs, and other SSL extensions have always
stumped me. Is it something the user of the library is responsible
for, when validating a cert, or can the library do it itself when I
try to establish an SSL connection, and to what degree can I
Ah, but this hits at the crux of the openssl docs.
Of course, it is silly to presume a fixed library will handle open-ended
verification. And, indeed, I handle CRLs and OCSP in my own verify function.
The problem is when I read a vague admonishment to not supply my own
verification function
From: owner-openssl-us...@openssl.org On Behalf Of yhilbert
Sent: Tuesday, 01 December, 2009 05:26
Hi I am new to Visual Studio and OpenSSL but how do I ensure
the library
libeay32.dll is merged into my console application so it
doesnt complain at
runtime. For example I have following
From: owner-openssl-us...@openssl.org On Behalf Of Hihn, Jason
Sent: Monday, 30 November, 2009 18:09
I am trying to have a java 1.5 client connect to a OpenSSL
TLS server. I
can connect fine from other OpenSSL implementations.
By default for maximum compatibility across the
Hi Frederik,
the patch you mention was - according to my knowledge - never an
officially released one, and it doesn't work, not only because of the
wrong directory where the shared library is stored. Unfortunately it
seems that no one at Safenet except for a single person seems to know
how to use
Hi Willy,
Not seeing how to get the SafeNet patch working I switched to the
approach you mention just a few hours ago.
And indeed, this approach seems to be working fine. I am now able to
connect to the ProtectServer HSM through OpenSSL and perform
cryptographic operations.
Thanks a
32 matches
Mail list logo