> From: owner-openssl-us...@openssl.org On Behalf Of Ashok Kumar
> Sent: Monday, 15 February, 2010 16:01
> I understand it as any browser like firefox, IE etc do NOT need any
> private key but CA certificates to communicate over SSL with any
> server application, so we dont need to install the key
Ashok Kumar wrote:
I understand it as any browser like firefox, IE etc do NOT need any
private key but CA certificates to communicate over SSL with any
server application, so we dont need to install the key at all. But if
we have to import server certs & key into applications like app
server, LDA
I understand it as any browser like firefox, IE etc do NOT need any
private key but CA certificates to communicate over SSL with any
server application, so we dont need to install the key at all. But if
we have to import server certs & key into applications like app
server, LDAP server then how saf
Ashok Kumar wrote:
Occasionally someone suggests using a command such as:
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
DO NOT DO THIS! This command will give away your CAs private key and
reduces its security to zero: allowing anyone to forge certificates in
whatever n
Hi,
I saw the following question on openssl support site
(http://www.openssl.org/support/faq.html) and which says
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
DO NOT DO THIS! This command will give away your CAs private key and
reduces its security to zero: allowing any
I have not seen an answer to this mail. Wouldn't applying "PIC" accomplish the
same thing?
Thank you,
-Pandit
From: William A. Rowe Jr.
To: openssl-users@openssl.org
Cc: Kyle Hamilton
Sent: Mon, January 18, 2010 6:20:11 PM
Subject: Re: FIPS linked as a shar
Using engine_pkcs11 with openssl and a hardware token like the
Aladdin eToken (using Aladdin's pkcs11 driver), I want to make sure I'm
describing the data flow correctly. In my scenario, the etoken contains
a client certificate. The SSL connection is being opened by a m2crypto
client.
My ques
Sad Clouds wrote:
> I think pretty much every Unix platform standardised on Posix threads
> by now. Using locking implies that you're using threads, and that is
> Pthreads API on Unix.
Just because you are using threads and on a platform that supports native
threads, it does not follow that you
hi,
i've got a problem getting an obsolete extension of a certificate with
openssl and c++: the field "2.5.29.7" (subjectAltName) is not longer
supported but i want to display the information stored in this field.
all i get with M_ASN1_OCTET_STRING_print is a complete string containing
the URI and
* Sad Clouds wrote on Mon, Feb 15, 2010 at 14:52 +:
> On Mon, 15 Feb 2010 15:19:23 +0100
> "Steffen DETTMER" wrote:
> > Delegating functionality via callbacks allows arbitrary
> > implementations; I would not consider this lame
> > - but clean, strong, orthogonal, KISS and divide-and-conquer :
On Mon, 15 Feb 2010 15:19:23 +0100
"Steffen DETTMER" wrote:
> * Sad Clouds wrote on Mon, Feb 15, 2010 at 13:18 +:
> > 2. Rationale for callbacks?
> >
> > Pushing some of the responsibility for locking OpenSSL internal
> > structures to application developers seems a bit lame. Why not get
> >
* Sad Clouds wrote on Mon, Feb 15, 2010 at 13:18 +:
> 2. Rationale for callbacks?
>
> Pushing some of the responsibility for locking OpenSSL internal
> structures to application developers seems a bit lame. Why not get rid
> of locking callbacks and have OpenSSL handle it transparently inside
Hi, I've recently started looking at OpenSSL programming API and I'm a
bit confused about thread locking funtions:
1. Static VS Dynamic locking callbacks
Why have both? Does OpenSSL use dynamic callbacks? Can I omit static
callbacks and only use dynamic, or maybe static callbacks are mandatory
wh
Hi!
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 15:03 -0500:
> On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
>
> > (So DER encoding is used, and it is allowing 128 byte long
> > length fields allowing 2^1024 [a number taking four and a half
> > line in xterm because 3
14 matches
Mail list logo