thanks Steve,
Excellent, someone has actually included the data for a change.
The problem is that the request is improperly encoded.
I looked in the request. Version is 2, but in PKCS10 is version 1. Maybe
there is the problem.
(where is defined pkcs10 version 2?)
It uses a non standard
hi!
could anyone explain this error message?
(especially those numbers)
generating index
error creating name index:(2,28,87)
thanks
-ks-
__
OpenSSL Project http://www.openssl.org
User Support
Hello,
my question is very stupid, but I wasn't able to find the answer in
mail-archive.com:
Suppose that a user generates a certificate request, but enrolls partially
incorrect information in it (let's say (s)he filled the OU in other format
than how I'd like it to be; for example "Dept.
Hi,
Is there any cookbook available with informations about how to use OpenSSL
+Apache to validate
Certisign client certificates? I can successfully install a server certificate but,
I'm no having many success
when trying to validade the client certificates.
---
Thanks for e-mail, Peter,
Why don't you try to add some validity rules
at the generation of the request?
I am afraid I don't really understand this idea.
Who is generating the request? A client, or do you
generate keys and requests in a server?
As is the point of X.509, a person from
Hi
I have the source of openssl(version openssl-0.9.3a),I compile it in Redhat6.2,I
have installed the openssl,but can not compile enc.c and req.c,which both in the
"apps"
directory.The openssl is in default location,which is /usr/local/ssl.
At 02:14 PM 9/5/00 +0200, you wrote:
Hello,
Suppose that a user generates a certificate request, but enrolls partially
incorrect information in it (let's say (s)he filled the OU in other format
than how I'd like it to be; for example "Dept. 870" instead of just "870").
Ivan,
I do not think you
Sorry to bother the list:
Why don't you try to add some validity rules
at the generation of the request?
I am afraid I don't really understand this idea.
There is some software used by the user to generate the
request, so somehow the user adds a DN or whatever else
attribute, and maybe
To verify the validity of the key used to sign your certificate, your
browsers uses the Verisign self-signed certificate it finds pre-installed in
its certificate store.
Claudio Campetto.
-Messaggio originale-
Da: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Inviato: lunedì 4
well, that's fine and pretty clear, I'm afraid.
The proble ist not WHICH certificate is used, the
problem is WHAT actually happens during verification ...
I was already told to have a glace at RFC2459 section 6,
and I did so. It's now a little clearer a I am convinced
that my initial question
--
Hi
Command 'hi' not recognized.
I have the source of openssl(version openssl-0.9.3a),I compile it in
Redhat6.2,I
Command 'i' not recognized.
have installed the openssl,but can not compile enc.c and req.c,which both in the
"apps"
Command 'have' not recognized.
http://www.ultranet.com/~fhirsch/Papers/cook/ssl_cook.html
"Alex Lau(IMS)" wrote:
I've just implemented
Apache 1.3.12, mod_ssl s.6.6, openssl 0.9.5a. Searching through the docs
and webs, no details configuration examples are found about how to use
openssl as CA. Can anyone show me where to
I have sorted this out. In case anyone's interested...
I was trying to connect to a web server which was protected by both TLS1.0
(reported by IE4 as "TLS3.1") and Apache style .htaccess password
protection. I thought I had to connect using HTTP on port 80 first, do
password authorisation,
I am trying to secure my web site. I am using stunnel with apache. My
site runs on a zope server. My first page is a login page where I ask
for a login and password, and then it tries to identify the user. My
problem is when I switch to https mode, I have a "cookie problem" on
netscape (and not
When I use verifycallback lik this:
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
int err,depth;
err_cert=X509_STORE_CTX_get_current_cert(ctx);
err=X509_STORE_CTX_get_error(ctx);
On Tue, Sep 05, 2000 at 02:35:05PM -0400, [EMAIL PROTECTED] wrote:
but I got these message:
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
How can I verify the client
I'm curious if
OpenSSL can be exported to Australia? If it can, who do I have to contact
to get the requirements for exportation?
Erik
Philips
Software
Engineer
Pinpoint
Technologies
www.pinpointtech.com
Dear all,
I have a question which I hope someone can help me
with. So here goes..
I am trying to sign code, and package it in a PKCS7
file. The sample program in crypto/pkcs7 namely
sign.c and verify.c have served my purpose quite
well. Many thanks.
Now I need to modify them so that they do
On Tue, Sep 05, 2000 at 04:28:26PM -0400, [EMAIL PROTECTED] wrote:
thanks a lot.
but how to sends the certificate of the CA that issued the client
certificate together with the client certificate.
and I allready used the SSL_CTX_use_certificate_chain_file(ctx,CERTF);
I used the s_client
Kishore Gummadidala wrote:
Dear all,
I have a question which I hope someone can help me
with. So here goes..
I am trying to sign code, and package it in a PKCS7
file. The sample program in crypto/pkcs7 namely
sign.c and verify.c have served my purpose quite
well. Many thanks.
Now
I'm getting a memcpy failure on line 594 of ssl\s3_pkt.c (openssl
0.9.5.a).It seems to only happen when I have several threads (5 +) in the
same application. It always occurs on the write, I have never had any
problems on a read. Further it always happens in the server side. I've
included a
I was wondering has anyone tried having openSSL and Frontpage Extentions on
the same version of Apache? If so what changes do I have to make and do you
have a URL of a how-to or anything???
Brock Noland
__
OpenSSL Project
Check that the parameters to this memcpy call are satisfactory (ie. pointers
to valid memory, and that the length doesn't extend into invalid memory).
If they aren't satisfactory then there is obviously a problem with the wr
structure. If the parameters are satisfactory, then perhaps memory has
Martin Szotkowski wrote:
SET OF should be sorted but the request is not sorted, or not sorted
correctly.
where is defined order?
Each SET OF component should be in lexical order, it is in the DER
encoding rules. If you check the SET OF stuff using dumpasn1 you get:
335 31
24 matches
Mail list logo