Resending with attachment ..
Naveen B.N wrote:
Hello,
I am using Linux.
I am trying to print the subjectAltName present in the certificate,
but i am seeing crash in /lib/libcrypto.so.6
core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0 0x058b8a03 in
Hello,
I am using Linux.
I am trying to print the subjectAltName present in the certificate, but
i am seeing crash in /lib/libcrypto.so.6
core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0 0x058b8a03 in OBJ_cmp () from /lib/libcrypto.so.6
(gdb) bt
#0
On Wed, Sep 22, 2010 at 02:40:26PM +0530, Naveen B.N wrote:
Hello,
I am using Linux.
I am trying to print the subjectAltName present in the certificate, but
i am seeing crash in /lib/libcrypto.so.6
core was generated by `./a.out'.
Program terminated with signal 11, Segmentation fault.
#0
On 21-09-2010 18:48, Jean-Marc Desperrier wrote:
Jakob Bohm wrote:
1. The current README.WCE and code assumes that you link with one of
two less free libraries (one is LGPL, the other requires reconfiguration
of the target device/phone). I wrote my own more minimal library
under the OpenSSL
Hi, (please excuse if this is a duplicate, yesterdays posting
seems failed)
I have problems with warnings from the linker on Windows, indicating
that initializers will not be called. I've built 1.0.0a with VS2005,
using nt.mak to get static libraries.
With x64 I get warnings when
Thank you Christian,
your suggestions helped us to get the position but as you mentioned the
problem
of resolving to kerberos principal name, i tried Google and added a
piece of code
but i am not getting the out put as shown below .
#include stdio.h
#include string.h
#include
Attaching the PEM format certificate used ,
We need to convert it to DER before using it with the below given code.
Command to convert PEM to DER
openssl x509 -inform PEM -in KDC.pem -outform DER -out KDC.cer
Thanks and Regards
Naveen
Naveen B.N wrote:
Thank you Christian,
your suggestions
On Wed, Sep 22, 2010 at 05:48:07PM +0530, Naveen B.N wrote:
Thank you Christian,
your suggestions helped us to get the position but as you mentioned the
problem
of resolving to kerberos principal name, i tried Google and added a
piece of code
but i am not getting the out put as shown
Hello everybody
Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and
it worked ok (it was compiled with MinGW).
Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have
the next problem:
In the overwritten function *rsa_keygen* (whose signature is *int
Hi.
I have written an engine and have openssl installed (Ubuntu 10.04). Now I'd
like to compile and install my engine as a static engine that can be used by
openssl.
What are the commands for this and what steps shall I take? Thanks.
Hi there:
Yes - the right way is to correctly configure the extensions in the openssl.cnf
used on the CA, and have the SAN and Subject NOT be used out of the request,
but be input from the CA.
If you need to see how this might be done, we've got a tutorial at:
On Wed, Sep 22, 2010 at 03:41:30PM +0200, Nacho ?lvarez wrote:
Hello everybody
Several months ago I developed an OpenSSL PKCS#11 engine for Windows XP and
it worked ok (it was compiled with MinGW).
Now I'm trying to compile it on Linux (Debian 5 with GCC 4.3.1) but I have
the next problem:
Hi OpenSSL Folks,
I'm evaluating our product for this vulnerability.
http://www.mail-archive.com/openssl-...@openssl.org/msg28049.html
http://www.mail-archive.com/openssl-...@openssl.org/msg28049.html
I have a few questions :
1. The vulnerability says
You are right : there is a double free
Hi all,
I have to generate a KDC certificate containing Subject alternative name
extension using openssl which includes the following details:
**
The KDC's X.509 certificate MUST contain name of
Hello,
I try to understand the encryption of a private rsa key. It was generated
with
openssl genpkey -aes-256-cbc -algorithm rsa -out mykey.enc
-pkeyopt rsa_keygen_bits:2048
(pw: 'admin', file attached)
according to pkcs#8 the result is
EncryptedPrivateKeyInfo ::= SEQUENCE {
Hi there:
Yes - the right way is to correctly configure the extensions on the CA, and
have the SAN and Subject NOT be used out of the request, but be input from the
CA.
If you need to see how this might be done, we've got a tutorial at:
Vinay Kumar L wrote:
Hi all,
I have to generate a KDC certificate containing Subject alternative
name extension using openssl which includes the following details:
**
The KDC's X.509 certificate
Hello,
I try to understand the encryption of a private rsa key. It was generated
with
openssl genpkey -aes-256-cbc -algorithm rsa -out mykey.enc
-pkeyopt rsa_keygen_bits:2048
(pw: 'admin', file attached)
according to pkcs#8 the result is
EncryptedPrivateKeyInfo ::= SEQUENCE {
Hi,
I've built 1.0.0a on Windows with VS2005, using nt.mak to get static
libraries.
With x64 I get warnings when linking applications, both openssl.exe and
test programs like sha1test.exe. A snippet of output from nmake -f
ms\nt.mak:
link /nologo /subsystem:console /opt:ref /debug
Hi,
Thank you very much for your answer, so is no way to edit the filed of a csr
not? But please could your explainme more detailed how can I bind the
public key or just do your recomendation?
I really appreciate your help.
Patrick Patterson-3 wrote:
On September 11, 2010 10:58:44 am
I had got the same problem. I just simply deleted that section
EXTERNOPENSSL_cpuid_setup
section.CRT$XCU
ALIGN8
DQOPENSSL_cpuid_setup
section.text code align=64
from the asm file because the extern OpenSSL_cpuid_setup is never
referenced.
Good luck
On Tue,
We have a client/server architecture based product that needs to allow
SSL communication between our server (CentOS) and various clients' web
browsers (and additionally, other devices, but that's beyond the scope
of this post).
We've been able to get SSL working in both of two different ways
We have a client/server architecture based product that needs to allow
SSL communication between our server (CentOS) and various clients' web
browsers (and additionally, other devices, but that's beyond the scope
of this post).
We've been able to get SSL working in both of two different ways
Hi Chris, how are you installing the root CA on the client machines?
In windows once you double click the root certificate you get a message
dialog box and click the install certificate button. On the following screen
press next and on the next screen tell it to install the certificate to the
Hi Chris:
Can you post the certificates in question? My guess is that you don't have the
various extensions set according to the PKIX standards that the Browsers are
expecting.
Thanks.
Patrick.
On 2010-09-22, at 2:57 PM, Chris Rider wrote:
We have a client/server architecture based product
For now, I've just copied the CA's public .crt file to a public_html
type directory and downloading on the client ~ from there, depending on
whether I use FireFox or IE, I go into the respective certificates
manager and import the one I downloaded. I've been very deliberate in
making sure it
On 09/22/10 11:57 AM, Chris Rider wrote:
We have a client/server architecture based product that needs to allow
SSL communication between our server (CentOS) and various clients' web
browsers (and additionally, other devices, but that's beyond the scope
of this post).
We've been able to get
Thanks for the link.
I still need the CA to load the SAN parameter from the request- it
looks like a lot of the defaults would be to copy the e-mail address
into the SAN field.
I don't use openssl at this point to generate certs for users. No one
besides me uses openssl ca on this server
On 2010-09-22, at 6:38 PM, Gaiseric Vandal wrote:
Thanks for the link.
I still need the CA to load the SAN parameter from the request- it looks
like a lot of the defaults would be to copy the e-mail address into the SAN
field.
Why? Why not just have the CA just put the appropriate
Hi Chris:
On 2010-09-22, at 4:13 PM, Chris Rider wrote:
For now, I've just copied the CA's public .crt file to a public_html type
directory and downloading on the client ~ from there, depending on whether I
use FireFox or IE, I go into the respective certificates manager and import
the one
I use openssl to create certs for servers only, not for users. If I create
a key with openssl, then create a CSR with openssl req, it would prompt me
for a subjectAltName.Openssl ca will sign CSR's from MS Exchange but not
would include the subjectAltName until I enabled copy extensions.
Hi there:
See my answer inline:
On 2010-09-22, at 8:06 PM, Gaiseric Vandal wrote:
I use openssl to create certs for servers only, not for users. If I create
a key with openssl, then create a CSR with openssl req, it would prompt me
for a subjectAltName.Openssl ca will sign CSR's from
32 matches
Mail list logo