t support it (currently, only nCipher), protected by said
hardware. To have the key in the same file as the certificate is
supported when the file format used is PEM.
In all cases, you have to keep track of what key belongs to what
certificate, unless they are stored in the same file.
--
Ric
how the programs were linked (I'm betting they were
linked as shared libraries of some sort).
Try './config shared', and I believe you'll get happier :-).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
r=/usr/local/ssl --prefix=/usr shared
(note the change of dashes)
(I can't believe I didn't catch that earlier...)
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46
#x27;x' during those three calls, you can see
how come the callback gets called those three times. The callback in
question is the onw in apps/verify.c, which writes those lines you
saw.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \
In message <[EMAIL PROTECTED]> on Wed, 06 Nov 2002
15:12:28 +0100 (CET), Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> said:
levitte> In message <[EMAIL PROTECTED]> on Wed, 06
Nov 2002 21:23:24 +0900 (JST), Kiyoshi WATANABE <[EMAIL PROTECTED]> said:
levitte&g
verify.c, I would not get the error? or does it check in
kiyoshi> somewhere else?
The check happens somwhere else.
The chain is still verified, and the crucial thing to look at is if
you got "OK" at the end. If not, then it's time to look at those
issuer_checks lines.
--
for access
from inside the company), and have those two ports return the
corresponding server certificate (443 would return the certificate
signed by VeriSign, 444 would return the certificate signed by the
internal company CA).
Any other ideas? Solving this in a better way than having two po
t damages claims will exceed the 8-10 billion
dollar mark. For companies that may think they are affected by this lawsuit, there is
a special website that has been setup in order to deal with issues prior to going to
court. The address is www.DevTECH.com\Cprght\Cplist.html
bruce.cartland>
enssl-0.9.6b-29 version.
I think you're asking at the wrong place. Please ask your operating
system distributor.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-2
3:Release of 0.9.7 beta 5 (hopefully beta)
December 10:Release of 0.9.7
NOTE: during the beta testing periods, we may ask for targeted tests
of snapshots. It would be nice if people who're willing to help could
make themselves known.
Updates will be available on the web: http:
tested as well with other applications.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the
In message <[EMAIL PROTECTED]> on Fri, 15 Nov 2002 11:55:19
+0530, [EMAIL PROTECTED] said:
ncreddy> How to create certificates & chains in DER format...?
You can't, as far as I know. Try wrapping them in PKCS#7...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PR
at was working on 7.1 is now failing on
Hylton.Tregenza> pAsn1 = d2i_ASN1_BIT_STRING(NULL, &pVar,len);
I assume you suddenly get NULL back, right? In that case, did you
check what errors you got?
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-
s a mistake to try to double-click on it.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Membe
7;s no build-in IPv6 support. However, it shouldn't be too hard
to write a BIO source/sink that interfaces to IPv6. Look at the files
bss_sock.c, bss_acpt.c, bss_conn.c, or even bss_bio.c in crypto/bio/.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-16
RTTLS=server:
ed> 27781:error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:tls peer did
ed> not respond with certificate list:s3_srvr.c:1638:
The last two lines should say it all. You need a client certificate
in Eudora, or if possible, turn off the need for client certificates
in sendmail. I don't know
nssl ca -keyfile CA/CAkey.pem -extensions v3_ca -in CA/guardian.csr -out
guardian.pem -outdir CA/certs -cert CA/CAcert.pem
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-7
- If it is not wrong, a note about what is
bobsteele> going on in the code would be helpful.
Which file, which version, where did you download it?
I just checked all my working directories, and I've no idea what
you're talking about.
--
Richard Levitte \ Spannvägen
69 67 73 69 67 74 72 75 73 74 2e 63 6f 6d
ed>
ed> (...and then 60 or so more certificate_authority's until)
Other than this, I'm out of ideas...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
genrsa -des3" and there's no way to make them compatible?
According to the rfcs for secsh (the standard that defines the SSH
protocol, basically), there's space to use X.509 certificates. As
far as I know, this hasn't been implemented in OpenSSH.
--
Richard Levitte
In message <[EMAIL PROTECTED]> on Mon, 18 Nov 2002
18:54:57 -0800, Ed Kasky <[EMAIL PROTECTED]> said:
ed> At 10:45 PM Monday, 11/18/2002, Richard Levitte - VMS Whacker wrote -=>
ed> >ed> Eudora has a client certificate that it received during it's first
ed> &g
o develop (more than two
years after the release of 0.9.6!). It will probably take some time
before it has the same level of acceptance as the 0.9.6 series, and
for the places that do that, it probably means going through a full
evaluation again.
--
Richard Levitte \ Spannvägen 38, II \ [EMAI
target, and that's it!
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL
In message <[EMAIL PROTECTED]> on Tue, 19 Nov 2002 12:46:59 +0100, Götz
Babin-Ebell <[EMAIL PROTECTED]> said:
babinebell> Richard Levitte - VMS Whacker wrote:
babinebell> > The fourth beta release of OpenSSL 0.9.7 is now available from the
babinebell> > OpenSSL FTP
(one through
cert->cert_info->key->pkey and one through your ekey variable), the
counter is 2. When you do X509_free(cert), that counter gets
decreased to 1, and the key is kept around, basically because ekey is
still pointing at it. You need to add the following ca
ing the CA's cert into the clinet's code. Does
a.jusek> anyone know how this can be done? How can I put the contents
a.jusek> of the file into an X509 object in the source code? Does
a.jusek> anyone have a better idea how to cope with this situation?
openssl x509 -C -in infile.p
ong all the certificates
eabalea> signed by rootca).
eabalea>
eabalea> OpenSSL is right.
This seems to be an FAQ, but I wonder if it really belongs in the
OpenSSL FAQ rather than a general PKI FAQ. Is there such a beast
somewhere that we could point to?
-
gned by e.g. VeriSign you use a certificate signing
j.spit> request, but for applications like mine I don't see the need
j.spit> to use one. Maybe I'm overlooking something ?
A counter-question: why should I trust your CA? I might trust it if
it's certified by a CA I trust, o
been near that kind of CPU :-).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the
t found
ruci> ./apachectl start: httpd could not be started
Hmm, you probably need to set up LD_LIBRARY_PATH or similar to point
at /usr/local/apache+sharedmm/libexec, so libcrypto.so can be loaded
as well...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Reda
a longer time, and is therefore
retrievable for anyone who cracked root if that would happen.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odios
uld give us ample time to fix the problem and get
the solution tested.
Very sorry for the inconvenience.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procu
ant us to get some extra time to assess that,
rather than doing a too quick release, have someone write to us,
bugtraq and the gods know who about the lack of security, and we might
have to make a 0.9.6i with those things "corrected" anyway.
--
Richard Levitte \ Spannvägen 38, II \
not even clear you can prevent this
mlh> sort of optimisation.
I thought making a memset() look-alike (somewhere in the discussion,
"setmem()" was proposed) was enough to prevent it. No?
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROM
geoff> if(memchr(ptr, foo, len))
geoff> foo += 63;
geoff> }
I like that one. If noone sees a problem, I'll insert that as soon as
I have some time.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-
ny kind is appreciated.
openssl rsa -in key-w-pass.pem -out key-wo-pass.pem
Feed in the password when prompted, and voilà!
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26
.. << EOF
dn: ...
objectclass: ...
...
usercertificate;binary:: $USERCERTIFICATE
EOF
At all places where there is a '...', you need to replace it with
appropiate stuff.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46
-out server.pem
Then you can verify it:
openssl verify server.pem
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis
. If you
upgrade libcrypto.so, the two numbers won't be equal, and OpenSSH will
abort.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus E
I should probably point out that I did my tests on Linux.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL
historical reason...
I sent an correction announcement a few hours ago, which mentions the
patch file openssl-0.9.6h.BOGUS-0.9.6h.patch. That name should give
you a bit of a hint :-).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \
I search the maillist about the ordinal
vaccy__axis> question but got nothing.Anyone can help me?
Were there any details, like exactly what symbol couldn't be found?
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26
oderated.
I've no idea why that would stop mail to the other addresses...
mlh> I found the discussion on the openssl-dev list archive ... but
mlh> no announcement as such.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BR
6h.BOGUS-0.9.6h.patch
Yours,
The OpenSSL Project Team...
Mark J. Cox Ben Laurie Andy Polyakov
Ralf S. Engelschall Richard Levitte Geoff Thorpe
Dr. Stephen Henson Bodo Möller
Lutz JänickeUlf Möller
-BEGIN PGP SIGNATURE-
Version:
In message <[EMAIL PROTECTED]> on Mon, 09 Dec 2002
15:01:23 +0100, Richard Koenning <[EMAIL PROTECTED]> said:
Richard.Koenning> Is the patch really correct?
Darn, no! *clicketiclick* OK, now it is.
Thanks for reporting this.
--
Richard Levitte \ Spannvägen 38, II \ [
e web page is that the
web page is generated statically, and was last generated before we
discovered the distribution needs to be rebuilt.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN
benefits are:
- faster machine
- stable networking hardware (on the previous machine, the networking
hardware was failing, lately)
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-
We should have release beta 6 today. However, some important changes
haven't been committed or verified yet, so we need to delay the
release. The new release time will be on Tuesday the 17th of
December. We haven't yet decided when the final release of 0.9.7
shall be at this point.
-
It will be available tomorrow.
The crucial thing to test is that things are still working properly in
Windows, especially the DES assembler modules. They been changed to
generate PIC code on Unix, and it's important that we get tests on how
that affects Windows, if it does.
--
Richard Le
-BEGIN PGP SIGNED MESSAGE-
The sixth beta release of OpenSSL 0.9.7 is now available from the
OpenSSL FTP site ftp://ftp.openssl.org/source/>. This beta
contains just a few fixes since beta 5.
This is assumed to be the final beta. The final release of OpenSSL
0.9.7 has been res
manabu> > I'm unable to build OpenSSL 0.9.6h on Mac OS 10.2.2. As you can see in
manabu> > the output below I get an undefined symbol. Any help would be greatly
manabu> > appreciated.
manabu>
manabu> Under my Mac(10.2.2), 0.9.6h can't build with same result,
For
ing: File `Makefile.org' has modification time in the future
(2002-11-14 13:40:49 > 2000-06-07 16:40:42)
ilias> Makefile.ssl is older than Makefile.org.
ilias> Reconfigure the source tree (via './config' or 'perl Configure'), please.
ilias> make: *** [Makefile.ssl] Erro
mporary values to be held
between calls, you need to provide them. Those are two buffers (which
need to be initialised with '\0's) and a block offset indicator (so
the counter mode can be used as a stream cipher), which also needs to
be initialised to 0.
You decrypt with the encrypt funct
ibes nothing specific. However, you have misunderstood
the order of the announcements. 621bef36ad61012bb71945a1cb449073 was
the MD5 of the incorrectly built openssl-0.9.6h.tar.gz,
1a0c2bee9f6b0af95ce65106462411f5 is the MD5 of the corrected build.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECT
Please pick up the latest snapshot and try it.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Memb
tar.gz
Yours,
The OpenSSL Project Team...
Mark J. Cox Ben Laurie Andy Polyakov
Ralf S. Engelschall Richard Levitte Geoff Thorpe
Dr. Stephen Henson Bodo Möller
Lutz JänickeUlf Möller
-BEGIN PGP SIGNATURE-
Version: 2
Note, this is for the 0.9.7 and 0.9.8-dev branches only.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [E
hat this
rmorse> cert exists, is there any way to change it to CA:TRUE?
You can't change a cert, but you can create a new one with exactly the
same content except for the change in basic constraint and the
signature.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@S
option 'no-zlib').
If you want to trace the actual calls, you should do it in
crypto/comp/c_zlib.c.
I'm pondering making 'zlib-dynamic' the default instead of 'no-zlib'.
Does that sound like a good idea. What it means is that the build
environment must have zlib.h reach
, that the compression methods aren't called...
I'll look through the rest of your mail later.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708
eter.
Of course, one can do that. But that has nothing to do with the
SSL/TLS protocols.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurato
orithms:
- RSA
- DSA
- DH
- RAND (randomness)
scottj> Does OpenSSL require kernel-level support for this card to work?
I've no idea. All it requires is the presence of libswift.so.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168
mostly about
moeller> suppressing text strings, not code -- we need to keep the actual error
moeller> queue.)
I've just tinkered with some changes and got it working the way it's
supposed to operate. I'm comitting in a minute or two.
--
Richard Levitte \ Spannvägen 38, I
In message <[EMAIL PROTECTED]> on Thu, 20 Feb 2003 17:10:28 -0600,
Phil Howard <[EMAIL PROTECTED]> said:
phil-openssl-users> On Thu, Feb 20, 2003 at 12:23:40PM +0100, Richard Levitte - VMS
Whacker wrote:
phil-openssl-users>
phil-openssl-users> | phil-openssl-users>
nSSL developers would care to try this out.
Sorry. I've seen your message, just haven't had the time to respond
yet.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708
in two
threads, it's quite true that you're screwed.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis--
h changes are usually not that hard.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member o
source is generally easy to handle
(IMHO). I don't know if OpenSSH handles the 0.9.7 series very well
yet.
So what I can recommend is this: try with 0.9.7a first, and if OpenSSH
builds fine against it, good. If not, get 0.9.6i [engine] and use
that instead.
--
Richard Levitte \ Spannvägen 3
ngine" variant of the 0.9.6 series supports external crypto
devices. It contains interfaces to a few selected hardware crypto
libraries.
In the 0.9.7 series, the "engine" part is built in, so there are no
variants.
Based on this information, you should probably be able to decid
In message <[EMAIL PROTECTED]> on Mon, 17 Mar 2003 11:31:56 -0500, "Niu, Yin" <[EMAIL
PROTECTED]> said:
yniu> Can I build 64-bit openssl library?
On most, yes. The problematic ones are P64 systems with size_t being
a 64-bit integer.
--
Richard Levitte \ S
In message <[EMAIL PROTECTED]> on Wed, 26 Mar 2003 08:35:43 -0500, "Prashant Kumar"
<[EMAIL PROTECTED]> said:
prkumar> Thank you so much for your help. When will OpenSsl 9.8 be released ?
0.9.8 doesn't have a schedule yet.
--
Richard Levitte \ Spannvägen 38,
, but are there any other freeing
mgf>functions I should know about?
There should really be a SSL_library_clean(), but there isn't. The
function you're looking for is EVP_cleanup().
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 35 BROMMA \
e' for writing (store)
Mike.Freese>
Mike.Freese> Any suggestions how to remedy this?
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odios
If non-Unix, there
are some extra things needed.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Mem
s will be
resolved with whatever comes next on the command line.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis
m, the command you show above is not the example I gave you. The
following is what I wrotee (note the position of test.c):
gcc -L. test.c -lssl -lcrypto
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\
axelseaa> Which one will be easiest to upgrade from 0.9.6g? Or is there no
axelseaa> difference? Thanks is advance your your assistance, it is much
axelseaa> appreciated.
It's easier to upgrade to 0.9.6i. A change to the 0.9.7 series often
requires changes in the applications.
--
Rich
#x27;s basically up to you to decide if the move is
worth the effort, now and later.
My personal choice would be to move to 0.9.7. The strongest reason I
have is that the ENGINE framework is there by default, and in it's
final form (it worked a little differently in the ENGINE variant of
0.
You need to add a reference in apps/progs.h.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
quantum subtlety that I am missing
kudzu> here.
I don't think that was a question either.
The answer is that no, there is no way to distiguish sub-CA
certificates from user certificates (i.e. v1 and v2 user certificates
can be used as sub-CA certificates).
--
Richard Levitte \ Tunnl
information to go from.
openssl-dev is not the right list for this kind of question.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Inferni
concerned about entropy, I'd be happy with the
stuff that OpenSSL finds on it's own.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex In
. However, it's always possible
for anyone to add a proprietary extension.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis
ing network
reading/writing calls use signals for some things, and that may depend
on your platform. I've no idea what the needs of RH is at this level,
but blockign *all* signals may not always be the best idea.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED
xample, you can use X509_NAME_print_ex (see the
corresponding manual).
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis
this point, buf points at the DER-encoded DN, and len has its
length.
If all you want to do is write it to file, you can do it quite quickly
like this:
ASN1_i2d_fp(i2d_X509_NAME,f,(unsignde char *)x509name);
NOTE THAT ALL THE CODE ABOVE IS UNTESTED.
--
Richard Levitte \ Tunnlandsvä
pinion as well. However, it should be configured
to consider mails from lists friendly, so the person running an TMDA
should also make sure to configure properly.
That said, I think you should talk directly with
<[EMAIL PROTECTED]>. Incidently, I can't recall having
received confirmation r
0
david> fQtNdNBcTevMuV5sIYadUgX7S+^M673f1SnqQyJTHG3KlF7jmLpi/LyJtxFc/IvfqymHf2y4cakV0hMc
david> vkBV6NlfzmSg^M01wcwY2VjyZ/+5rAPArnTSi4Nxx7guaIhkxVwjaHoQOnpUbFNsia32Uu8RJpSTCz
david> hbvsl/kXThFgba5FGCkVbZuSJ7fy
I see a number of embedded charriage returns (^M). hos need to be
removed.
In message <[EMAIL PROTECTED]> on Tue, 15 Jul 2003 00:10:11 +0800, "LaCraze" <[EMAIL
PROTECTED]> said:
lacraze> how can i compile openssl-0.9.7b.tar.gz with the openssl-devel option?
I don't understand your question. What is you goal?
--
Richard Levitte
Oh, you're talking about two different numbers. The serialNumber
field in TBScertificate a number assigned to the certificate by the
issuer, and only serves as an index to that specific certificate in
the CA's database. Incidently, together with the issuer name, it also
provides a unique identity
n give some simple advice on this problem, it will be greatly
corey> > > appreciated.
corey> > > They think they can destroy anyone's life, and the have no one to answer to.
corey> > > Sincerely,
corey> > > Buddy
--
Richard Levitte \ Tunnlandsvägen 3 \ [
I'll be unreachable during the next two coming weeks, so I won't be
able to dig into this personally before september. Maybe someone
else?
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
tp://www.openssl.org/related/apps.html. It will be visible within
the hour.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis
? If so, please
robert.d.hogan> help!
Do "openssl enc -h" and observe the difference between -k and -K. Now
look at the command you cited above. At this point, your brain should
go *ding* *ding* *ding* :-).
--
Richard Levitte \ Tunnlandsvägen 3 \ [
In message <[EMAIL PROTECTED]> on Wed, 17 Sep 2003 01:35:48 +0200 (CEST), Henrik
Nordstrom <[EMAIL PROTECTED]> said:
hno> On Tue, 16 Sep 2003, Richard Levitte - VMS Whacker wrote:
hno>
hno> > In message <[EMAIL PROTECTED]> on Tue, 16 Sep 2003 13:56:40 +0100, R
x27;s a workaround in OpenSSL 0.9.8-dev. You can download the
snapshot and try it out. The workaround is documented in the man page
for 'ca'.
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
27;ll
recognise at least one of them :-)).
Note that the kind of infrastrusture I'm refering to exists in only a
few places, and isn't quite used in your normal SSL/Certificate
managing. You're among the first I've noticed on this list that's
doing something that is i
candidate */
return(len);
}
Note: I haven't actually verified that the modified code is clear of
bugs, I've only changed what I could directly see wouldn't work.
You're welcome to use my code in your program and to work at it as you
see fit. You're NOT welc
3 unknown
jhernan> /C=MX/ST=Mexico/O=Algorithmics/OU=Sistemas/CN=www.algomex.com
jhernan>
jhernan> What means the "unknown" field ?
That's the "file" field, which is quite often unknown...
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EM
In message <[EMAIL PROTECTED]> on Fri, 19 Sep 2003 10:34:42 +0200 (CEST), Richard
Levitte - VMS Whacker <[EMAIL PROTECTED]> said:
levitte> In message <[EMAIL PROTECTED]> on Thu, 18 Sep 2003 20:26:35 -0600, Jose
Hernandez <[EMAIL PROTECTED]> said:
levitte>
levitte&
801 - 900 of 1068 matches
Mail list logo