When openssl ca command creates a certificate from SPKAC, it
accepts option utf8, which theoretically should make it accept any
utf8 characters and place them into certificate DN using apporpriate
ASN1 STRING type (i.e. BMP_STRING or UTF8_STRING).
However, function certify_spkac in apps/ca.c
On 2009.11.16 at 12:22:13 -0500, Crypto Sal wrote:
On 11/16/2009 03:46 AM, H?cber C?rdova wrote:
Since 0.9.8f OpenSSL supports SNI (server name indication) TLS
extension. Support of this extension in mod_ssl is discussed on
httpd-...@apache.org for years, and even if it haven't yet got into
On 2009.11.13 at 04:44:02 -0800, Mansour Dagher wrote:
Hi all,
if certificates and associated keys are stored on HW (Sun crypto card for
example), is there a way in openssl to specify the card as the location of
these certificates/kets?
It appears from the methods below, the openSSL
On 2009.11.15 at 21:01:13 -0500, H??cber C??rdova wrote:
Hi *,
Certainly you can configure Apache to use virtualHosts based on domain
names,
and this works perfect with HTTP (1.1). However, this cannot be achieved
using
SSL, and the answer is simple, the SSL is established
On 2009.10.28 at 14:56:54 -0400, Victor Duchovni wrote:
On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
But for some setups, especially in OpenSSL 1.0, which supports EC
ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still
In the manual page for SSL_CTX_set_tmp_dh function it is recommended to
always set temporary Diffie-Hellman parameters for the server SSL_CTX,
in case if client would negotiate some ciphersuite which uses ephemeral
DH key agreement.
Some application authors choose to not compile these parameter
On 2009.10.28 at 11:05:22 -0400, Victor Duchovni wrote:
On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
But for some setups, especially in OpenSSL 1.0, which supports EC
ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still needs
On 2009.10.25 at 19:18:15 -0400, Carl Harris wrote:
True enough, this reduces the code snippet appreciably by eliminating
the rather tedious extension lookup fragment. My issue, of course, was
simply not knowing (and not being able to find any reference that
documents) the data type
On 2009.10.19 at 17:40:11 -0400, Victor Duchovni wrote:
On Mon, Oct 19, 2009 at 01:34:38PM -0500, William wrote:
I am looking for the way to read a certificate from disk in C code and
get the hostname (CN) inside that certificate in the C code using the
openssl library.
Sadly, a
On 2009.10.19 at 13:35:32 -0700, John R Pierce wrote:
Matthias G?ntert wrote:
hello guys
is anyone working on a replacement for the text based ca database? It
seems the database functions are defined in apps/ca.c and apps/apps.h,
at least for version 0.9.8k. wouldn't it be nice if we had
On 2009.10.19 at 21:55:09 +0200, Matthias G?ntert wrote:
hello guys
is anyone working on a replacement for the text based ca database? It
There are such projects as XPKI, which use openssl library to generate
certificates and database backend to store them. These projects also
provide nice
On 2009.10.20 at 10:11:46 +0200, Peter Sylvester wrote:
A better question is to match a given hostname
against a certificate and determine whether it
obeys the https rules.
There can be multiple hostnames and wild cards.
The code implemented by curl is a complete way to do this.
Hmm,
On 2009.10.20 at 16:50:59 +0530, Deepak Mundra wrote:
Dear All,
══ I have written a server client application in which im using self
signed ssl certificates .. How can i make sure that only known clients can
connect to my server using ssl connection?
There is three answers
On 2009.10.19 at 16:30:14 +0100, Steve Hay wrote:
I have a build script for some software that needs to locate the OpenSSL
headers and libraries, and I have reports that it is failing to locate
the libraries on some OSes.
One example identifies itself (via 'uname') as:
sunos
On 2009.10.19 at 17:13:19 +0100, Steve Hay wrote:
Note that if you are trying to build 64-bit application on solaris, it
should link with /lib/amd64/libcrypto.so rather than /lib/libcrypto.so
(on Solaris 64-bit libraries are stored in the ${prefix}/lib/`isainfo
-k` rather than just
On 2009.10.15 at 16:37:39 +0200, Alessandro Borga wrote:
Well
I must use RSA encrypt/decprypt functions in a target using Arm cpu.
Other rsa source code doesn*t work right because target environment use
big endian memory allocation for int and long
Can openSLL crypto lib
On 2009.08.04 at 21:15:05 -0400, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of larour
Sent: Monday, 03 August, 2009 15:27
I am trying to launch an ssh connection from a matlab
environment (Matlab R2009), using the Cygwin OpenSSH_5.p1 ssh
executable, on a
On 2009.08.03 at 12:26:31 -0700, larour wrote:
I am trying to launch an ssh connection from a matlab environment (Matlab
R2009), using the Cygwin OpenSSH_5.p1 ssh executable, on a windows xp 32
platform.
The command i'm running under matlab is:
system('C:\cygwin\bin\ssh.exe -t -t -v
On 2009.06.24 at 18:15:18 +0200, Dirk Reske wrote:
Hello,
I'm quite new to openssl.
My question is, how can I sign a csr and add an extension to the
certificate, that contains only a simple string (an url).
Perhaps you have some samples for such a config file and the openssl calls.
Here
On 2009.06.04 at 16:00:38 +1000, Brad Mitchell wrote:
The thing is, RFC3280 states...
Implementors are warned that the X.500 standards community has
developed a series of extensibility rules. These rules determine
when an ASN.1 definition can be changed without assigning a new
On 2009.06.03 at 08:23:52 +0800, jazeltq wrote:
file ec_lcl.h, which present in the OpenSSL sources, but not included in
which directory include file ec_lcl.h, is it in the ec directory ?but in my
sources i can't find it.
It is in crypto/ec.
Which version of OpenSSL are you using? In
On 2009.06.04 at 08:13:05 +0800, jazeltq wrote:
I'm afraid that it is not a good code to study ecc.
Implementation, which is currently in OpenSSL is full of obscure
performance hacks and is not well-documented.
Yse, it's a problem . May be it will be relief afer my paper finished.
It
On 2009.06.04 at 09:04:11 +1000, Brad Mitchell wrote:
The reason we use command-line utilities to verify is for transparency.
Data could be used in the courts for example and having that hey.. go
download openssl and verify it yourself is a lot better than.. here is a
util we wrote to
On 2009.06.02 at 12:15:54 +0100, Rob Stradling wrote:
openssl-build for reporting build errors with the OpenSSL sources.
May be I should make our autobuilder post results of automated builds
and test on 50+ platforms there? Now I typically first investigate test
failures myself and then send
On 2009.06.01 at 22:05:48 +0800, jazeltq wrote:
hello,
where can i find the definition of ec_point_st and ec_group_st
what i found are:
typedef struct ec_point_st EC_POINT;
typedef struct ec_group_st
111 /*
112 EC_METHOD *meth;
113 -- field
On 2009.05.29 at 11:31:56 +0530, tito wrote:
I want to make my project compatible for mozilla and opera too
i want to do the same for mozilla too but i guess mozilla method doesnt
generate PKCS10 format
There is window.crypto Javascript object in the Mozilla, opera and, I
think,
On 2009.05.29 at 17:16:00 +0530, tito wrote:
the output i got from openssl
=
C:\OpenSSL\binopenssl ca -policy policy_anything -config myopenssl.cfg
-cert certs/ca.cer -in requests/spkac.txt -keyfile keys/ca.key -days 360
-out
On 2009.05.22 at 20:31:44 +0800, sofian sindhi wrote:
By your suggestion, if I have BN a,1024bits, and b, 2048 bits, the
only way I can do OR is using char *BN_bn2hex(const BIGNUM *a) to
transform each one as 2 char*.
Then do the OR byte by byte?
No, you completely misunderstood me.
I've
On 2009.05.22 at 15:02:59 +0800, sofian sindhi wrote:
Hi openssl friendsl:
I can see BN operations from http://linux.die.net/man/3/bn_add
but I cannot find any operation about XOR, OR and AND.
And I cannot find any related functions defined in bn.h.
Does that mean BN doesn't have these
On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote:
IMO a good approach is also to simple read and understand apps/x509.c
Unfortunately, it wouldn't help much. x509 utility does work only with
certificates in files (or stdin), so it uses d2i_X509_bio.
In this case certificate is stored in
On 2009.05.20 at 02:13:39 -0700, jo wrote:
When I want to build the openssl 0.9.8k version on aix it fails as follows:
/usr/local/bin/gcc -I../crypto -I.. -I../include -DZLIB -DOPENSSL_THREADS
-qthreaded -DDSO_DLFCN -DHAVE_DLFCN_H -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -
qroconst
On 2009.05.20 at 14:05:05 +0300, Lior Aharoni wrote:
Hi All,
═
Can someone please direct me to the relevant OpenSSL API for decoding
binary stream of the entire certificate content in ASN.1 format?
It is d2i_X509 function. It has same API as all other d2i functions and
return
On 2009.05.20 at 06:16:49 -0700, jo wrote:
that is definitely better but now it fails in make test:
*** Testing openssl-0.9.8k (can take a while) ..failed
*** Error: openssl-0.9.8k build error - make test failed
exec(): 0509-036 Cannot load program ./destest because of the following
On 2009.05.20 at 15:03:09 +0300, Lior Aharoni wrote:
Hi Victor,
Thank you for the quick reply.
I did try to use d2i_X509 function but I get the following error:
2520:error:0D07207B:lib(13):func(114):reason(123):.\crypto\asn1\asn1_lib.c:150:
First of all, you should
On 2009.05.19 at 15:24:43 +0530, naveen.bn wrote:
Thank you .
Can i include the public key generated below to a certificate and if
possible how can it be done.
openssl rsa -pubout -in priv.pem -out pub.pem
I think there is no easy way to do it.
Certificates are typically
On 2009.05.19 at 16:46:14 +0530, naveen.bn wrote:
What is the contents on which CA would have signed from his private key. I
want to know it because if an attacker replaces his public key in the
server certificate which i get than its game over for me .
See RFC3280.
Block of signed
On 2009.05.15 at 21:16:12 +0200, Lasse Kliemann wrote:
Ok. There is another thing that I do not understand. The output
of 'openssl smime -verify ...' is rather sparse in case that
verification is successful. How can I know which certificate was
responsible? I cannot see why verification
On 2009.05.12 at 12:36:39 -0400, Ron Gewirtzman wrote:
Hello,
I was hoping you could help me. I was told by a Thawte and Verisign
representative that if we create our own certificate that we would still
need to use a root file is this correct.
Certificate is just public
On 2009.05.07 at 09:26:34 +0400, Andrey Koltsov wrote:
And one remark. This file engines/ccgost/readme.gost has an example
configuration for GOST engine
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/ssl/engines/libgost.so
default_algorithms = ALL
crypt_params =
On 2009.05.05 at 13:47:50 +0200, Dr. Stephen Henson wrote:
Yes it's just a case of hacking util/mkmf.pl and/or some Makefiles. If OpenSSL
is compiled without shared library engines (enable-static-engine) in the
command line you *do* get the GOST engine under VC++.
And I think that static
On 2009.05.05 at 09:27:30 +0400, Andrey Koltsov wrote:
As I understand, GOST engine works on Windows with mingw support only.
Is it planned to make it to compile with VC++ also?
If no, is it because technical problems or some legal issues?
There should be no techincal problems. Code is
On 2009.04.29 at 05:03:00 -0700, siavash fallahdoost wrote:
Hi all,
I want to add new cipher algorithms to openssl library and rebuild openssl
on Windows(VC++).
Really you don't need to rebuild OpenSSL just for adding a
cryptoalgorithm.
You can implement this algorithm as loadable
On 2009.03.18 at 17:04:33 -0700, Thomas Bonham wrote:
As a new subscribe I hope that I'm using it to the right group.
I'm working on trying to figure out how to create a CA within my C based
program. I have found some information on create the certificates within
the program
On 2009.03.18 at 14:08:24 +0300, mb0 wrote:
Hello,
I'm trying to build openssl-0.9.8j using MinGW compiler on WindowsXP 32bit.
use command:
ms\mingw32
During build process ssleay32.dll is not created.
Only libeay32, libssl32
BUT if build using Visual Studio, all 3 dll libraries are
On 2009.02.19 at 12:38:27 -0800, Database System wrote:
Hi,
I'm new to openSSL/SSL. I downloaded the file. It is
If you are new to openSSL, it is better to use version which is
provided by your Linux distribution. Every linux distribution out there
already includes OpenSSL, and
On 2009.02.19 at 09:48:20 +0100, m...@abp.pl wrote:
Hello,
I try to build static postgresql 8.3.6 with static openssl 0.9.8i.
at config.log:
configure:7695: checking for SSL_library_init in -lssleay32
configure:7725: gcc -o conftest.exe -O2 -Wall -Wmissing-prototypes
-Wpointer-arith
On 2008.12.18 at 11:41:58 -0700, Kolli, Sudha wrote:
Hi
Here is the problem:
We have a php code which used open_ssl library to encrypt and decrypt.
We are trying to write the equivalent java code for encryption but we are
unable to use open_ssl library in
On 2008.09.22 at 16:37:58 +0200, F. wrote:
Any way to collect only from HRNG?
You can write your own RAND_METHOD
and encapsulate it in the engine module.
Then you can load this engine via openssl.cnf
and set default rand method to this engine.
Really, this is not very good idea, because
On 2008.11.05 at 00:29:40 -0800, David Schwartz wrote:
PRNG. This is better for several reasons:
1) You can rate-limit how much you mix in. Say you mix in 1KB at startup and
128 bytes every 10 seconds after that. This will provide the same quality of
randomness for cryptographic purposes,
On 2008.05.11 at 10:25:39 +0330, Mehdi Asgari wrote:
Hi
I want to compile ccgost (available in openssl 0.9.9) on Windows.
But the Makefile generates error.
Could you give me some instrunctions about building it ?
(I've used Microsoft Compiler, GCC, Cygwin)
Could you give more
On 2008.03.27 at 14:52:19 -0400, Bobby Krupczak wrote:
Hi!
I'm trying to build a multi-platform application using openssl. I'm
using the win32 ssl libs built by Shining Path. However, those libs
require msvcr71.dll whilst the rest of my apps are compiled such that
they only require
On 2008.04.04 at 15:53:33 +0200, roberto calosino wrote:
Hello,
I'd like to know the difference between X509_STORE (X509_STORE_new) and
STACK_OF(X509) (sk_X509_new).
What kind of additional information contains a X509_STORE ?
Stack is generic data structure. There are stacks of
Program received signal SIGSEGV, Segmentation fault.
0x0818dc55 in _init ()
(gdb) bt
#0 0x0818dc55 in _init ()
#1 0x08076a16 in _start ()
Before even reaching main? I upgraded to latest gcc on Sunfreeware in
case that was the issue.
This problem is known for years. Probably it should
On 2007.11.20 at 11:48:47 +0100, Marek Marcola wrote:
Server decrypts this packet with client certificate, calculates its own
hash, compares this two hashes and accepts client authentication or not.
It is not way how DSA/ECDSA signatures work.
If we are talking about RSA, we can talk about
On 2007.11.19 at 11:25:46 +0100, Davide Vernizzi wrote:
Hi users,
is there an easy (or even a not-so-easy) way to use a crypto engine in a
TLS/SSL session? I'd like to use a crypto engine for asymmetric crypto
during the handshake and another engine the for symmetric crypto of data
during
On 2007.11.19 at 12:02:39 -0800, Koza wrote:
Hi,
I am looking for a bit more detailed for openssl speed command and for
description of EVP. I used google but with poor results. Maybe you can help.
I understand that EVP is a layer for cryptographic functions. I configure it
and then I
On 2007.08.29 at 09:46:11 +0200, Andr? Ziermann wrote:
Hello all,
I was playing with a snapshot of openssl of July 26th to learn more about
running SSL with GOST ciphers.
So I tried to start an SSL server (openssl s_server) with a GOST2001 key and
a self signed certificate.
It does
On 2007.06.14 at 11:15:25 +0100, Brendan Kennedy wrote:
Hi All,
I'm trying to install a patch for 0.9.7c on 0.9.8a OpenSSL. This
involves doing things by hand. Anyway, there is the following update:
What is libeay.num used for and can I add this change to the end of
the list, instead
On 2007.06.01 at 07:35:37 -0700, gary clark wrote:
Hey Simon,
I pushed the MSVCR71.dll into windows system32
directory. I am building the application with code
Generation /MD. I then ran the client application
If you use /MD you might need debug version of dll.
MSVCR71D.DLL. And this is if
On 2007.05.31 at 22:28:27 -0700, gary clark wrote:
Hello,
Using 0.8.9e.
Attempting to port my openssl testclient to a XP
machine which does not have the complete install of
openssl.
I took the ssleay32.dll and libeay32.dll and installed
them in the system32 directory.
When running
On 2007.05.25 at 08:16:19 -0400, Mouse wrote:
I'm driving at Attribute Certificates. They are supposed to have shorter
life than identity certs, but still long enough to be usable.
I've seen project to add attribute certificates to OpenSSL.
http://openpmi.sourceforge.net/
You can try to
On 2007.05.23 at 17:30:50 +0200, Yves Rutschle wrote:
Hi,
I'm trying to work out the relationship between a cipher
suite, and the encrypters available in OpenSSL. For example,
There is almost no relationship, except that if no encrypter is
available, cipher suite which uses this encryption
On 2007.05.16 at 13:30:12 +0200, Dr. Stephen Henson wrote:
In OpenSSL 0.9.8 and later at least you set the -crl_check option or
-crl_check_all. The certificates and CRL(s) for verification can be supplied
in a single file using -CAfile or a directory using -CApath.
But it is still
On 2007.05.16 at 16:03:38 +0530, Urjit Gokhale wrote:
Hello everyone,
I have some doubts about certificates, which I wish to get clarification
on.
Here is my understanding about certificates:
* Certificates bind the public key with some other information like the
name
On 2007.04.17 at 16:17:03 +0200, M.Zdila/EpiSoftware Ltd. wrote:
hi
i would like to use it in bash script so the certificate would be saved to a
cert.pem and then imported to java keystore using keytool. possible?
Use openssl s_client command, and then something like sed or awk to
extract
On 2007.04.17 at 03:27:47 -0700, Mustafa Cayci wrote:
Hi,
I used Entrust/Web Connector to generate client
certificate. It generated in raw DER format. Is there
anyway to convert to PKC#7 format?
Thanks in advance,
PKCS7 format is not a certificate format. It is format of
On 2007.04.10 at 19:16:03 +0200, Christophe Devine wrote:
I cross-compiled OpenSSL on ARM and MIPS a couple months ago, to perform
some RSA benchmarking. I remember hacking the linux-generic target to
use arm-linux-gcc instead of gcc also added -static to the CFLAGS. There
is probably a more
On 2007.04.05 at 14:29:22 +0530, Urjit Gokhale wrote:
Hello all,
As we all know, the SSL object can work either with direct tcp sockets
(SSL_set_fd()) or can work on top of socket BIO objects.
In my current project, I am using SSL directly on top of tcp sockets (no
BIOs).
On 2007.03.22 at 17:45:33 -0700, LIDA WANG wrote:
Could anyone tell me where i can find the source code of function
i2d_X509()?
File crypto/asn1/x_x509.c contain macro
IMPLEMENT_ASN1_FUNCTIONS(X509) in the line 136 (as of 0.9.8e)
This macro is expanded during compilation into definitions
of
On 2007.03.11 at 18:10:01 +0100, Steven Beeckman wrote:
Hi,
I'm trying to get the openssl command-line tool built as a statically
linked executable (for an ARM simulator), but it appears to be
non-trivial. Running ./Configure no-shared linux-generic32 or even
./config
On 2007.03.01 at 14:12:55 -0600, Dinh, Thao V CIV NSWCDD, K72 wrote:
Questions:
1) each peer can independently compute the shared secrete What is
meant ?? Client has one shared key, Server has different shared key???
It is meant that only public keys are transferred over
On 2007.01.11 at 15:11:46 +0200, Alexander Semyonov wrote:
Hi. I am implementing Jabber (XMPP) protocol and I need an example about
acompleting the starttls procedure (as I understood - switch to secure tcp
connection on existing unsecure one). I tried Google but couldnt find any
On 2007.01.09 at 13:52:53 +0530, Ramya Ram wrote:
Thanks Marek...but I want the location in Windows ...WindowsXP. Do you
have any idea?
- Ramya
$ openssl version -d
OPENSSLDIR: /etc/pki/tls
and config file is: /etc/pki/tls/openssl.cnf
Try the same command. There are
On 2006.12.19 at 15:10:34 +, nagaraju gundimi wrote:
Hi,
i want to add my own cipher to openssl library, is it posssible?
if yes can any one explain the procedure
Yes, you can. You can even do it without recompiling OpenSSL, if it is
build with dynamic engine support.
You can
On 2006.12.13 at 14:22:12 +0530, bsenthil wrote:
Hi,
I want to create CA/Server certificate from library libssl.so. could you
please help me any code snippet / url..
You'll need libcrypto.so rather than libssl.so. All basic cryptographic
functions are in the libcrypto.
I want to create
RFC 2511 defines ASN.1 syntax for putting multiple certificate request
into one message:
CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
CertReqMsg ::= SEQUENCE {
certReq CertRequest,
pop ProofOfPossession OPTIONAL,
-- content depends upon key type
On 2006.11.22 at 16:40:27 +0100, Michael Str??der wrote:
Victor B. Wagner wrote:
RFC 2511 defines ASN.1 syntax for putting multiple certificate request
into one message:
[..]
Question is - how widespread is use of this syntax, is there any
real-world CA which understand
On 2006.11.13 at 21:07:45 +0100, Magos?nyi ?rp?d wrote:
Hi!
It seems the answer is yes, see
http://buildd.debian.org/build.php?pkg=openssl
Another question is what you call 64 bit linux. In debian there are
the following processor families supported which I think work in 64
bit: alpha,
On 2006.10.31 at 22:13:06 +0400, Eshwaramoorthy Babu wrote:
Hi Bernhard,
Thanks for your response.
Thanks for your response.
We have already purchased the certificate. But we do not have have private
key with us. because we have submitted the csr request from CA's website.
On 2006.10.26 at 00:46:15 -0700, Mike Hamburg wrote:
Is it possible to set the default engine in OpenSSL? I have Padlock
acceleration, but I can't get OpenSSL to use it without adding -evp
-engine padlock, and I can't get OpenSSH to use it at all
(using ./configure --enable-ssl-engine). Or
On 2006.10.12 at 18:44:20 -0400, William Triplett wrote:
Dear openssl-users,
Suppose that I have the Sealed Data, Envelope, and proper Private Key
for some data encrypted with EVP_Seal* using RC4 (basically, PHP's
openssl_seal() function). Is there a way to decrypt it using the
On 2006.10.03 at 17:00:28 -0700, Rich Conlan wrote:
Does anybody know how hard it is to make OpenSSL play nice with Window's
CryptoAPI?
In particular, to make it so that a file encrypted under OpenSSL can be
decrypted under CryptoAPI and vice-versa?
It depends on what do you
On 2005.11.14 at 08:08:07 +0200, Nadav Golombick wrote:
I am trying to perform a handshake using DSS cipher suites. Everytime
I attempt it, I get a no shared cipher message.
The certificate I am using contains RSA certificates and DSA public
and private keys (chained certificate).
What am I
On 2005.11.09 at 20:50:39 -0500, Victor Duchovni wrote:
On Wed, Nov 09, 2005 at 08:38:02PM -0500, Warrick FitzGerald wrote:
Hi Guys,
I'm trying to test a connection to a TLS enabled SMTP server. Is it
possible to use use OpenSSL to setup the TLS sessison and then interact
with the
On 2005.11.07 at 10:14:42 +0100, Pablo J Royo wrote:
With some effort you even can keep every bit temporary data in the core
memory, avoiding writing of temporary files. BIO abstraction in OpenSSL
is powerful enough to do this.
The reason I want to use detached data, is to avoid having
On 2005.11.04 at 14:02:04 +0100, Pablo J Royo wrote:
Is there any way to create a detached PKCS7 envelope with openssl
utilities (smime) ?
Create S/MIME message and extract signature part using any
mime-capable tool or just some text processing utitity
This is not an
On 2005.11.03 at 09:27:21 +0100, Pablo J Royo wrote:
Hi:
Is there any way to create a detached PKCS7 envelope with openssl
utilities (smime) ?
Create S/MIME message and extract signature part using any
mime-capable tool or just some text processing utitity
On 2005.10.26 at 13:16:02 +0200, Steffen Pankratz wrote:
Just use mingw32 for building openssl dlls.
why shouldn't it be possible to use MSVC to compile openssl (shared and with
dynamic engine support)?
are there any serious reasons?
I think that it is because nobody is interested in
On 2005.10.21 at 18:45:13 +0200, Steffen Pankratz wrote:
now i'm totally confused no shared libs for win32?!
is it a bug?
Not for win32. Just for MSVC build. Use mingw32 and you'll get shared
build with working dynamic engines. And nothing would prevent you from
linking these dlls into
On 2005.10.19 at 19:26:36 +0200, Steffen Pankratz wrote:
Hi
I'm trying to get my dynamic engine to work on windows (openssl 0.9.8a, ms
vc++ 7)
it runs fine in linux
Have you configured openssl with right way when building?
Check openssl include files you are using when compiling for
On 2005.05.24 at 14:33:29 +0100, Chris Covell wrote:
I am now using this command:
$ openssl smime -verify -inform PEM -in signature.pk7 -CAfile
development_cm.pem -content content.txt
And I get this output:
content
Verification failure
2788:error:21071065:PKCS7
On 2005.05.24 at 11:14:08 +0100, Chris Covell wrote:
But if I try and verify the signature using (as described in the
OpenSSL command line manual):
openssl smime -verify -inform PEM -in signature.pk7 -signer
signer_pub.key -certfile certs.pem -content content
I get the message:
On 2005.01.13 at 13:55:37 +0100, Dr. Stephen Henson wrote:
It doesn't. You can do that of course but the preferred technique is the same
as every other environment: create a private key on the microsoft box, sign a
request with it, send request to the CA and install the resulting certificate.
On 2005.01.14 at 17:02:51 +0300, Vsevolod Stakhov wrote:
|For MSIE you can use Xenroll for that.
| BTW, it is not clear for me how to create DSA certificates from xenroll.
| (really I oo need GOST94 certificates, not DSA)
You can use such kind of script for IE:
I see that this script does
On 2005.01.14 at 17:38:29 +0100, Dr. Stephen Henson wrote:
Does a GOST CSP exist?
At least two of them. One is developed by CryptoPro, and other by
CryptoCom. There is third major vendor of certified Russian cryptography
on the market, but I don't know if they have their own CSP
On 2004.11.10 at 19:15:39 -0200, Reginaldo de Oliveira Santos wrote:
Hi, everybody, I wanna know if somebody has succefully fragment de OpenSSL
source code. For example, to isolate the rsa function, then you can use that
without depending on OpenSSL instalation?
There are few defines like
On 2004.10.22 at 19:11:23 +0200, Webmaster wrote:
Greetings,
try to compile Apache+ mod_ssl+openssl yourself?
Wrong idea. Debian provides quite useful packages.
At least, libapache-mod-ssl package work for me without any problem. I've not
tried apache-ssl, but it
97 matches
Mail list logo