Hi,
I'm developing a CA which automates this stuff that you need, maybe it
could help you (http://cultura.eii.us.es/~pablo/elyca/), it's free
software and still an early release but if you only need to do generate
certs for your servers I suppose it's enough for you. There's also
similar free
status (revoked).
What shall I do if I want to revoke the OCSP responder certificate? by
using a CRL?
Thank you,
Pablo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
for
a-still-valid cert?
Thank you very much,
Pablo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Hi again,
first of all, thank you Stephen.
Dr. Stephen Henson wrote:
On Sat, May 31, 2003, pablo wrote:
Hi everyone,
this is the first time I post something, so sorry if any mistake is done.
I've been playing with the ocsp implementation of openssl and I got some
errors, I've been
Hi!
I would need to know what arguments or settings in configuration file to
use while create a certificate signing request for a Timestamping Authority
(TSA) (per RFC3161).
I guess that X509v3 Extended Key Usage must be timeStamp but don't know how
to set it.
Thanks in advance.
Pablo Rogina
Hey Brad, thank you for your response. It worked well. I've just had to
uncomment this line:
# This is required for TSA certificates.
extendedKeyUsage = critical,timeStamping
just for creating the TSA certificate in order to be used by mod_tsa under
Apache (www.opentsa.org)
Regards,
Pablo
be ragnarock.domain.tld and not ragnarock, that's why you got
that warning message.
Also since this service runs on a virtual server, should I have the virtual
server under a different name then the actual server name? This is a single
purpose server only.
Cheers,
Pablo
via -passin there
are no other prompts.
but this way you don't keep the index.txt file the all valid
certificates generated, so it seems there's no way to automate the
process by using the 'ca' utility, am I right?
Thanks
Pablo
try this and I cannot do it at this moment, so let me know how
everything goes.
Pablo
David wrote:
Hello list,
I've a some questions about reissuing of CA certificates. Imagine I've
got
the following hierarchy within my PKI.
TLCA
|
CA
|
end-entities
If the CA-certificate is about
Hi.
How do i set the "Valid from" and/or
"Valid to" parameters in the certificate?
~~~~~~Pablo MilletRed
MessageWeb Developer DesignerMob.: 0706 - 762 556
www.redmessage.com~~
write the PEM Pass phrase, and complete all the questions...
And finally I receive this error message :
10161:error:0D072006::lib(13) :func(114) :reason(6):NA:0:
error in req
Can you help me?
Where Is my error?
Thanks very much!
Pablo Arisi
Gcia. Tecnología
VISA Argentina
Can anybody setup openssl to generata a certificate for the netscape signtool utility?
ha get this message:
signtool: the cert "omeguita CA" does not exist in the database: Certificate extension
was not found
when I compare the output from the certificate y one (self-signed) created with the
)
I had no problem or warning at compiling... is that version of apache not compatible with that version of openssl?
Are you familiar whit this problem?
Thanks a lot
Pablo
Este mensaje se dirige exclusivamente a su destinatario y puede contener
información CONFIDENCIAL sometida a secreto
Hi,
Stitching aes-cbc with sha1 can result with x2 performance [1].
Is there support for stitched aes-128-hmac-sha1 encrypt-then-mac? This
issue [2] says that only mac-then-encrypt is supported in OpenSSL.
Does this implement mac-then-encrypt and relevant [3]?
Is it possible to use the same code
On 01/11/2019 11:59, pablo platt wrote:
> > Thank you for the explanation.
> >
> > The use case is a WebRTC server (SFU) that encrypts and authenticate
> > SRTP packets.
> > Encryption is a major part of CPU load on SFU servers. Reducing it by
> > 50% will have a l
:32 PM Matt Caswell wrote:
>
>
> On 01/11/2019 07:56, pablo platt wrote:
> > Hi,
> >
> > Stitching aes-cbc with sha1 can result with x2 performance [1].
> > Is there support for stitched aes-128-hmac-sha1 encrypt-then-mac? This
> > issue [2] says that only m
--
Saludos Cordiales,
Juan Pablo Albuja
Good morning. I need help to renew licences which are used for connections of
OpenVPN servers using OpenSSL
All are due. The question is: If ending this time of the certificate How do I
create another certificate without losing the VPN connection? According to the
manual to create a
I can´t say what is exactly causing your problem,
but we had a very similar problem when stressing our OpenSSL applications with
100 threads. We did exactly the same that you: to use the callbacks you mention
in mttest.c.
Our problem was not to use certain reentrant
functions as books say
/*...*/ on selected parts) in several places we discovered were
the problem was.
It wasn´t easy: all I can say is thatit
worked to find the errors.
Regards
Pablo J. Royo
- Original Message -
From:
Nauman
Akbar
To: openssl-users@openssl.org
Sent: Wednesday, April 06, 2005 2:18
There are a lot of ugly things in your code, but that strlen(firma) has no
sense. I think you are confusing the size of the private key RSA struct with
the size of the buffer you want to sign. Also, you are using strlen with a
buffer (firma) with any content and probaly not ended with 0, so it
If you have control over the father process source code, I think it is
easier to accept( ) the incomming connection in the father process, then do
a fork( ) and let the child to stablish the SSL channel using the inherited
accepted socket returned by accept( ).
This way, you don´t need to share
I think you can try s_client program, in apps directory.
Using it, you can write ssl on after SSL negotiation and see what happens.
If it works, you can use it to build your program. It has all you need.
__
OpenSSL Project
I suppose this is not the right forum to ask for Smartphone issues.
Anyway, here:
http://www.jacco2.dds.nl/networking/crtimprt.html
may be you could find a way to do what you need , a little idea or maybe
something more.
He explains how to import a *personal* certificate and a CA certificate on
Try this
openssl smime -verify -in Assinador.tar.gz.pkcs7 -inform DER -content
Assinador.tar.gz -signer signer_certificate.pem -noverify
- Original Message -
From: Andreas Hasenack [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Thursday, July 14, 2005 10:49 PM
Subject: How to
Hello all:
I´m tryng to generate a detached envelope from a
received implicit (non-detached) envelope.
The idea is to load the old non-detached envelope,
to copy it in a new PKCS7 envelope struct andthen to delete the
encrypteddata from that struct and dump it with i2d_PKCS7_bioto a
memory
Hi:
Is there any way to create a detached PKCS7
envelope with openssl utilities (smime) ?
Thanks
Is there any way to create a detached PKCS7 envelope with openssl
utilities (smime) ?
Create S/MIME message and extract signature part using any
mime-capable tool or just some text processing utitity
This is not an option, because I need to do this inside my programs.
I've been
With some effort you even can keep every bit temporary data in the core
memory, avoiding writing of temporary files. BIO abstraction in OpenSSL
is powerful enough to do this.
The reason I want to use detached data, is to avoid having all my data in
memory. Now, OpenSSL handles all PKCS7 stuff
Look at :
http://spipe.sourceforge.net
The idea is to use in your Linux box a patch modified Apache / mod-ssl
server who deciphers all he receives in its 443 port, and if what he obtains
is not HTTP then it forwards the stream of bytes to a selected server. If it
is HTTP, it leaves Apache to
If it works with VB, and if you have the private key stored in usual Windows
certificate store perhaps your COM has problems to access the private key to
decipher data, because a service has no GUI to access the private key
password.
Also, it could be any other kind of error that happens when
Look at:
http://marc.theaimsgroup.com/?l=openssl-devm=112092528123408w=2
http://marc.theaimsgroup.com/?l=openssl-usersm=112352769609201w=2
- Original Message -
From:
OpenSSLGRT
To: openssl-users@openssl.org
Sent: Thursday, January 19, 2006 10:30
PM
Subject: OpenSSL
-informed, well-armed sheep.
.-.
/ .-. Pablo Endres Lozada.-. \
| / \ Laboratorio Docente de Computacion / \ |
| |\_. |USB
I'm compiling openssl with "Configurepurify"
and I getthe following "unresolved" errors:
des_options
/u0/common/sec/openssl-0.9.6l/apps/speed_pure_p9_c0_111202132_32.odes_crypt
/u0/common/sec/openssl-0.9.6l/apps/passwd_pure_p9_c0_111202132_32.oOpenSSL_add_all_algorithms
Hi
May be this problem could nothing to do with OpenSSL?
I experienced this problem under a , non SSL, private protocol for sending
files to a server.
The symptons were VERY similar: a hang after sending a file to a server,
then exchanging little packets betwen client and server.
I made
error:2106906D:lib(33):func(105):reason(109)
error:21074041:lib(33):func(116):reason(65)
From crypto/err/err.h you se the 33 sub-library is PKCS7.
From pkcs7/pkcs7.h you see the 105 function is PKCS7_dataInit, and from that
file you see the reason 109 is unknown digest type.
116 is the
Hello:
I have a subject string in its common format:
C=XX /O=xxx /OU=yy /CN=z...etc
and I´d like to create a X509_NAME object with it, in order to handle its
different fields (X509_NAME_ENTRY) correctly.
Is there any function in OpenSSL X509 interface to do this (as easy as
May bethe '+' simbol of "Telefonica
I+D" is not an allowed character in the subject for the software or codification
you are using?
It seems as if somepart in ithad
problems building a DN with that string.
- Original Message -
From:
Angel Martinez
Gonzalez
To: [EMAIL
Title: Smart cards and private keys
OpenSSL does not managethat directly, but
it is possible: you will have to create a set of
functions using your own software, let's sayusing Windows CryptoAPI to
access smartcard , and then suply that callbacksto the RSA_METHOD
structure.
-
Hi
Do you know if actual OpenSSL versions do (still)
compile with VC1.52 producing 16bit code?
I need PKCS7 support for an old 16bit
application.
Thanks
¿Do you know if actual OpenSSL versions do (still) compile with VC1.52
producing 16bit code?
I need PKCS7 support for an old 16bit application.
It has not been tested for a long time and I'd be surprised if it still
worked.
In that case, does anybody know which version was the first
Depends on what you mean by PKCS7 handling if you just mean being able
to
parse PKCS#7 structures then even SSLeay would handle it. If you mean
S/MIME
then it first appeared in 0.9.5 but there have been *many* security and
bugfixing changes since then.
You might be able to use CryptoAPI if
There are some hooks for BER and streaming S/MIME in OpenSSL 0.9.8 but
that's
only at an early stage and no one's really been that interested in it at
present.
My program has to handle big PKCS7 files, so I´d be very interested in that
streaming.
I had to modify PKCS7_doit( ) routines to do
I think you could try this:
Extract *.o files in the static library with
ar -x libssl.a
Then link them again with:
ld -rpath "/usr/local/ssl" -shared -o libssl.so *.o
The command "file libssl.so" reports then:
libssl.so: ELF 32-bit LSB shared object, Intel 80386, version 1, not
stripped
so
Sorry.The true page is
http://www.sunfreeware.com/faq.html
Question is Q5.
-Original Message-
From: Pablo J. Royo [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: martes 19 de septiembre de 2000 17:30
Subject: Re: SOLARIS 8 GCC 2.95.2 ld: fatal: file values-Xa.o
See
I think you should change the line
int tNumSocketsReady = select(1, tSet, NULL, NULL, tTimeout);
by
int tNumSocketsReady = select( tSocketFD+1, tSet, NULL, NULL,
tTimeout);
If not, the descriptor you are selecting on may be totally wrong, so your
select() doesn´t works.
I dont want to confuse you, so please disregard this if it sounds too
extrange.
I have seen similar problems when the proxy configuration wasnt correct
because the ports were wrongly mapped.Also, when a router in the path
between client and server had a broken router wich set the "DF" bit in
should try -ssl3/23 options in s_server
command.
Hope this helps
Pablo J. Royo
-Original Message-
From: Jorge Olmos [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: lunes 5 de febrero de 2001 12:18
Subject: error:wrong version number
Hello,
I want to commmunicate a server
://www.codeguru.com/internet/CSocksifiedSocket.htm
Hope this helps
Pablo J. Royo
-Original Message-
From: Vincent Toms [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: sábado 15 de septiembre de 2001 1:59
Subject: Using a proxy to my advantage
Hello all,
I have a question I need
= BOADILLA DEL MONTE
organizationName = UNIVERSIDAD POLITECNICA DE MADRID
organizationalUnitName = DLSIIS
commonName = Juan Pablo Rojas Jimenez
Email = [EMAIL PROTECTED]
SPKAC= THE PUBLIC KEY GENERATED BY NETSCAPE ( OR IE )
I hope this will help you.
er -key your CA key -batch
certificate_file
where the file data_of_the_requester is somthing like this:
countryName = ES
stateOrProvinceName = MADRID
localityName = BOADILLA DEL MONTE
organizationName = UNIVERSIDAD POLITECNICA DE MADRID
organizationalUnitName = DLSIIS
commonName = Juan
and trying to
add it to java's cert store , it tells me that it cannot find the
certificate chain for that key.
Does anyone know what i'm doing wrong.
begin:vcard
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
org:Faculad de Informática;DDpto. de Lenguajes y Sistemas Infotmáticos.
adr
Check if declarations for that functions are
enclosed in an #ifdef __cplusplus statement.
-Original Message-From:
Tugrul Bingol [EMAIL PROTECTED]To:
[EMAIL PROTECTED]
[EMAIL PROTECTED]Date:
lunes 17 de abril de 2000 18:17Subject: Error after
converting
Hi
I had the same problem, and I didn't find how to solve it except #undefining
that M_XXX macros in my source file,then #defining it correctly.After using
them in my file, you can letf then unchanged again if you like.
I´d like to know if there is a better (and elegant) way to do it.
Here it
Hi
I´m using this cert from Baltimore with openssl0.9.5a.
I don´t know why they generate PEM certs with 76 chars in each line, instead
of 64 as everybody does.If you take the cert and manually put it with 64
chars per line and the "BEGIN/END CERTIFICATE" stuff all goes well, but if
not x509
Hi:
I´ve faced the same problem.The true problem comes up when you want to
authenticate the remote server and in the process you resolve the IP of the
CN field of the certificate that he(the server) sends you during handshake
to see if its the same you are connected to.If this is the case
Hi :
I did exactly the same and it gave me the same error.
I have read you have to install Windows SDK to get the right libs and
headers (schannel.dll) installed in your machine in order to compile, but I
did that and errors were the same.
I hope you'll share the solution if you solve this.
ou can
do it.You have to change memory BIOs (yes,all the data is handled in memory) by
file BIOs.
Pablo J. Royo
- Original Message -
From:
Girish
Venkatachalam
To: [EMAIL PROTECTED]
Sent: Tuesday, May 14, 2002 3:28 PM
Subject: Large files with smime
Hi everyone,
Check this:
http://www.counterpane.com/yarrow.html
It's a try icon application for Windows, but you can change it to be a
service.
- Original Message -
From: Edward Chan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 03, 2002 1:47 AM
Subject: Seeding the OpenSSL
59 matches
Mail list logo
