Need help with certs for Cisco "EasyVPN"

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Need help with certs for Cisco "EasyVPN"

John A. Kilpatrick

I really could use some help and I'm hoping someone out there has done
what I need to do before and can clue me in.

All I am trying to do is use certificates with a VPN profile in the Cisco
VPN client.  However any cert that I sign with OpenSSL is marked as an
"RA" cert by the Cisco VPN client and not useable in a profile.  However
the Microsoft CA software signs the same cert is acceptable to the client
and the certificate signed by the Microsoft CA software is installed in
the "Cisco" store and thus useable by the client.

I tried making a new root certificate and manually setting the serial
number to 1 (instead of zero due to that issue about Cisco not thinking
zero is valid) but it didn't help.

I am getting pretty frustrated since Cisco doesn't support OpenSSL and
getting someone there with a clue has been fruitless.  If someone has been
able to make this work (either generating the req yourself and signing it
or signing a req generated by the client) please contact me - I could
really use the help.  I can provide sample certs that work and don't work
to see what the story is if that would help.

Thanks,
John

--
                                John A. Kilpatrick
[hidden email]                Email|     http://www.hypergeek.net/
[hidden email]      Text pages|          ICQ: 19147504
                  remember:  no obstacles/only challenges


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Attribute Certificate with OpenSSL?

Mouse-2
Did anybody use OpenSSL successfully for creating and processing Attribute
Certificates?
Is there any helpful HOWTO or TFM?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Attribute Certificate with OpenSSL?

Saurabh Arora-2
On 9/14/06, Mouse <[hidden email]> wrote:
> Did anybody use OpenSSL successfully for creating and processing Attribute
> Certificates?

very much .. chek dis link..  http://openpmi.sourceforge.net/

> Is there any helpful HOWTO or TFM?

download openssl distro(patched to support AC) frm d same link.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Reading in memory DER using BIO

k bisla
Is there a way that i can get an X509 cert from an array holding a cert in
DER format.

I know to read PEM format cert you got to do the following.

static X509 *loadCertFromMem(char *pCert, int pLength)
{
    STACK_OF(X509_INFO) *sk = NULL;
    X509                *returnCert = NULL;
    BIO                 *bin = NULL;

    if (!(sk = sk_X509_new_null())) {
        printf("getCert: sk_X509_new_null memory allocation failure\n");
        goto end;
    }

    bin = BIO_new_mem_buf(pCert, pLength);
    printf("build the bio\n");
    if (!(sk = PEM_X509_INFO_read_bio(bin, NULL, NULL, NULL)))
    {
        printf("getCert:error reading from BIO\n");
        goto end;
    }
    //printf("%s \n", pCert);
    while(sk_X509_INFO_num(sk))
    {
        X509_INFO *info = sk_X509_INFO_shift(sk);
        printf("inside while \n");
        if (info->x509 != NULL)
        {
            printf("x509 not null \n");
            returnCert = malloc(sizeof(X509));
            returnCert = memcpy(returnCert, info->x509, sizeof(X509));
            info->x509 = NULL;
            X509_INFO_free(info);
            break;
        }
    }

    end:
    BIO_set_close(bin, BIO_NOCLOSE);
    BIO_free(bin);
    sk_X509_INFO_free(sk);

    return(returnCert);
}

So my question is How do i read a DER using a BIO cause the cert in is
memory and not in a file (for file i know there are d2i functions that
return X509).
Thanks
KB


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Reading in memory DER using BIO

JoelKatz

> So my question is How do i read a DER using a BIO cause the cert in is
> memory and not in a file (for file i know there are d2i functions that
> return X509).

        There are d2i functions that take memory pointers and there are d2i
functions that take a BIO. See
http://www.openssl.org/docs/crypto/d2i_X509.html

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Reading in memory DER using BIO

Marek.Marcola
In reply to this post by k bisla
Hello,
> Is there a way that i can get an X509 cert from an array holding a cert in
> DER format.

> So my question is How do i read a DER using a BIO cause the cert in is
> memory and not in a file (for file i know there are d2i functions that
> return X509).
You may use something like that:

/**
 * Create X509 certificate object from buf in DER format.
 *
 * @param    cert    return X509 object with created certificate
 * @param    buf     buffer with certificate in DER format
 * @param    len     size of buffer
 * @return   0 on success, -1 on error
 */
int der2cert(X509 ** cert, char *buf, int len)
{
    BIO *mem;

    if ((mem = BIO_new_mem_buf(buf, len)) == NULL) {
        goto err;
    }
    *cert = d2i_X509_bio(mem, NULL);
    BIO_free(mem);

    if (*cert == NULL) {
        goto err;
    }

    return (0);

  err:
    return (-1);
}

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Reading in memory DER using BIO

Marek.Marcola
In reply to this post by k bisla
Hello,
> Is there a way that i can get an X509 cert from an array holding a cert in
> DER format.

> So my question is How do i read a DER using a BIO cause the cert in is
> memory and not in a file (for file i know there are d2i functions that
> return X509).
You may use something like that:

/**
 * Create X509 certificate object from buf in DER format.
 *
 * @param    cert    return X509 object with created certificate
 * @param    buf        buffer with certificate in DER format
 * @param    len        size of buffer
 * @return    0 on success, -1 on error
 */
int tls_der2cert(X509 ** cert, char *buf, int len)
{
    BIO *mem;

    if ((mem = BIO_new_mem_buf(buf, len)) == NULL) {
        goto err;
    }
    *cert = d2i_X509_bio(mem, NULL);
    BIO_free(mem);

    if (*cert == NULL) {
        goto err;
    }

    return (0);

  err:
    return (-1);
}

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Warning in sha.h not able to use on HP-UX.

Bhat, Jayalakshmi Manjunath
Hi All,
 
I have ported OPENSSL on VxWorks (host is HP-UX and target is VxWorks)
I want to use SHA-512, When I compile I am getting the following
warnings

h/openssl/sha.h:179: warning: ANSI C does not support `long long'
h/openssl/sha.h:180: warning: ANSI C does not support `long long'
h/openssl/sha.h:180: warning: ANSI C does not support `long long'
h/openssl/sha.h:182: warning: ANSI C does not support `long long'

Warning are in

typedef struct SHA512state_st
{
        SHA_LONG64 h[8];
        SHA_LONG64 Nl,Nh;
        union {
                SHA_LONG64 d[SHA_LBLOCK];
                unsigned char p[SHA512_CBLOCK];
        } u;
        unsigned int num,md_len;
} SHA512_CTX;

I tried considering SHA_LONG64 as unsigned long and #define U64(C) C##UL
Then I started getting lot of warnings in file sha512.c

Warning are of type:
sha512.c:61: warning: large integer implicitly truncated to unsigned
type
sha512.c:114: warning: right shift count >= width of type

Please can any one tell me how do I use/fix this.

Thanks in advance,
Jaya.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Warning in sha.h not able to use on HP-UX.

Marek.Marcola
Hello,

> I have ported OPENSSL on VxWorks (host is HP-UX and target is VxWorks)
> I want to use SHA-512, When I compile I am getting the following
> warnings
>
> h/openssl/sha.h:179: warning: ANSI C does not support `long long'
> h/openssl/sha.h:180: warning: ANSI C does not support `long long'
> h/openssl/sha.h:180: warning: ANSI C does not support `long long'
> h/openssl/sha.h:182: warning: ANSI C does not support `long long'
>
> Warning are in
>
> typedef struct SHA512state_st
> {
> SHA_LONG64 h[8];
> SHA_LONG64 Nl,Nh;
> union {
> SHA_LONG64 d[SHA_LBLOCK];
> unsigned char p[SHA512_CBLOCK];
> } u;
> unsigned int num,md_len;
> } SHA512_CTX;
>
> I tried considering SHA_LONG64 as unsigned long and #define U64(C) C##UL
> Then I started getting lot of warnings in file sha512.c
>
> Warning are of type:
> sha512.c:61: warning: large integer implicitly truncated to unsigned
> type
> sha512.c:114: warning: right shift count >= width of type
OpenSSL implementation of SHA384/SHA512 requires that SHA_LONG64
must be defined as 64-bit type (sizeof(SHA_LONG64) must be 8).
You should find such type in compiler to get this work.
For example you may use uint64_t (if such type is defined).

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Warning in sha.h not able to use on HP-UX.

Bhat, Jayalakshmi Manjunath
Hi All,

First I would like to thank you very much.
I just tested if I can use uint64_. I think I can use it. So Instead of
unsigned long long can I use uint64_t?

Regards,
Jaya.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Marek Marcola
Sent: Thursday, September 14, 2006 3:28 PM
To: [hidden email]
Subject: Re: Warning in sha.h not able to use on HP-UX.

Hello,
> I have ported OPENSSL on VxWorks (host is HP-UX and target is VxWorks)

> I want to use SHA-512, When I compile I am getting the following
> warnings
>
> h/openssl/sha.h:179: warning: ANSI C does not support `long long'
> h/openssl/sha.h:180: warning: ANSI C does not support `long long'
> h/openssl/sha.h:180: warning: ANSI C does not support `long long'
> h/openssl/sha.h:182: warning: ANSI C does not support `long long'
>
> Warning are in
>
> typedef struct SHA512state_st
> {
> SHA_LONG64 h[8];
> SHA_LONG64 Nl,Nh;
> union {
> SHA_LONG64 d[SHA_LBLOCK];
> unsigned char p[SHA512_CBLOCK];
> } u;
> unsigned int num,md_len;
> } SHA512_CTX;
>
> I tried considering SHA_LONG64 as unsigned long and #define U64(C)
> C##UL Then I started getting lot of warnings in file sha512.c
>
> Warning are of type:
> sha512.c:61: warning: large integer implicitly truncated to unsigned
> type
> sha512.c:114: warning: right shift count >= width of type
OpenSSL implementation of SHA384/SHA512 requires that SHA_LONG64 must be
defined as 64-bit type (sizeof(SHA_LONG64) must be 8).
You should find such type in compiler to get this work.
For example you may use uint64_t (if such type is defined).

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Warning in sha.h not able to use on HP-UX.

Marek.Marcola
In reply to this post by Bhat, Jayalakshmi Manjunath
Hello,
> First I would like to thank you very much.
> I just tested if I can use uint64_. I think I can use it. So Instead of
> unsigned long long can I use uint64_t?
Yes, sha512 requires unsigned 64-bit integer.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Attribute Certificate with OpenSSL?

Mouse-2
In reply to this post by Saurabh Arora-2
First - thank you!  At least it was something.

I went through the Web sit and the code distro itself.

Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.

So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
("official"?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Saurabh Arora
> Sent: Wednesday, September 13, 2006 17:58
> To: [hidden email]
> Subject: Re: Attribute Certificate with OpenSSL?
>
> On 9/14/06, Mouse <[hidden email]> wrote:
> > Did anybody use OpenSSL successfully for creating and processing
> > Attribute Certificates?
>
> very much .. chek dis link..  http://openpmi.sourceforge.net/
>
> > Is there any helpful HOWTO or TFM?
>
> download openssl distro(patched to support AC) frm d same link.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                          
> [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Attribute Certificate with OpenSSL?

Daniel Diaz Sanchez-2
Hello,

I developed a beta API code for OpenSSL that may help you. Find enclosed a
pdf document with the description. Tell me if you are interested or anybody
wants to help me to improve it. Take into account that is a very very beta
code.

Apart from that, Jose Antonio Montenegro and Javier Lopez from Malaga
University have been working on authorization for a very long time with very
good results. I think that OpenPMI is not an unmaintained project.

Try to contact the authors through

http://www.lcc.uma.es/LCC?-f=indexlang.lcc&-l=english


Regards,

Daniel

--
Daniel Diaz Sanchez
Telecommunication Engineer
Researcher / Teaching Assistant
 
Dep. Ing. Telemática
Universidad Carlos III de Madrid
Av. Universidad, 30
28911 Leganés (Madrid/Spain)
Tel: (+34) 91-624-8817, Fax: -8749
Web: www.it.uc3m.es/dds
web: http://www.it.uc3m.es/pervasive
Mail: dds[at].it.uc3m.es
Skype: dds.it.uc3m.es


-----Mensaje original-----
De: [hidden email] [mailto:[hidden email]]
En nombre de Mouse
Enviado el: jueves, 14 de septiembre de 2006 15:49
Para: [hidden email]
Asunto: RE: Attribute Certificate with OpenSSL?

First - thank you!  At least it was something.

I went through the Web sit and the code distro itself.

Web site shows how to use their command x509AT. Great.
There's no AT-related README though, no documentation, no edits or
patch-format changes. Thus hard to figure out the scope of changes involved.
The Web page states that it is beta code. References to Lopez and Montenegro
pages are dead. I.e. dead unmaintained project.

So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
Montenegro added? Is there an alternative distro supporting AT? Is there
("official"?) work going on on (cleanly :-) adding support for Attribute
Certs to OpenSSL?

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Saurabh Arora
> Sent: Wednesday, September 13, 2006 17:58
> To: [hidden email]
> Subject: Re: Attribute Certificate with OpenSSL?
>
> On 9/14/06, Mouse <[hidden email]> wrote:
> > Did anybody use OpenSSL successfully for creating and processing
> > Attribute Certificates?
>
> very much .. chek dis link..  http://openpmi.sourceforge.net/
>
> > Is there any helpful HOWTO or TFM?
>
> download openssl distro(patched to support AC) frm d same link.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                          
> [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Attribute Certificates APIs.pdf (33K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Attribute Certificate with OpenSSL?

Saurabh Arora-2
In reply to this post by Mouse-2
On 9/14/06, Mouse <[hidden email]> wrote:
> First - thank you!  At least it was something.
>
> I went through the Web sit and the code distro itself.
>
> Web site shows how to use their command x509AT. Great.
> There's no AT-related README though, no documentation, no edits or
> patch-format changes. Thus hard to figure out the scope of changes involved.

welcome to the world of openssl

> The Web page states that it is beta code. References to Lopez and Montenegro
> pages are dead. I.e. dead unmaintained project.

hmm.. workin in my browser

>
> So OpenSSL did not pick the Attribute Certificate extensions that Lopez and
> Montenegro added? Is there an alternative distro supporting AT? Is there
> ("official"?) work going on on (cleanly :-) adding support for Attribute
> Certs to OpenSSL?
>
this was d closest i came across..

i was to work on Attribute Certificate too but by then my job period
expired ( i wish i cud have), though i worked on X509 custom certs in
good detail and have written few HOWTO tutorials and articles on the
same. will ask my boss to upload for the community.

apart we can only request the community to keep contributing HowTo's ...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Attribute Certificate with OpenSSL?

Mouse-2
In reply to this post by Daniel Diaz Sanchez-2
Your API looks good - perhaps your code combined with x509AT from Univ. of
Malaga can provide the complete coverage?

And yes - I'd like to take a look at your code (assuming it's under GPL, or
OpenSSL license). I'll check with my bosses to see if they'd approve "more
active" participation.

Thank you!

Regards,
Uri

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Daniel
> Diaz Sanchez
> Sent: Thursday, September 14, 2006 10:00
> To: [hidden email]
> Subject: RE: Attribute Certificate with OpenSSL?
>
> Hello,
>
> I developed a beta API code for OpenSSL that may help you.
> Find enclosed a pdf document with the description. Tell me if
> you are interested or anybody wants to help me to improve it.
> Take into account that is a very very beta code.
>
> Apart from that, Jose Antonio Montenegro and Javier Lopez
> from Malaga University have been working on authorization for
> a very long time with very good results. I think that OpenPMI
> is not an unmaintained project.
>
> Try to contact the authors through
>
> http://www.lcc.uma.es/LCC?-f=indexlang.lcc&-l=english
>
>
> Regards,
>
> Daniel
>
> --
> Daniel Diaz Sanchez
> Telecommunication Engineer
> Researcher / Teaching Assistant
>  
> Dep. Ing. Telemática
> Universidad Carlos III de Madrid
> Av. Universidad, 30
> 28911 Leganés (Madrid/Spain)
> Tel: (+34) 91-624-8817, Fax: -8749
> Web: www.it.uc3m.es/dds
> web: http://www.it.uc3m.es/pervasive
> Mail: dds[at].it.uc3m.es
> Skype: dds.it.uc3m.es
>
>
> -----Mensaje original-----
> De: [hidden email]
> [mailto:[hidden email]]
> En nombre de Mouse
> Enviado el: jueves, 14 de septiembre de 2006 15:49
> Para: [hidden email]
> Asunto: RE: Attribute Certificate with OpenSSL?
>
> First - thank you!  At least it was something.
>
> I went through the Web sit and the code distro itself.
>
> Web site shows how to use their command x509AT. Great.
> There's no AT-related README though, no documentation, no
> edits or patch-format changes. Thus hard to figure out the
> scope of changes involved.
> The Web page states that it is beta code. References to Lopez
> and Montenegro pages are dead. I.e. dead unmaintained project.
>
> So OpenSSL did not pick the Attribute Certificate extensions
> that Lopez and Montenegro added? Is there an alternative
> distro supporting AT? Is there
> ("official"?) work going on on (cleanly :-) adding support
> for Attribute Certs to OpenSSL?
>
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Saurabh Arora
> > Sent: Wednesday, September 13, 2006 17:58
> > To: [hidden email]
> > Subject: Re: Attribute Certificate with OpenSSL?
> >
> > On 9/14/06, Mouse <[hidden email]> wrote:
> > > Did anybody use OpenSSL successfully for creating and processing
> > > Attribute Certificates?
> >
> > very much .. chek dis link..  http://openpmi.sourceforge.net/
> >
> > > Is there any helpful HOWTO or TFM?
> >
> > download openssl distro(patched to support AC) frm d same link.
> >
> ______________________________________________________________________
> > OpenSSL Project                                
> http://www.openssl.org
> > User Support Mailing List                    
> [hidden email]
> > Automated List Manager                          
> > [hidden email]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Need help with certs for Cisco "EasyVPN"

Ted Mittelstaedt
In reply to this post by John A. Kilpatrick
John,

  Please provide the openSSL invocations with complete command line options
you are using to generate the certificates.  I hope to God you aren't using
some
front end script to run openSSL or we won't ever get anywhere.

Ted

----- Original Message -----
From: "John A. Kilpatrick" <[hidden email]>
To: <[hidden email]>
Sent: Wednesday, September 13, 2006 10:03 AM
Subject: Need help with certs for Cisco "EasyVPN"


>
> I really could use some help and I'm hoping someone out there has done
> what I need to do before and can clue me in.
>
> All I am trying to do is use certificates with a VPN profile in the Cisco
> VPN client.  However any cert that I sign with OpenSSL is marked as an
> "RA" cert by the Cisco VPN client and not useable in a profile.  However
> the Microsoft CA software signs the same cert is acceptable to the client
> and the certificate signed by the Microsoft CA software is installed in
> the "Cisco" store and thus useable by the client.
>
> I tried making a new root certificate and manually setting the serial
> number to 1 (instead of zero due to that issue about Cisco not thinking
> zero is valid) but it didn't help.
>
> I am getting pretty frustrated since Cisco doesn't support OpenSSL and
> getting someone there with a clue has been fruitless.  If someone has been
> able to make this work (either generating the req yourself and signing it
> or signing a req generated by the client) please contact me - I could
> really use the help.  I can provide sample certs that work and don't work
> to see what the story is if that would help.
>
> Thanks,
> John
>
> --
>                                 John A. Kilpatrick
> [hidden email]                Email|     http://www.hypergeek.net/
> [hidden email]      Text pages|          ICQ: 19147504
>                   remember:  no obstacles/only challenges
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]