I agree. It would be useful on the client side.
PP
--- Sergio Gelato <Sergio.Gelato(a)astro.su.se> wrote:
> Vasil Dimov wrote:
>
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >On Tue, Jun 21, 2005 at 10:29:37PM -0700, Peter
> Pentes wrote:
> >
> >
> >>Sorry, what I am referring to here is actually the
> >>passphrase for the private keys, and how Stunnel
> does
> >>not support encrypted private keys.
> >>
> >>
> >
> >This would be useless. How do you expect the
> passphrase for the
> >encrypted private key to be obtained at stunnel
> startup?
> >
> >
> By prompting the user, or by reading it from a
> configuration file.
>
> On the client side, prompting the user isn't
> necessarily bad or even
> difficult.
>
> I'll grant you that on the server side, or for
> unattended client-side
> operation, there is little (if any) actual security
> benefit from using a
> non-null passphrase and storing it in a separate
> file; however, some
> software (e.g., Java) does work that way, and I
> don't see any harm in
> having that possibility. There may also be some
> non-security benefits:
> I've seen at least one CA policy that requires
> private keys to be stored
> encrypted while not active, and if you want to
> comply with the letter
> of such a policy you may have to use a non-null
> passphrase.
>
____________________________________________________
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football
http://football.fantasysports.yahoo.com
Hi all,
I'm looking at building a small GUI app (possibly in VB6) on a Windows
platform for generating certificates using OpenSSL. How can I do this? The
command-line call to the openssl EXE does not seem to take things such as
the Common Name, Organizational Unit, etc as parameters.
Any help would be appreciated.
Thanks in advance.
Paul
_________________________________________________________________
SEEK: Over 80,000 jobs across all industries at Australia's #1 job site.
http://ninemsn.seek.com.au?hotmail
Hello Michal, thank you for your excellent software!
I have a little suggestion: Could you include release files' MD5 and
SHA hash codes or your pgp signature in the release announcement? That
should be more reliable, should it?
--
Regards
Lu Wei
Hi,
Does anybody know if stunnel would work under QNX4?
Or has anybody seen a port to QNX4? I downloaded the
sources but I haven't been able to compile them.
Thank you
____________________________________________________
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football
http://football.fantasysports.yahoo.com
I use stunnel for testing and compare results with our products. I made a
script to monitor the number of threads and memory per process, now it
always show 1 thread.
On Fri, 17 Jun 2005 23:55:57 +0300, Michal Trojnara
<Michal.Trojnara(a)mirt.net> wrote:
>> Now it's ok, but I want the pthreads back :)
>
> Why?
>
> Mike
--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
eh..I've missed that, it looks like a workaroud.
Now it's ok, but I want the pthreads back :)
On Fri, 17 Jun 2005 22:02:05 +0300, Michal Trojnara
<Michal.Trojnara(a)mirt.net> wrote:
> Did you try this one:
> http://stunnel.mirt.net/pipermail/stunnel-users/2005-June/000532.html
> ?
>
> Best regards,
> Mike
Hi,
I'm using stunnel with Sun Calendar on a Windows 2003 server.
Everything works well until I'v move Sun Calendar on an other server.
Now, when I go to my Sun Calendar, I need to refresh the page after having accepted the certificat.
You can see the problem here => https://frodon.atnweb.com
I'm using
stunnel 4.10
libeay32.dll and libssl.dll version 0.9.7.3 (from openssl.org)
My conf file looks like this:
-------------------------------
key = E:\stunnel\stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 3
output = E:\stunnel\stunnel.log
[https]
accept = 443
connect = 80
TIMEOUTclose = 0
--------------------------------
If someone can see where is the problem, I will be pleased to know the answer :)
Thanks,
Regards,
Michaël CHANUDET
atn groupe sa
2 allée des Mitaillères - 38240 Meylan - France
Tél. : +33 (0)4.76.41.17.17 - Fax : +33 (0)4.76.41.05.45
www.atngroupe.fr
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a reply to
http://stunnel.mirt.net/pipermail/stunnel-users/2005-June/000541.html
but it has nothing to do with oritignal subject, so I send it
separately.
CVS version of the FreeBSD port of stunnel can be found at:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/stunnel/
the files/ subdir contains some changes to the original source.
Some of them are FreeBSD specific and need only be applied on FreeBSD,
but some are not.
Changes to client.c are related to execvp problems.
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/stunnel/files/patch-sr…
can be useful.
Changes to common.h are a hack to make it possible for the user to
choose ucontext/pthread/fork model at compile time. Log message can be
found at:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/stunnel/files/patch-sr…
It was invented as a workaround to the ucontext-problems, but is a good
feature anyway.
I think it will be great if someday we can use ./configure options like
- --with-ucontext, --with-pthread, --with-fork, instead of using this
ugly hack :)
Regards,
Vasil
-----BEGIN PGP SIGNATURE-----
iD8DBQFCsQ7pFw6SP/bBpCARAo3wAKDbu0lXx0+LMW31dksb4S8M74PukQCgwmwx
KH0/Ohi+GtUwBSbYv8RkLsg=
=wzW2
-----END PGP SIGNATURE-----
