search for: keyusage

...ul than I could hope, but >>comparing several of them, applying common sense, and trying things >>out, I arrived at a dead-end. Here's essentially what happened: >> >>- None of the HOW-TOs were very clear about the need to add some >>attributes to a certificate, keyUsage and extendedKeyUsage. They >>had different values for server and client. OpenSSL documentation >>was a big vague on how to add them, but I think I did - the print >>out of the entity certificates showed the values. The attempt to >>connect failed. The client log is b...

...asy. The HOW-TO guides were less helpful than I could hope, but comparing several of them, applying common sense, and trying things out, I arrived at a dead-end. Here's essentially what happened: - None of the HOW-TOs were very clear about the need to add some attributes to a certificate, keyUsage and extendedKeyUsage. They had different values for server and client. OpenSSL documentation was a big vague on how to add them, but I think I did - the print out of the entity certificates showed the values. The attempt to connect failed. The client log is below. I think it's complain...

...were less helpful than I could hope, but > comparing several of them, applying common sense, and trying things > out, I arrived at a dead-end. Here's essentially what happened: > > - None of the HOW-TOs were very clear about the need to add some attributes > to a certificate, keyUsage and extendedKeyUsage. They had different values > for server and client. OpenSSL documentation was a big vague on how to add > them, but I think I did - the print out of the entity certificates showed the > values. The attempt to connect failed. The client log is below. I think &g...

...SL certs result in "TLS handshaking: SSL_accept() syscall failed: Connection reset by peer" errors *if the certificate granted is not granted for client use*. For servers, I normally generate SSL certificates specifically for servers: [ server_ca_extensions ] basicConstraints = CA:false keyUsage = keyEncipherment extendedKeyUsage = 1.3.6.1.5.5.7.3.1 If you just do that, then the SSL certificate doesn't work in dovecot (it will work fine in Apache, or Postfix etc etc). You also need the certificate to be valide for client side work: [ client_and_server_ca_extensions ] basicConstraints...

Hi, I followed the TLS/SRTP tutorial on the wiki [0] using Asterisk 11.8.1 on CentOS 6.5 x86_64 and CSipSimple on a Nexus with Android 4.4.x local wifi. The phone seems to register but directly after that things fall apart (turning SELinux off made no difference): *CLI> -- Registered SIP 'encrypted' at 10.0.0.137:58079 > Saved useragent

...aring several of >> > them, applying common sense, and trying things out, I arrived at a >> > dead-end. Here's essentially what happened: >> > >> > - None of the HOW-TOs were very clear about the need to add some >> > attributes to a certificate, keyUsage and extendedKeyUsage. They had >> > different values for server and client. OpenSSL documentation was a big >> > vague on how to add them, but I think I did - the print out of the entity >> > certificates showed the values. The attempt to connect failed. The >&...

...splay/AST/Secure+Calling+Tutorial", but no luck. I googled around the issue and found solution mentioned by Patrick ( https://www.mail-archive.com/asterisk-users at lists.digium.com/msg274038.html) Did anyone has tried this solution and found it is working? I tried to create certificates with keyUsage/extendedKeyUsage, but it is not working. I have one more query - When the SIP user agents are able to register successfully with TLS, why more handshake is required while making a call? Can't Asterisk use existing TLS connection with Leg B to forward INVITE request? Could anyone please educate...

...client side authentication. If my memory serves right, beta8 had no problems with it (although it was some time ago and on different machine). Similar setup works perfectly well for postfix (for authentication that is, on the same machine). Originally I thought I overdid some certificate settings (keyUsage, nsCertType, etc.), so for the sake of testing I've simplified the setup to bare minimum - 1 simple selfsigned root certificate, another 1 for dovecot, and the last one for the user. Unfortunately, the results were the same. Configuration: OpenBSD 3.9 (stable branch), i386, no nfs or afs (onl...

...CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA] basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN keyUsage=$ENV::CERTUSAGE [x509v3_IPAddr] subjectAltName=IP:$ENV::CERTIP [x509v3_DNSName] subjectAltName=DNS:$ENV::CERTDNS EOF $ CERTDNS=myipaddr; export CERTDNS $ openssl req -new -key /etc/ssh_host_rsa_key -out HOSTKEY.csr $ openssl x509 -req -days 365 -in HOSTKEY.csr -CA ca.crt \ -CAkey ca.key -CAcreate...

...DTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY) defaultHidingValue: FALSE showInAdvancedViewOnly: TRUE systemOnly: FALSE systemFlags: 16 instanceType: 4 subClassOf: top systemPossSuperiors: container systemMustContain: 1.2.840.113556.1.4.2315 systemMayContain: msDS-KeyMaterial systemMayContain: msDS-KeyUsage systemMayContain: msDS-KeyPrincipal systemMayContain: msDS-DeviceDN systemMayContain: msDS-ComputerSID systemMayContain: msDS-CustomKeyInformation systemMayContain: msDS-KeyApproximateLastLogonTimeStamp Exception: (1, 'operations error at ../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:67...

...dvancedViewOnly: TRUE >> systemOnly: FALSE >> systemFlags: 16 >> instanceType: 4 >> subClassOf: top >> systemPossSuperiors: container >> systemMustContain: 1.2.840.113556.1.4.2315 >> systemMayContain: msDS-KeyMaterial >> systemMayContain: msDS-KeyUsage >> systemMayContain: msDS-KeyPrincipal >> systemMayContain: msDS-DeviceDN >> systemMayContain: msDS-ComputerSID >> systemMayContain: msDS-CustomKeyInformation >> systemMayContain: msDS-KeyApproximateLastLogonTimeStamp >> >> Exception: (1, 'operati...

...Value: FALSE showInAdvancedViewOnly: > > > TRUE systemOnly: FALSE systemFlags: 16 instanceType: 4 > > > subClassOf: top systemPossSuperiors: container systemMustContain: > > > 1.2.840.113556.1.4.2315 systemMayContain: msDS-KeyMaterial > > > systemMayContain: msDS-KeyUsage systemMayContain: msDS- > > > KeyPrincipal systemMayContain: msDS-DeviceDN systemMayContain: > > > msDS-ComputerSID systemMayContain: msDS-CustomKeyInformation > > > systemMayContain: msDS-KeyApproximateLastLogonTimeStamp > > > Exception: (1, 'operations err...

...dvancedViewOnly: >> > > TRUE systemOnly: FALSE systemFlags: 16 instanceType: 4 >> > > subClassOf: top systemPossSuperiors: container systemMustContain: >> > > 1.2.840.113556.1.4.2315 systemMayContain: msDS-KeyMaterial >> > > systemMayContain: msDS-KeyUsage systemMayContain: msDS- >> > > KeyPrincipal systemMayContain: msDS-DeviceDN systemMayContain: >> > > msDS-ComputerSID systemMayContain: msDS-CustomKeyInformation >> > > systemMayContain: msDS-KeyApproximateLastLogonTimeStamp >> > > Exception: (1,...

...> TRUE systemOnly: FALSE systemFlags: > > > 16 instanceType: 4 > > subClassOf: top systemPossSuperiors: > > > container systemMustContain: > > 1.2.840.113556.1.4.2315 > > > systemMayContain: msDS-KeyMaterial > > systemMayContain: msDS- > > > KeyUsage systemMayContain: msDS- > > KeyPrincipal > > > systemMayContain: msDS-DeviceDN systemMayContain: > > msDS- > > > ComputerSID systemMayContain: msDS-CustomKeyInformation > > > > > systemMayContain: msDS-KeyApproximateLastLogonTimeStamp > > > >...

Folks I would like to have my windows 7 laptop communicate with my home server via a VPN, in such a way that it appears to be "inside" my home network. It should not only let me appear to be at home for any external query, but also let me access my computers inside my home. I already have this working using M$'s PPTP using my home Centos 6 gateway/router as the PoPToP server.

...;key, scheme, inData, inDataSize, -- *outData, outDataSize)) { -+ *outData, &outDataSize)) { - tpm_free(*outData); - return TPM_DECRYPT_ERROR; - } - /* verify data if it is of type TPM_BOUND_DATA */ - if (key->encScheme == TPM_ES_RSAESOAEP_SHA1_MGF1 - || key->keyUsage != TPM_KEY_LEGACY) { -- if (*outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { -+ if (outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { - tpm_free(*outData); - return TPM_DECRYPT_ERROR; - } -- *outDataSize -=...