From owner-freebsd-current Fri May 5 21: 2:57 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id BE3EB37B9DA; Fri, 5 May 2000 21:02:54 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id VAA28790; Fri, 5 May 2000 21:02:54 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 5 May 2000 21:02:54 -0700 (PDT) From: Kris Kennaway To: Forrest Aldrich Cc: Steve Price , current@FreeBSD.ORG Subject: Re: RSA decrypt problems In-Reply-To: <20000505235447.H13732@drama.navipath.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 5 May 2000, Forrest Aldrich wrote: > Okay, I just did, using MS Explorer 5 and it worked with no problems. > So, this is related to Netscape-4.72. But is it a bug on their part, > or something else? I'm suspecting it might be something missing in the ASN.1 encoding of the certificate, which netscape requires but IE permits. This would be consistent with a missing openssl.cnf file at the time of certificate generation. Could one of you try copying the openssl.cnf file from crypto/openssl/apps/ to /etc/ssl (editing as appropriate) and see if that fixes it (i.e. make a new certificate and test it in the same way)? Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message