From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <82c890d00701090056g34428d74pf550de61680e043d@mail.gmail.com>
Date: Tue,  9 Jan 2007 09:56:31 +0100
From: "Gabriel Diaz" <gabidiaz@gmail.com>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu>
Subject: Re: [9fans] cert signing request
In-Reply-To: <82c890d00701090044u684ad3bfs78d2381dbca2523@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_98196_5729672.1168332991865"
References: <39355.66.222.64.178.1168312418.squirrel@66.222.64.178>
	<c4c6a896cd7aa54546029bf3de94654f@terzarima.net>
	<82c890d00701090044u684ad3bfs78d2381dbca2523@mail.gmail.com>
Topicbox-Message-UUID: ff75e930-ead1-11e9-9d60-3106f5b1d025

------=_Part_98196_5729672.1168332991865
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

hello

a quick look in /sys/src/libsec/port/x509.c shows

uchar*
X509req(RSApriv *priv, char *subj, int *certlen)
{
 /* RFC 2314, PKCS #10 Certification Request Syntax */

so it is done already, at least using the RSA lab way :)
(the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? )

slds.

gabi



On 1/9/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
>
> hello
>
> i think this doesn't work if you want to ask Verisign to sign your
> request, isn't it?, but i think libsec has almost all the code to build a
> request as in rfc2511 :-? am i wrong?
>
> slds.
>
> gabi
>
>
>
> On 1/9/07, Charles Forsyth <forsyth@terzarima.net> wrote:
> >
> > > As far as I know libsec still doesn't know how to write x509.
> >
> > rsa(8) has rsa2x509 and an example
> >          Generate a fresh key and use it to start a TLS-enabled web
> >          server:
> >
> >               auth/rsagen -t 'service=tls owner=*' >key
> >               auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key |
> >                    auth/pemencode CERTIFICATE >cert
> >               cat key >/mnt/factotum/ctl
> >               ip/httpd/httpd -c cert
> >
>
>

------=_Part_98196_5729672.1168332991865
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div>hello</div>
<div>&nbsp;</div>
<div>a quick look in /sys/src/libsec/port/x509.c shows </div>
<div>&nbsp;</div>
<div>uchar*<br>X509req(RSApriv *priv, char *subj, int *certlen)<br>{<br>&nbsp;/* RFC 2314, PKCS #10 Certification Request Syntax */</div>
<div>&nbsp;</div>
<div>so it is done already, at least using the RSA lab way :) </div>
<div>(the rfc2511 seems to be the Entrust/Verisign way of doing the same :-?&nbsp;)</div>
<div>&nbsp;</div>
<div>slds.</div>
<div>&nbsp;</div>
<div>gabi</div>
<div><br><br>&nbsp;</div>
<div><span class="gmail_quote">On 1/9/07, <b class="gmail_sendername">Gabriel Diaz</b> &lt;<a href="mailto:gabidiaz@gmail.com">gabidiaz@gmail.com</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>hello</div>
<div>&nbsp;</div>
<div>i think this doesn&#39;t work if you want to ask Verisign to sign your request, isn&#39;t it?, but i think libsec has almost all the code to build a request as in rfc2511 :-? am i wrong?</div>
<div>&nbsp;</div>
<div>slds.</div>
<div>&nbsp;</div>
<div>gabi</div>
<div><span class="e" id="q_110060781d11e144_1">
<div><br><br>&nbsp;</div>
<div><span class="gmail_quote">On 1/9/07, <b class="gmail_sendername">Charles Forsyth</b> &lt;<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:forsyth@terzarima.net" target="_blank">forsyth@terzarima.net
</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">&gt; As far as I know libsec still doesn&#39;t know how to write x509.<br><br>rsa(8) has rsa2x509 and an example
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Generate a fresh key and use it to start a TLS-enabled web<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; server:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth/rsagen -t &#39;service=tls owner=*&#39; &gt;key<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auth/rsa2x509 &#39;C=US CN=*.cs.bell-<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://labs.com/" target="_blank">
 labs.com</a>&#39; key |<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auth/pemencode CERTIFICATE &gt;cert<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cat key &gt;/mnt/factotum/ctl<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ip/httpd/httpd -c cert<br></blockquote></div><br></span></div></blockquote>
</div><br>

------=_Part_98196_5729672.1168332991865--