On 06/01/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
Are you opening the file in binary mode?
Of course, not...
It's hard to get used to develop under windows.
Szabi
__
OpenSSL Project
Hi!
Does it copy everything from the DER format? I'm asking because I
don't know if I can
free the data read from file after parsing with d2i_PKCS7().
Szabi
__
OpenSSL Project
On Tue, Jan 10, 2006, Szabolcs Berecz wrote:
Hi!
Does it copy everything from the DER format? I'm asking because I
don't know if I can
free the data read from file after parsing with d2i_PKCS7().
Yes it copies everything: there are no internal pointers to the DER data so
you can safely
Hi all,
Im testing an SSL server with s_client.
I want to implement client authentication.
The problem is even if I include the
certificate and key file in my client call, SSL_get_peer_certificate()
returns NULL
I tried the following calls,
a) S_client -connect ip:port
b) s_client -connect
Bernhard Froehlich wrote:
If you could detail your intended use it may be clearer for me why you
want to do that.
Remember that it's very easy to do wrong things in cryptographic
applications, so I'm always a bit suspicious if someone has a non
standard use... ;)
Actually, I do not use
Dear All,
We are actually testing SSL, need some
particulars scenarios which where OpenSSL have not taken care of and which are
not suggest in OpenSSL.
Any help in this regard is highly
valuable.
Thanks
raman
my last mail seem to be lost somewhere..
Hi all,
Im testing an SSL server with s_client.
I want to implement client authentication.
The problem is even if I include the
certificate and key file in my client call, SSL_get_peer_certificate()
returns NULL
I tried the following calls,
a)
my last mail seem to be lost somewhere..
I got it!
Hi all,
Im testing an SSL server with s_client. I want to implement
client authentication.
The problem is even if I include the certificate and key file
in my client call, SSL_get_peer_certificate()
returns NULL
I tried
Emmanuel Lepavec wrote:
Bernhard Froehlich wrote:
If you could detail your intended use it may be clearer for me why you
want to do that.
Remember that it's very easy to do wrong things in cryptographic
applications, so I'm always a bit suspicious if someone has a non
standard use... ;)
Can anyone tell me how to disable id and pw checking
when entering a specific web site. I'd like to turn
it completely off.
Thanks,
Chuck
Mark wrote:
my last mail seem to be lost somewhere..
I got it!
Hi all,
Im testing an SSL server with s_client. I want to implement
client
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can I drop in the latest
version of Apache 1.3 and
On Tue, Jan 10, 2006, Emmanuel Lepavec wrote:
For this, I do not need any security countermeasure. So, if there is a
way to disable checks that requires the public key, please tell! ;-)
I've done a quick check setting rsa-e to NULL in rsautl and it seems to work
just fine: the security
hi ..
now i created a CA and a certificate
signed by it.
my client call is now,
s_client -connect ip:port
-cert clientcert.pem -key clientPrivKey.pem -CAfile cakey.pem
still no development
can someone look into this issue please...?
Mark [EMAIL PROTECTED]
Sent by:
[EMAIL
You don't want to specify the CA's private key as the argument for -CAfile,
you need to specify the CA certificate for that.
Also an indication of the errors you get would help ...
D.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Samy Thiyagarajan
Dan Peacock wrote:
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can I drop in the latest
Samy Thiyagarajan wrote:
hi ..
now i created a CA and a certificate signed by it.
my client call is now,
s_client -connect ip:port -cert clientcert.pem -key
clientPrivKey.pem -CAfile cakey.pem
still no development
can someone look into this issue please...?
The CAfile for tjhe
Thanks for ur response..
the error messages of client and server
are follows..
client :
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca:s3_pkt.c:1052:SSL alert number 48
server:
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned : s3_srvr.c:2015
Bernhard Froehlich wrote:
Dan Peacock wrote:
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can
On Tue, Jan 10, 2006, Krishna M Singh wrote:
Also when we use SSLv2 only this works fine.. Only with SSLv23 the
handshake fails. Any ideas or pointers how to proceed further wud be of
great help..
Seems it doesn't support TLS and messes up SSLv3 when the client indicates it
supports TLS.
I will do that (post on OpenSA/Apache). Thanks folks. :)
On 1/10/06, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
Bernhard Froehlich wrote:
Dan Peacock wrote:
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to
A new cert req and private key were created with the following command
using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
$openssl req -newkey rsa:2048 -keyout new-server-key.pem -out new-req.pem
Now, trying to remove the passphrase from the private key:
$ openssl rsa -in new-server-key.pem -out
This is an Apache query, not an OpenSSL query. Please ask on the
apache-users mailing list.
-Kyle
On 1/10/06, Chuck Aaron [EMAIL PROTECTED] wrote:
Can anyone tell me how to disable id and pw checking
when entering a specific web site. I'd like to turn
it completely off.
Thanks,
Chuck
On Tue, Jan 10, 2006, Dominique Brezinski wrote:
A new cert req and private key were created with the following command
using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
$openssl req -newkey rsa:2048 -keyout new-server-key.pem -out new-req.pem
Now, trying to remove the passphrase from the
On 1/10/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Tue, Jan 10, 2006, Dominique Brezinski wrote:
A new cert req and private key were created with the following command
using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
$openssl req -newkey rsa:2048 -keyout new-server-key.pem -out
On Tue, Jan 10, 2006, Dominique Brezinski wrote:
The error I listed is distinctly different than if I enter an
incorrect passphrase. Example of bad passphrase:
$ openssl rsa -in new-server-key.pem -out server-key.pem
Enter pass phrase for new-server-key.pem:
unable to load Private Key
Hi all,
sorry that I
send the same e-mail again but I did't find any answer to my last
one.
We
have the case that openssl can not handle
long serial numbers.
Inower case we
have this Serail Nr. 9a 38 74 00 00 00 00 25 be
but
OpenSSL 0.9.7e
25 Oct 2004print this:
openssl x509 -infile
26 matches
Mail list logo