Re: engine's performance (what's wrong?)

2003-01-28 Thread Geoff Thorpe
* Aleix Conchillo Flaque ([EMAIL PROTECTED]) wrote: > hi again, > > as i said yesterday i'm doing some tests with cryptographic hardware (in > my case nCipher's). > > now that i have loaded the engine, i'm getting real strange results. the > same test with hardware enabled is much slower than the

Engine Overview

2003-01-28 Thread James Dabbs
We're specifying (nominally) a SOHO-class accelerator to work with OpenSSL/X86 Linux in an embedded product. We're trying to guess at the development path with the fewest risks/landmines first, and the lowest unit cost second. To this end, I have a few question, 1. Is there a resource summarizin

engine's performance (what's wrong?)

2003-01-28 Thread Aleix Conchillo Flaque
hi again, as i said yesterday i'm doing some tests with cryptographic hardware (in my case nCipher's). now that i have loaded the engine, i'm getting real strange results. the same test with hardware enabled is much slower than the software version. it is really weird, because the "openssl speed

Re: Queries on SubjAltName

2003-01-28 Thread Mark H. Wood
On Tue, 28 Jan 2003, Kiyoshi WATANABE wrote: > > > Any pointers on how to generate certificates using SubjAltName extension. > > > > > > > As with all extensions doc/openssl.txt > > Many people including me are asking the similar questions. Do you > think that it is a good idea to mention about thi

Re: renegotiation in 0.9.7

2003-01-28 Thread Bodo Moeller
On Mon, Jan 27, 2003 at 03:21:45PM -, Nigel Spowage wrote: > okay, so the proper way to renegotiate a connection is : > > 1 - call SSL_renegotiate() > 2 - call SSL_do_handshake() > 3 - wait for either > 3a- SSL_renegotiate_pending() to return 0, or > 3b- an acceptable amount of time (which

Re: enabling engines (solved)

2003-01-28 Thread Aleix Conchillo Flaque
Aleix Conchillo Flaque <[EMAIL PROTECTED]> writes: > > ENGINE* > setup(char const* engine) > { > if (::ENGINE_by_id(engine) == NULL) > { > return NULL; > } > > ENGINE* e = ::ENGINE_by_id("dynamic"); > if (e) > { > if

Re: Client authentication

2003-01-28 Thread Lutz Jaenicke
On Tue, Jan 28, 2003 at 11:38:25AM +0530, Chandrasekhar R S wrote: > In my server program, I use SSL_CTX_set_verity(ctx, SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0) to mandate that client cert should be > present. > If present, I use SSL_get_peer_certificate(ssl) to retrieve the client c

Rep:Client authentication

2003-01-28 Thread Jean Pierre Cognasse
Hi, Did you give the location of your trusted CA certificates using SSL_CTX_load_verify_locations( ...) ? It's problably not the problem but you did not talk about that... Best regards, Jipé -Message d'origine- De: "Chandrasekhar R S" <[EMAIL PROTECTED]> A: <[EMAIL PROTECTED]> Date: