On 2006-02-13, at 23.42, Richard Eggert wrote:
It seems that it first tries to load the SSL module from
Crypt::SSLeay first, and if that fails, it then tries to load
IO::Socket::SSL, which, as far as I can tell, doesn't use
HTTPS_CA_FILE (but may provide another mechanism for
On Mon, Feb 13, 2006, Khai Doan wrote:
Can I have
subjectAltName = critical,DNS:*.hostname.com
What other things are possible here (DNS, IP, email, URI, etc) ?
Did you read the manual page I referenced:
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_
Thanks. That worked perfectly (well, actually, it failed, but that's what I
wanted to happen). Is there any way for me to tell within my code which SSL
has been loaded, or am I pretty much stuck having to both set the HTTPS_CA_FILE
variable as well as set the IO::Socket::SSL's default context
William A. Rowe, Jr. wrote:
TLSv1_server_methods() do not speak the crufty old SSLv2 garbage, you
can't connect to it using a multi-protocol handshake.
For maxiumum portability use SSLv23_server_methods()
On the client side it doesn't matter, if you want a TLSv1 connection
only, then by all
So why isn't there an SSLv3_TLSv1_server_methods()? At the moment,
TLS isn't enabled by default in most browsers (certainly not IE6,
except possibly on XPSP2), where SSLv3 is. I'd like to have the means
to have a TLS server that will fall back to SSLv3 if the client only
supports that protocol.
Perhaps I'm getting confused with what's reported.
I just noticed that SSLv3 gets reported even when I specify TLS methods
on the client and server. ie.
cipher spec=AES256-SHA SSLv3 Kx=RSA Au=RSA
Enc=AES(256) Mac=SHA1
Is this really SSLv3 or is it TLS?
Kyle Hamilton
A while back I posted asking if it was possible to generate
shorter than normal digital signatures with OpenSSL. The
response I got was that signatures as short as I was talking
about (192 bits or less) would be insecure. I'm just now back to
working on this, so I'd like to ask again -
On Tue, Feb 14, 2006 at 12:04:58PM -0800, Bob Mearns wrote:
In my application there's a tradeoff between
sig length and security and in some instances a short sig
length, at the risk of some insecurity, will be the right answer.
Who is the signer and who is the verifier. Can the signer and
Um... sorry, please disregard the parent message.
The application which I am adding the SSL support to insists on
periodically sending a 0-byte buffer and apparently SSL_write() doesn't
like being called with 0 bytes to send. I'd still call it a bug in
OpenSSL (since error code is set
From: Dr. Stephen Henson [EMAIL PROTECTED]
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: Wildcard ssl certificate using subjectAltName
Date: Tue, 14 Feb 2006 13:38:33 +0100
On Mon, Feb 13, 2006, Khai Doan wrote:
Can I have
subjectAltName =
On Tue, Feb 14, 2006, Khai Doan wrote:
I read the manual page you referenced, but RFC seems to mention dNSName,
and when I try it
subjectAltName = critical,dNSName:*.domain.com
openssl give me error, so I am confused.
The RFC says dNSName, this is the same as DNS in OpenSSL.
On Tue, Feb 14, 2006 at 10:37:09PM +0100, Dr. Stephen Henson wrote:
On Tue, Feb 14, 2006, Khai Doan wrote:
I read the manual page you referenced, but RFC seems to mention dNSName,
and when I try it
subjectAltName = critical,dNSName:*.domain.com
openssl give me error, so I
In my application there's a tradeoff between
sig length and security and in some instances a short sig
length, at the risk of some insecurity, will be the right answer.
Who is the signer and who is the verifier. Can the signer and verifier
engage in an on-line protocol? Are you signing
On Tue, Feb 14, 2006 at 02:50:19PM -0800, Bob Mearns wrote:
Sorry - more details: This isn't a comm aplication - it amounts to
authentication of application data files. The signer is an utility which
exists solely in a vendor's environment. The verifier is an application
that exists in a
Bob Mearns wrote:
...
DSA, with its 320-bit sigs, is out for this application. I've played
with RSA a bit, but I run into problems with the digest being too
long when using RSA keys shorter than 384 bits. I thought I'd read
that the RSA signature should be the same length as the number of bits
Hi,
I am trying to compile OpenSSL V0.9.8a.
Visual Studio 2005 has several functions deprecated
(read,write,fileno).
I have replaced the deprecated function with the new one( read()-_read() )
Anything is working fine with one exception kbhit().
I've got the following 'error' codes:
Victor Duchovni wrote:
On Tue, Feb 14, 2006 at 02:50:19PM -0800, Bob Mearns wrote:
Sorry - more details: This isn't a comm aplication - it amounts to
authentication of application data files. The signer is an utility which
exists solely in a vendor's environment. The verifier is an
On Tue, Feb 14, 2006, Bob Mearns wrote:
Sorry - more details: This isn't a comm aplication - it amounts to
authentication of application data files. The signer is an utility which
exists solely in a vendor's environment. The verifier is an application
that exists in a consumer
You really should use the _name functions in portable code.. _ is reserved and typically implies non-portable, platform specific code.. On 2/14/06,
Daniel Maag [EMAIL PROTECTED] wrote:
Hi,I am trying to compile OpenSSL V0.9.8a.Visual Studio 2005 hasseveral functions
Daniel Maag wrote:
Hi,
I am trying to compile OpenSSL V0.9.8a.
Visual Studio 2005 has several functions deprecated
(read,write,fileno).
Honestly, I don't believe that OpenSSL should waste cycles to support any
compiler that deliberate moves away from posix. Fairly certain it's MS's
goal
20 matches
Mail list logo