RE: client authentication status

2021-09-01 Thread Zeke Evans
Thanks for the explanation. I figured I was headed down a dead end. This will at least help me figure out how to handle things appropriately. Zeke Evans

Re: client authentication status

2021-09-01 Thread Matt Caswell
On 01/09/2021 16:36, Zeke Evans wrote: Is there any way to check the status of client authentication sent in a TLS 1.3 handshake after SSL_connect returns?  With TLS 1.2 SSL_connect seems to always capture the status and return an error code if it failed but not TLS 1.3.  I haven’t been

Re: client authentication status

2021-09-01 Thread Benjamin Kaduk via openssl-users
On Wed, Sep 01, 2021 at 03:36:36PM +, Zeke Evans wrote: > Hi, > > Is there any way to check the status of client authentication sent in a TLS > 1.3 handshake after SSL_connect returns? With TLS 1.2 SSL_connect seems to > always capture the status and return an error code i

client authentication status

2021-09-01 Thread Zeke Evans
Hi, Is there any way to check the status of client authentication sent in a TLS 1.3 handshake after SSL_connect returns? With TLS 1.2 SSL_connect seems to always capture the status and return an error code if it failed but not TLS 1.3. I haven't been able to find a good way to do this

Re: TLS with Client Authentication using private key from Windows store

2020-11-24 Thread Jan Just Keijser
Hi Ferenc, On 23/11/20 13:03, Ferenc Gerlits via openssl-users wrote: Hi, I am trying to use openssl to implement a client-side TLS connection with Client Authentication on Windows, using a non-exportable private key stored in the Windows Certificate Store.  Currently, our code can use a

TLS with Client Authentication using private key from Windows store

2020-11-23 Thread Ferenc Gerlits via openssl-users
Hi, I am trying to use openssl to implement a client-side TLS connection with Client Authentication on Windows, using a non-exportable private key stored in the Windows Certificate Store. Currently, our code can use a private key stored in a local file, and if the key in the Windows store was

[openssl-users] Key Usage and Extended Key Usage certificate extension values should be required in client authentication

2018-02-04 Thread Indunil Rathnayake
Hi all, Anyone knows in client authentication, what are the Key Usage and Extended Key Usage purposes we should validate? As per the specification in [1]: - "Extended Key Usage" is not necessary and which is configured in addition to or in place of the basic purposes indicated

Re: [openssl-users] Client authentication certificate verification

2017-08-22 Thread Sudarshan Raghavan
I understand that the trusted store must include Intermediate CA 1 or remove Intermediate CA 2 and just have the Root CA in it. I was trying things out to understand how client authentication works. Regards, Sudarshan On Tue, Aug 22, 2017 at 10:37 AM, Sudarshan Raghavan < sudarshan.t.ra

[openssl-users] Client authentication certificate verification

2017-08-22 Thread Sudarshan Raghavan
sl 1.1.0f. This client authentication attempt is flagged as failed by OpenSSL. When I enable the X509_V_FLAG_PARTIAL_CHAIN flag, it passes. I was trying to understand why the partial chain flag is needed when the verification chain from Leaf to Root CA can be constructed using both the chain sent by the

[openssl-users] Openssl-1.0.1e RSA 8k is getting fail for client authentication while doing Normal Handshake

2016-09-15 Thread Gupta, Saurabh
Commands Used: x86_server: openssl s_server -cert sercert8192.pem -key serverkey8192 -Verify CAcert.pem x86_client: openssl s_client -cert clientcert8192.pem -key clientkey8192 -connect : -cipher AES128-SHA - Error log: x86( Server): verify error:unable to verify the first certificate x86 (Clie

Re: Similar issuer dn mod_ssl client authentication issue

2013-05-29 Thread Michele Mase'
Dear openssl group, could you solve this issue regarding mod_ssl? Michele Masè On Thu, May 23, 2013 at 10:11 AM, Michele Mase' wrote: > Okay, openssl works, but mod_ssl doesn't. > Is this a real problem? > Instead try hacking mod_ssl code ... > Could I ask for a bug/improvement so that mod_ssl co

Re: Similar issuer dn mod_ssl client authentication issue

2013-05-23 Thread Michele Mase'
Okay, openssl works, but mod_ssl doesn't. Is this a real problem? Instead try hacking mod_ssl code ... Could I ask for a bug/improvement so that mod_ssl could finally work? Michele MAsè On Thu, May 23, 2013 at 1:22 AM, Dave Thompson wrote: > >From: owner-openssl-us...@openssl.org On Behalf Of M

RE: Similar issuer dn mod_ssl client authentication issue

2013-05-22 Thread Dave Thompson
>From: owner-openssl-us...@openssl.org On Behalf Of Michele Mase' >Sent: Tuesday, 21 May, 2013 04:16 I was wrong! >"Does it work with client=Firefox using client certs under both CAs? >I would expect at least one to fail. Note that s_server -verify >doesn't *require* client cert, it only *allows

Re: Similar issuer dn mod_ssl client authentication issue

2013-05-21 Thread Michele Mase'
"If these are the roots you attached -- with names that differ only in case of one letter -- they should have gotten the same hashvalue (with suffixes .0 and .1); did they?" yes "Does it work with client=Firefox using client certs under both CAs? I would expect at least one to fail. Note that s_se

RE: Similar issuer dn mod_ssl client authentication issue

2013-05-17 Thread Dave Thompson
>From: owner-openssl-us...@openssl.org On Behalf Of Michele Mase' >Sent: Friday, 17 May, 2013 10:04 >What I did: >openssl: >Commandline for the openssl s_server (sorry for my typo) >before starting www server: >c_rehash /some/path #where I've put 2 pem encoded CA's certificates If these

Re: Similar issuer dn mod_ssl client authentication issue

2013-05-17 Thread Michele Mase'
Michele Masè On Wed, May 15, 2013 at 2:28 AM, Dave Thompson wrote: > >From: owner-openssl-us...@openssl.org On Behalf Of Michele Mase' > >Sent: Monday, 13 May, 2013 05:33 > > >I'm testing a client authentication using [Apache with 1.0.0-fips] > >I have

RE: Similar issuer dn mod_ssl client authentication issue

2013-05-14 Thread Dave Thompson
>From: owner-openssl-us...@openssl.org On Behalf Of Michele Mase' >Sent: Monday, 13 May, 2013 05:33 >I'm testing a client authentication using [Apache with 1.0.0-fips] >I have 2 CA's x509 pem files, bundled. >CA1 signs client1 certificate files >CA2 signs client2

Similar issuer dn mod_ssl client authentication issue

2013-05-13 Thread Michele Mase'
I'm testing a client authentication using: SSLCACertificateFile /path/to/pemfile.pem SSLVerifyClient require SSLVerifyDepth 2 /LocationMatch> My env: CentOS 6.4, OpenSSL 1.0.0-fips 29 Mar 2010, Server version: Apache/2.4.3 (Unix) - Server built: Feb 7 2013 14:32:46

Re: TLS 1.2 client authentication

2012-10-01 Thread Dr. Stephen Henson
On Mon, Oct 01, 2012, Thulasi wrote: > Hello all, > > I've a problem with TLS 1.2 client authentication where client has 512-bit > RSA key and certificate and signature hash is of sha512. > This is reproducible with openssl-1.0.1c and many prior versions which >

client authentication between OpenSSL and .NET SSLStream

2011-04-06 Thread Roy Jackson
I have an existing server application in QNX using OpenSSL 0.9.8m. With a client application in Windows 7 using .NET 4 SSLStreams. I've generated my own certificates using openssl for server and client. Everything is working as it did before the modifications. I'm using extended fields into the

Re: Will OpenSSL support DTLS client authentication using ECDH certificate?

2010-10-10 Thread Justin Lai
found a comment in the code that > For now, we do not support client authentication using ECDH > certificates. > Will OpenSSL add support for DTLS client authentication using ECDH > certificate? > Also does anyone know why my DTLS EC server authentication failed? > > TLS EC Serv

Will OpenSSL support DTLS client authentication using ECDH certificate?

2010-10-10 Thread daniel.warren
authentication using ECDH certificates. Will OpenSSL add support for DTLS client authentication using ECDH certificate? Also does anyone know why my DTLS EC server authentication failed? TLS EC Server Authentication openssl s_server -accept 9001 -cert certs/secp256r1TestServer.pem -key private

Re: "Unable to configure verify locations for client authentication"

2010-08-12 Thread aerowolf
ertificate configured [Hint: SSLCertificateFile] And with SSLCertificateFile and SSLCertificateChainFile set I still have the same issue that some browsers report: The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) In Firefox, but Ch

Re: "Unable to configure verify locations for client authentication"

2010-08-12 Thread Bill Moseley
nown_issuer) In Firefox, but Chrome accepts it fine. Again, I am not using client authentication. Thanks, -- Bill Moseley mose...@hank.org

Re: "Unable to configure verify locations for client authentication"

2010-08-12 Thread aerowolf
a simple test case). Thus, please *only* place the certificates that are necessary to chain up to a presumably-known-to-the-client CA. If you are not using client authentication, then you don't need any CAs set up for Client Verification. If you are, you need to set up a separate

"Unable to configure verify locations for client authentication"

2010-08-12 Thread Bill Moseley
, but apache reports: [error] Unable to configure verify locations for client authentication If I comment out that directive in httpd.conf the server starts fine and the site works ok for some newer browsers but older browsers (including FF3.6.8) report that the CA is unknown. Searching Google for

Error with client authentication from OpenSSL 0.9.8l

2010-05-14 Thread koichi sugimoto
Dear sirs, I have a trouble with OpenSSL with Apache web server. With client authentication, web browsers cannot connect to web server. Apache log file of logs/erro_log shows as follows: [Fri May 14 11:45:05 2010] [info] [client 192.168.220.169] Connection to child 1 established (server

Re: client authentication and tokens.

2010-03-19 Thread John R Pierce
Peter Gubis wrote: On 13. 3. 2010 0:37, John R Pierce wrote: our security auditors yanked the token out, and the client continues to work, .. you'll probably need to listen for token removal event and destroy this ssl session after that. It is working for us in this way. Session should be r

Re: client authentication and tokens.

2010-03-19 Thread Peter Gubis
On 13. 3. 2010 0:37, John R Pierce wrote: > we have a client-server application pair (ok, the server side is > tomcat), the client is using an Aladdin eToken w/ openssl and > engine_pkcs11 and aladdin's driver. thats all fine and working now. > the client application has long running persistenc

client authentication and tokens.

2010-03-12 Thread John R Pierce
we have a client-server application pair (ok, the server side is tomcat), the client is using an Aladdin eToken w/ openssl and engine_pkcs11 and aladdin's driver. thats all fine and working now. the client application has long running persistence, eg, once its running, it stays up for days/

Re: Client-Authentication using Crypt::SSLeay

2009-01-14 Thread Olaf Gellert
Hi all, there was a little cut-n-paste error in my previous mail, I forgot one line in the script. The error remains the same... Olaf Gellert wrote: > $file=$ENV{HTTPS_PKCS12_FILE}; $pass=$ENV{HTTPS_PKCS12_PASSWORD}; > $ctx->use_pkcs12_file($file ,$pass) || die("failed to load $file: $!"); Chee

Client-Authentication using Crypt::SSLeay

2009-01-14 Thread Olaf Gellert
I am trying to open an SSL connection with Client Authentication using Crypt::SSLeay. What works fine is specifying environment variables HTTPS_CERT_FILE and HTTPS_KEY_FILE. Unfortunately the keyfile has to be unencrypted (there seems to be no no password mechanism for HTTPS_KEY_FILE). When I

Client Authentication Certificates

2008-11-27 Thread Mauricio Aniche
Hi all, I am trying to get the client authentication working in my embedded application. The SSL implementation in my device is a openssl porting. The server application does not implement SSL, so I am using the stunnel. When I set the verify level to 2 (which the server should ask for the

Re: How to create a CRT certificate for client authentication

2008-06-04 Thread Patrick Patterson
Hi there; On June 3, 2008 11:37:19 am staggerwing wrote: > Hello, > > I have installed OpenSSL on Windows and I want to create a CRT certificate > for client authentication purposes. I want specific clients to > authenticate against a Windows 2003 web server. > > Windows 2

How to create a CRT certificate for client authentication

2008-06-04 Thread staggerwing
Hello, I have installed OpenSSL on Windows and I want to create a CRT certificate for client authentication purposes. I want specific clients to authenticate against a Windows 2003 web server. Windows 2003 CA does not allow me to create a CRT certificate but only CER. The customer is using an

Re: Client authentication using Certificate chain.

2008-03-13 Thread kalyan janakiram
Hi Ma'm, I am a faculty in an Engg. College, AP. I need to teach my students abt OpenSSL. Can u help me with appropriate material and simple C programs to work on Windows. regards, kalyan On 3/13/08, Bhat, Jayalakshmi Manjunath <[EMAIL PROTECTED]> wrote: > > Hi A

Client authentication using Certificate chain.

2008-03-13 Thread Bhat, Jayalakshmi Manjunath
Hi All, If client authentication requested by the server, is it MUST to send the certificate chain along with client certificate? Does RFC mandates sending certificate chain? Regards Jaya __ OpenSSL Project

s_server with client authentication strange behaviour

2008-01-09 Thread Koza
Hi! I have found that when I run openssl s_server with client authentication: ./openssl s_server -accept 443 -cert m.cer -key mkey.pem -no_dhe -www -CAfile ca.cer -tls1 -verify 1 & and then without -verify 1, I see that transmission time are the same (I use Ethereal). How can it be expla

NEVER MIND - Re: Can't get PKI Client Authentication Enforcement to work

2007-12-10 Thread Joseph Felten
security rules. Thanks in advance. > > [Fri Dec 07 19:11:40 2007] [info] Loading certificate & private key of > SSL-aware > server > [Fri Dec 07 19:11:40 2007] [debug] ssl_engine_pphrase.c(481): encrypted RSA > private key - pass phrase reused > [Fri Dec 07 19:11:41 2007] [inf

Follow up - Re: Can't get PKI Client Authentication Enforcement to work

2007-12-10 Thread Joseph Felten
l_engine_pphrase.c(481): encrypted RSA > private key - pass phrase reused > [Fri Dec 07 19:11:41 2007] [info] Configuring server for SSL protocol > [Fri Dec 07 19:11:41 2007] [debug] ssl_engine_init.c(405): Creating new SSL > context (protocols: SSLv3, TLSv1) > [Fri Dec 07 19:11:41 2007] [de

Can't get PKI Client Authentication Enforcement to work

2007-12-10 Thread Joseph Felten
2007] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv3, TLSv1) [Fri Dec 07 19:11:41 2007] [debug] ssl_engine_init.c(538): Configuring client authentication [Fri Dec 07 19:11:41 2007] [debug] ssl_engine_init.c(1113): CA certificate: /C=US/O=USG/OU=DD/OU=PKI/CN=DD CLAS

Re: SSL based client authentication

2007-02-28 Thread Goetz Babin-Ebell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Snuggles wrote: > Hi, Hello Snuggles, > I'm writing my own webserver and I want it to be able to do SSL based client > authentication. It can already do HTTPS, but when I try to do the SSL based > client authentication, the connectio

SSL based client authentication

2007-02-28 Thread Snuggles
Hi, I'm writing my own webserver and I want it to be able to do SSL based client authentication. It can already do HTTPS, but when I try to do the SSL based client authentication, the connection gets dropped. I use the following routine to bind a SSL socket. SSL_CTX *ssl_binding(char *ke

SSL based client authentication

2007-02-07 Thread Snuggles
Hi, I'm writing my own webserver and I want it to be able to do SSL based client authentication. It can already do HTTPS, but when I try to do the SSL based client authentication, the connection gets dropped. I use the following routine to bind a SSL socket. SSL_CTX *ssl_binding(char *ke

Re: Problems with s_client - client-authentication on command line

2006-10-24 Thread Marek Marcola
Hello, > I'm trying to automate a test against a server with client authentication. > I created a self signed certificate, put it into the servers key database and > imported it into a browsers key store (e.g. M$IE cert store). Everything's > fine > - I'm able

Problems with s_client - client-authentication on command line

2006-10-23 Thread Sebastian
Hi all, I'm trying to automate a test against a server with client authentication. I created a self signed certificate, put it into the servers key database and imported it into a browsers key store (e.g. M$IE cert store). Everything's fine - I'm able to sign on against the serve

client authentication - error message included

2006-01-10 Thread Samy Thiyagarajan
Thanks  for ur response.. the error messages of client and server are follows.. client : error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number 48 server: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate  returned : s3_srvr.c:2015

Re: problem in client authentication -no luck

2006-01-10 Thread Peter Sylvester
Samy Thiyagarajan wrote: hi .. now i created a CA and a certificate signed by it. my client call is now, s_client -connect ip:port -cert clientcert.pem -key clientPrivKey.pem -CAfile cakey.pem still no development can someone look into this issue please...? The CAfile for tjhe openss

RE: problem in client authentication -no luck

2006-01-10 Thread David C. Partridge
iyagarajan Sent: 10 January 2006 14:53 To: openssl-users@openssl.org Subject: problem in client authentication -no luck hi .. now i created a CA and a certificate signed by it. my client call is now, s_client -connect ip:port -cert clientcert.pem -key clientPrivKey.pem -CAfile cakey.pem

problem in client authentication -no luck

2006-01-10 Thread Samy Thiyagarajan
ED]> Sent by: [EMAIL PROTECTED] 10.01.2006 14:12 Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: problem in client authentication Classification > my last mail seem to be lost somewhere.. I got it! > Hi all, > > I

RE: problem in client authentication

2006-01-10 Thread Mark
> my last mail seem to be lost somewhere.. I got it! > Hi all, > > Im testing an SSL server with s_client. I want to implement > client authentication. > > The problem is even if I include the certificate and key file > in my client call, SSL_get_peer_certi

problem in client authentication

2006-01-10 Thread Samy Thiyagarajan
my last mail seem to be lost somewhere.. Hi all, Im testing an SSL server with s_client. I  want to implement  client authentication. The problem is even if I include the certificate and key file in my client call, SSL_get_peer_certificate() returns NULL I tried the following calls, a

problem in client authentication

2006-01-10 Thread Samy Thiyagarajan
Hi all, Im testing an SSL server with s_client. I  want to implement  client authentication. The problem is even if I include the certificate and key file in my client call, SSL_get_peer_certificate() returns NULL I tried the following calls, a) S_client -connect ip:port   b) s_client

RE: Enable Client Authentication using [ Openssl s_server ]

2005-12-08 Thread Gayathri Sundar
PROTECTED] Behalf Of am0ykam0te (sent by Nabble.com) Sent: Thursday, December 08, 2005 10:42 AM To: openssl-users@openssl.org Subject: Enable Client Authentication using [ Openssl s_server ] I am currently testing the ssl client i developed. I need to test it when it connects to a server which

Enable Client Authentication using [ Openssl s_server ]

2005-12-07 Thread am0ykam0te (sent by Nabble.com)
I am currently testing the ssl client i developed. I need to test it when it connects to a server which requires client authentication. However i do not know how to enable it in openssl's command line server (s_server). How do i enable client authentication in openssl s_server? Sent fro

Enable Client Authentication using [ Openssl s_server ]

2005-12-07 Thread am0ykam0te (sent by Nabble.com)
I am currently testing the ssl client i developed. I need to test it when it connects to a server which requires client authentication. However i do not know how to enable it in openssl's command line server (s_server). How do i enable client authentication in openssl s_server? Sent fro

Re: client authentication

2005-09-22 Thread Bernhard Froehlich
Frans Gunawan wrote: Hello, How to test client auth with the "openssl s_server" and "openssl s_client" to show that the authentication is using the client auth. Thank you, Frans Quoted from s_server-manpage (http://www.openssl.org/docs/apps/s_server.html): * **-verify depth*, *-Verify

client authentication

2005-09-22 Thread Frans Gunawan
Hello,How to test client auth with the "openssl s_server" and "openssl s_client"to show that the authentication is using the client auth.   Thank you,Frans  

Re: Client authentication problem

2005-07-14 Thread Gayathri Sundar
Hey can you try setting verify depth to Zero and not pointing to any CA cert i.e SSLCACertificatePath pointing to null? Thanks --Gayathri > Hi Again., > > This is what I found from the "log" file you sent..is this pointing to the > same CA cert "itcilo-ca.crt, I put it in ssl.crt" ? > > debug] ss

Re: Client authentication problem

2005-07-14 Thread Gayathri Sundar
Hi Again., This is what I found from the "log" file you sent..is this pointing to the same CA cert "itcilo-ca.crt, I put it in ssl.crt" ? debug] ssl_engine_init.c(1112): CA certificate: /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] [Wed Jul 13 11:48:34 2005] [debug] ssl

Re: Client authentication problem

2005-07-13 Thread Gayathri Sundar
Hi. Have you imported the CA of the client cert on the server side? A verify depth of 1 has been set, which could mean that the client cert is self signed? Can you set it to some higher value and try? Also can you check whether the option "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"? It looks to me a defini

Re: Client authentication problem

2005-07-13 Thread Gaël Lams
> The above indicates that. Make sure client cert > processing is done correctly on the server side. If it > is a program failure, then you need to get the > programmer to debug the program. > Thank you for your answer. I'm not sure what you intend with "program failure": the pages served by th

Re: Client authentication problem

2005-07-12 Thread Lincoln
Looks to me that client authentication failed. And this is most likely due to client cert processing on the server side: [notice] child pid 9192 exit signal Segmentation fault (11) The above indicates that. Make sure client cert processing is done correctly on the server side. If it is a

Client authentication problem

2005-07-12 Thread Gaël Lams
Hi all, I'm trying to configure client authentication for one of my sites (SuSe 9.0, apache 2.0.48, openssl-0.9.7b-133 distribution's rpm). You will find below the steps I'm following, the problem I have is that, when I go to the page, it first asks me to accept the server's c

Re: Client Authentication

2005-04-18 Thread Joseph Bruni
On the Mac, you'll load your client certificate into your users' keychains. On Windows, you'll load it into the certificate store. In either case, simply having the user double-click on the certificate file will launch the appropriate tool. On Apr 18, 2005, at 9:17 PM, [EMAIL PROTECTED] wrote:

Re: Client Authentication

2005-04-18 Thread [EMAIL PROTECTED]
Hi Apart from Mac clients I also windows users. Regards and Thanks Mahesh S Kudva __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org

Re: Client Authentication

2005-04-18 Thread Joseph Bruni
ide. If someone requests for the site, the first check should be made using the certificates. If the certificate is not present in the clients machine, the "Access denied" page must pop up. The questions is how do I do client authentication Requesting your assistance. Regards & Thanks ==

Client Authentication

2005-04-18 Thread [EMAIL PROTECTED]
the site, the first check should be made using the certificates. If the certificate is not present in the clients machine, the "Access denied" page must pop up. The questions is how do I do client authentication Requesting your assistance. Regards & Thanks

Problem in Client authentication

2005-02-14 Thread Manu Narang
Hi, I am creating a webservice in C++ using gSOAP 2.6.2 with OpenSSL-v0.9.7e. Client authentication is enabled. The first request works and command executes successfully, but the second request(and subsequent) fails with the following errors Client side SOAP FAULT: SOAP-ENV:Client

Re: Client Authentication and Private Key

2005-01-18 Thread Ken Goldman
Intuitively, you have to know that the client needs it's private key for something. Since the public key certificate is public, it alone can't prove that the client is you. Anyone can send your certificate to a server, right? In practice, the server walks the certificate chain, which proves that

Re: Client Authentication and Private Key

2005-01-18 Thread Chris Covell
As I understand it, the client signs data sent from the server in order to authenticate itself. Therefore yes it does need its private key. On Tue, 18 Jan 2005 11:17:01 +, Shaun Lipscombe <[EMAIL PROTECTED]> wrote: > > If the client sends the server its certificate (public key) and the > ser

SSL Client Authentication using p12 File

2004-09-24 Thread Kushal Shah
HI, I have a p12 file that I need to use for authenticating myself as a client to access a secured site. I am talking about Trans Union site. Has anyone done anything in this area ? How can this be done. Regards, Kushal. __ OpenSSL

IE5 client authentication

2004-06-30 Thread Alexis Lefort
Hi all, Is it possible for a Windows client using IE5.0 to authenticate itself in order to connect to a SSL server? My server works fine with many clients, but not with this one... The great tool ssldump dumps that: 18 5 0.1324 (0.0295) C>SV3.0(273) Handshake Certificate ClientKeyExc

[C/C++] Client authentication not working

2004-06-14 Thread mail
2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2010". Running a server with the openssl command line tool gets the certificate from my client so the mistake ought to be in the server`s code. Any ideas? Or, even better, some example code of an working client authentication. btw: Im usi

Re: Client Authentication with Openssl - Apache - errror -12227

2004-02-24 Thread Bo Boe
Oeps there we do have some kind of a problem the response to: openssl s_client -connect www.bliek.org:443 -prexit Looks like: CONNECTED(0003) depth=0 /C=UK/ST=MyTown/L=Mylocation/O=mydomain.com/OU=Security/CN=www.mydomain.com/[EMAIL PROTECTED] verify error:num=18:self signed certificate veri

Re: Client Authentication with Openssl - Apache - errror -12227

2004-02-24 Thread Dr. Stephen Henson
On Tue, Feb 24, 2004, Bo Boe wrote: > My mozilla browser (version 1.6) returns the error. > When I install the client certificate in iexplorer > (version 6.0) I get a pop-up window asking me to > select a client certificate from an empty list. > > By the way I just tried to make the certificates

Re: Client Authentication with Openssl - Apache - errror -12227

2004-02-24 Thread Bo Boe
My mozilla browser (version 1.6) returns the error. When I install the client certificate in iexplorer (version 6.0) I get a pop-up window asking me to select a client certificate from an empty list. By the way I just tried to make the certificates as explained in the ssl cookbook on http://www.p

RE: Client Authentication with Openssl - Apache - errror -12227

2004-02-24 Thread Schoneman, Mark
[mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 6:17 AM To: [EMAIL PROTECTED] Subject: Client Authentication with Openssl - Apache - errror -12227   I am trying to set-up a web-server which can only be accessed if the client has a valid & trusted ssl certificate.   When

Re: Client Authentication with IIS 5.0

2003-10-22 Thread Bernhard Froehlich
ES-SE wrote: [...] Hi Ted, thanx for your answer, but that doesn`t be the problem. If I uninstall the root certificate of verisign, I also kann connect and IE presents the verisign client certificate. My own root certificate, with which I signed the client certificate is valid till 2010 and instal

Re: Long - Some questions about SSL, Client Authentication...

2003-09-05 Thread Dr. Stephen Henson
cert? > >From what I've read in the SSL protocol doc, it doesn't appear that the > server sends the browser a list of "valid" CAs, so how or why does IE > "know" not to list the GlobalSign client cert? > It does send the client a list of CAs it consid

RE: Long - Some questions about SSL, Client Authentication...

2003-09-05 Thread Bart J. Smit
... -Original Message- From: Ohaya [mailto:[EMAIL PROTECTED] Sent: 05 September 2003 01:26 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Long - Some questions about SSL, Client Authentication... Hi, I'm new here, and have been "experimenting" with SSL and client authentication a

Re: [OpenSC-devel] ssl client authentication

2003-08-04 Thread Nils Larsch
es generated during the connection attempt. > i'm using opensc-20030701 snapshot and openssl-0.9.7b. As the OpenSC padding code has been changed recently please try a more recent OpenSC snapshot. Note: I've succe

ssl client authentication

2003-08-04 Thread David Mattes
hi, i'm trying to use OpenSSL s_client with OpenSC PKCS#15 engine. the engine works for operations such as key generation and PKCS#1 signatures. i've modified the s_client code to be able to use a private key on the smartcard via the OpenSC engine. i'm running into some problems with comput

Re: Client authentication

2003-01-28 Thread Lutz Jaenicke
On Tue, Jan 28, 2003 at 11:38:25AM +0530, Chandrasekhar R S wrote: > In my server program, I use SSL_CTX_set_verity(ctx, SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0) to mandate that client cert should be > present. > If present, I use SSL_get_peer_certificate(ssl) to retrieve the client c

Client authentication

2003-01-27 Thread Chandrasekhar R S
I am to authenticate a client using his certificate. In my server program, I use SSL_CTX_set_verity(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0) to mandate that client cert should be present. If present, I use SSL_get_peer_certificate(ssl) to retrieve the client cert. In my client pr

Unable to configure verify locations for client authentication

2002-12-02 Thread Vangara, Vijay
I have configured all the SSL parameters and when i start the Apache, i am getting "Unable to configure verify locations for client authentication".   PS: I am using opensa.   Thanks and have a nice time.   Vijay Vangara (SeeBeyond Consultant) Misys Healthcare Systems Ph: (512

Problem with client authentication , apache 2 mod_ssl and java client

2002-09-24 Thread Reddy.Thirumal
Hi All, I have problem with client authentication. I have setup my CA using openssl , created server certificate and client certificate both signed by the CA. I have converted the client certificate to P12 format, imported this into IE6 and ssl communication was successful from Internet explorer

Re: Difference in client authentication between sample OpenSSL server and IIS5.

2002-05-28 Thread Lutz Jaenicke
On Tue, May 28, 2002 at 02:59:50PM +0200, Sharon Hezy wrote: > I'm trying to connect https site on IIS server using my applicative OpenSSL > client; > the site is defined as "require SSL channel" and "accept client > certificate". It means that I > have to call the site using SSL, but I don't ha

Difference in client authentication between sample OpenSSL server and IIS5.

2002-05-28 Thread Sharon Hezy
Hi to all.   I’m using 0.9.6.a-engine version (I don’t think that it will matter here), and I have following problem: I’m trying to connect https site on IIS server using my applicative OpenSSL client; the site is defined as “require SSL channel” and “accept client certificate”. It mea

client authentication errors

2002-02-27 Thread Otto, Steffen
Hi, I'm using apache 1.13.9 with mod_ssl 0.9.6 at SuSE Linux 7.2. The client authentication I configured between MSIE 6.0 or Netscape 4.77 as browsers and the apache server works - but also fails. It denies the user from protected sites (those sites that the client authentication is confi

Re: Client Authentication Problem

2001-09-27 Thread Götz Babin-Ebell
Eric Rescorla wrote: > > Götz Babin-Ebell <[EMAIL PROTECTED]> writes: > > And how gets he the connection IP-Address <-> FQDN ? > > ->He uses DNS. > I think you need to reread his message since that's not > what he says. Hm: client authentication.

Re: Client Authentication Problem

2001-09-26 Thread David Schwartz
On Wed, 26 Sep 2001 15:21:09 -0700, Michael Sierchio wrote: >David Schwartz wrote: >> Sufficient for what? I may not want to send my credit card >>information to anyone who has a Verisign certificate, but I might be >>willing to send it to someone who has a Verisign certificate for >>'www.

Re: Client Authentication Problem

2001-09-26 Thread Michael Sierchio
David Schwartz wrote: > Sufficient for what? I may not want to send my credit card information to > anyone who has a Verisign certificate, but I might be willing to send it to > someone who has a Verisign certificate for 'www.amazon.com' or has that > listed as one of the alternate names.

Re: Client Authentication Problem

2001-09-26 Thread Götz Babin-Ebell
Don Zick wrote: Hello Don, > I'm not actually using DNS at all. For the application I'm working with > the TLS clients and servers must be statically configured with a Fully > Qualified Domain Name. I match up the statically configured FQDN for a > client with the DNS name from the client's ce

Re: Client Authentication Problem

2001-09-26 Thread David Schwartz
On Wed, 26 Sep 2001 09:43:02 -0700, Michael Sierchio wrote: >Don Zick wrote: >> I have recently started using OpenSSL. (I have found the "SSL and TLS" >>book by Eric Rescorla to be invaluable.) I am having a problem with >>client authentication. After a succ

Re: Client Authentication Problem

2001-09-26 Thread Eric Rescorla
Götz Babin-Ebell <[EMAIL PROTECTED]> writes: > And how gets he the connection IP-Address <-> FQDN ? > ->He uses DNS. I think you need to reread his message since that's not what he says. > If he wants to allow user XYZ presenting certificate C_XYZ to > do some things, all he has to do is look in

Re: Client Authentication Problem

2001-09-26 Thread Eric Rescorla
Michael Sierchio <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > There are a number of situations where one wishes to authenticate > > clients based on their DNS names: > > > > (1) SMTP/TLS. > > (2) Secure remote backup. > > > > In such cases the clients often (though not always) have

Re: Client Authentication Problem

2001-09-26 Thread Götz Babin-Ebell
Eric Rescorla wrote: > > Götz Babin-Ebell <[EMAIL PROTECTED]> writes: > > > [1 ] > > Don Zick wrote: > > > > Hello Don, > > > > > I'm not actually using DNS at all. For the application I'm working with > > > the TLS clients and servers must be statically configured with a Fully > > > Qualified

Re: Client Authentication Problem

2001-09-26 Thread Michael Sierchio
Eric Rescorla wrote: > There are a number of situations where one wishes to authenticate > clients based on their DNS names: > > (1) SMTP/TLS. > (2) Secure remote backup. > > In such cases the clients often (though not always) have fixed IPs. Well, I'll be happy when IPv6 is ubiquitous (coming

Re: SSL_connect() on client authentication?

2001-09-11 Thread Victor Ivanov
On Mon, Sep 10, 2001 at 04:20:10PM -0700, Henry Yip wrote: > Hi All, > > I have 2 questions. > > 1) > I'm trying to do client authentication from a Server using > PureTLS. On the server side, I call: > socket.sendClose() > socket.close() > wh

  1   2   >