RE: International Client connecting to Domestic Server

2000-03-17 Thread David Ahrens 

It works! Thanks. 

-Original Message-
From: Wade L. Scholine [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 17, 2000 12:46 PM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: RE: International Client connecting to Domestic Server



You probably need to set up to create a temporary 512-bit RSA key. Look in
apps/s_server.c and grep for SSL_CTX_set_tmp_rsa_cb.

> -Original Message-
> From: Kenneth Brock [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 16, 2000 4:13 PM
> To: [EMAIL PROTECTED]
> Subject: International Client connecting to Domestic Server
> 
> 
> I have a Netscape client configured for Export strength encryption
> conencting to an
> Openssl server configured for Domestic encryption.  The Openssl
> certificate has
> a 1024 bit key pair.
> 
> The Netscape client drops the  connection with an error
> SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED.
> 
> The server generates a server key exchange message, but the Netscape
> client rejects
> it.  Does server's certificate need some specific extension to support
> an export client
> connecting to it.
> 
> -Dave Ahrens
> 
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager   [EMAIL PROTECTED]
> 
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

X509_NAME_get_index_by_OBJ return -1

2000-03-17 Thread Angus Lee 

Hi,

Does the following piece of code have any problem? I got i = 0 when I first 
run it yesterday night, but a couple minutes later when I run it again, i = 
-1. I passed the same thing to this function. I think it shouldn't gave 
different results, am I right?

bool is_user_accessible(unsigned char **cert, unsigned int cert_len, unsigned 
char *document_filename, unsigned int filename_len) {
  bool return_value = false;
  BIO *in = BIO_new(BIO_s_mem());
  BUF_MEM *bm = BUF_MEM_new();
  X509 *x = NULL;
  X509_NAME *name;
  ASN1_OBJECT *obj;
  int i, last;
  X509_NAME_ENTRY *ne;
  ASN1_STRING *common_name = NULL, *email = NULL;

  BIO_set_mem_buf(in, bm, 0);
  BIO_write(in, *cert, cert_len);
  if ((x = (X509 *)PEM_read_bio_X509(in, NULL, NULL, NULL)) != NULL) {
name = (X509_NAME *)X509_get_subject_name(x);
/* common name */
obj = OBJ_nid2obj(NID_commonName);
i = X509_NAME_get_index_by_OBJ(name, obj, last);
if (i >= 0) {
  ne = X509_NAME_get_entry(name, i);
  common_name = X509_NAME_ENTRY_get_data(ne);
}
/* more code follows */
  }

Angus Lee

---
Get Your Free Email at http://www.hknetmail.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]