how to enable debug mode of openssl
I am using openssl in arm embedded platform. I want to support https, so it will use openssl. But I have encouterd some problem. The application aborted for some unknown reason. I tried to trace the problem and found the it aborted on call "PEM_read_bio_X509" (ssl_rsa.c). And I can't trace deep more. So is there any way to enable debug mode of openssl so that I can trace more deeply to find out the problem? Thanks. Elven _ 一点即聊,MSN推出新功能“点我!” http://im.live.cn/click/
Re: Year 2038 problem
To those interested in the year 2038 issues I've just added some experimental code to HEAD (which will be OpenSSL 0.9.9). This should make sensible things happen when longer expiry dates are used during certificate creation. Let me know of any issues. At some point this could be backported. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Client Certificates
> From: [EMAIL PROTECTED] On Behalf Of Felix Ingram > Sent: Saturday, 04 October, 2008 10:27 > 2008/10/4 Dave Thompson <[EMAIL PROTECTED]>: > > The actual failure is the alert 48 "unknown ca" from the server. > > Apparently it doesn't like the cert (or chain) s_client is sending, > > but the protocol doesn't provide any (standard) way for it to explain. > > If they have logs on the server, and you can reach someone who knows > > about them, ask them to look at the time of your failed attempt(s) > > and see if it has any more specific or descriptive information. > > Is it usual for the client to have to provide the signing > certificates? I would have thought that the server would have them > when certificates are being used for authentication. > Well, it depends on whether the CA uses intermediate certs (and keys), and if so, whether the server operators decide to (pre)configure them. According to X.509 principles, it is sufficient to have the root(s); SSL, and openssl library, supports sending the chain if/as needed. But as I noted s_client apparently doesn't; remember that most of the command-line 'apps' are intended to be basic tools to do things that you don't have a more complete, specific application for. > I believe there is an intermediate certificate but I have every reason > to believe that the server will have a copy... > It looks like I need to find the Verisign certificate from in IE. > You might also look at the .pfx data they gave you. IF the people who created it coordinated with (or are the same as!) the people who control the server, it would have been logical for them to include in the 'bag' any/all intermediate cert(s) needed to use your cert. Unless you converted foryou.pfx to your.pem with -clcerts (or edited it), you should be able to look through your.pem and see if there's a certificate block preceded by a subject=imedCAname which matches (exactly) issuer= for the cert with subject=yourname. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
help regarding random numbers in openssl
Hi all, In openssl code which part actually handles catching of the random numbers exchanged during the handshake? Regards, Prashanth..
RE: how to run gdb in openssl
gdb is a debugger. it is not clear from reading your note why you are trying to debug the openssl command line module. if what you are trying to do is understand why the client is unable to make the connection to ipaddress:4433; try using the -debug option. ex: openssl s_client -connect ipaddress:4433 -debug HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of prashanth s joshi Sent: Tuesday, October 07, 2008 11:43 AM To: openssl-users@openssl.org Subject: Fwd: how to run gdb in openssl Hi all, Could anyone please tell me how to run the gdb in openssl? In gdb I am running the command as path_of_bin/bin/openssl s_client -connect ipaddress:4433. But i get the error as: Undefined command: "". Try "help". why is it so? How do i ensure that the gdb runs correclty? Regards, Prashanth -- Forwarded message -- From: prashanth s joshi <[EMAIL PROTECTED]> Date: Tue, Oct 7, 2008 at 6:52 PM Subject: how to run gdb in openssl To: openssl-users@openssl.org Hi all, could anyone please tell me how to run the gdb in openssl? Regards, Prashanth
Fwd: how to run gdb in openssl
Hi all, Could anyone please tell me how to run the gdb in openssl? In gdb I am running the command as path_of_bin/bin/openssl s_client -connect ipaddress:4433. But i get the error as: Undefined command: "". Try "help". why is it so? How do i ensure that the gdb runs correclty? Regards, Prashanth -- Forwarded message -- From: prashanth s joshi <[EMAIL PROTECTED]> Date: Tue, Oct 7, 2008 at 6:52 PM Subject: how to run gdb in openssl To: openssl-users@openssl.org Hi all, could anyone please tell me how to run the gdb in openssl? Regards, Prashanth
how to run gdb in openssl
Hi all, could anyone please tell me how to run the gdb in openssl? Regards, Prashanth
Problem Regarding of CA certification peer verification..
Dear All; Thank you all of you for your support. When I called SSL_CTX_load_verify_locations() and SSL_CTX_set_verify() to verify the peer certificate but I got fetal error unkown certificate authority. Please let me know what is reason behind it. But I have CA certificate, client certificate and keys. I set properly.Please tell me how to debug it? What is reason behind it. Thank you. Regards, --Ajeet Kumar Singh <>
