SSL_load_error_strings hangs or throws exception
I have a problem where both the client and server go into the SSL_load_error_strings() function and both either throw an exception or hang. This is a loopback transfer and it only happens the first time after starting the application. All others attempts work fine. Does anyone have any idea what the problem is. Thanks, George
SSL_CTX_use_certificate_file
I am getting an error from SSL_CTX_use_certificate_file. I am getting 33558531 error:02001003:system library:fopen:No such process. Does anyone know what this means? Thanks George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_shutdown: do I need it?
I am running openssl on an NT machine. I am trying to transfer a file to an IBM mainframe which is using IBM's implementation of SSL. When I issue an SSL_shutdown the mainframe does not have the ability to send back the shutdown notification so the NT side hangs waiting for a response. Do I really need to do an SSL_shutdown? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how to create CRL with openssl?
How do you generate a CRL with the openssl tool? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how do you generate a CRL?
How do you generate a CRL with the openssl tool? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
multiple trusted authorities
How do I let my server accept certificates from multiple trusted authorities? Do I combine the certificates into one big file? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
tracing SSL_read() and SSL_write()
Is the callback function that I set with BIO_set_callback only called during the handshake? I would like to trace not only the verification but all SSL_read and SSL_write data that I send during a session. If the callback function is not called at these times how do you trace these calls? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
BIO_set_callback
Is the callback function that I set with BIO_set_callback only called during the handshake? I would like to trace not only the verification but all SSL_read and SSL_write data that I send during a session. If the callback function is not called at these times how do you trace these calls? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: unsupported certificate alert
Within the verify callback function X509_STORE_CTX_get_error(ctx) returns a 26 which is unsupported certificate purpose. The callback function than checks the verify depth. Since this is within the depth range the certificate is OK. What exactly does that error message mean and why is the certificate considered OK. Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
client continues after server fails
My server is doing client authentication. My client is also using verify peer. When the client attempts to connect it gets a certificate from the server and continues on. The server is not recieving a certificate from the client so it is failing. The client attempts to write to the server but the SSL_write fails because the server has failed. How can I stop the client before attempting to write to the server. Shouldn't the client fail on its connect if the handshake is not successful on both ends. Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: client continues after server fails
I am oring these two constants together in my call to SSL_CTX_set_verify(). It still doesn't prevent the client from continuing. Do you have any other suggestions? Thanks, George George, On the server side, in your call to SSL_CTX_set_verify(), you have two choices if you want to enable client authentication: 1) SSL_VERIFY_PEER, and 2) SSL_VERIFY_FAIL_IF_NO_PEER_CERT. The first politely asks the client if it will please authenticate, but the handshake will succeed even if the client doesn't authenticate. With the second option, the client must authenticate or the handshake fails. Are you perhaps using option #1? _ Greg Stark Ethentica, Inc. [EMAIL PROTECTED] _ - Original Message - From: George Lind [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 24, 2001 11:44 AM Subject: client continues after server fails My server is doing client authentication. My client is also using verify peer. When the client attempts to connect it gets a certificate from the server and continues on. The server is not recieving a certificate from the client so it is failing. The client attempts to write to the server but the SSL_write fails because the server has failed. How can I stop the client before attempting to write to the server. Shouldn't the client fail on its connect if the handshake is not successful on both ends. Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] [prev in list ?l=openssl-usersm=98813104427885w=2] [next in list ?l=openssl-usersm=98813225632063w=2] [prev in thread ?l=openssl-usersm=98812881919237w=2] [next in thread] Log in / Log out ?q=login About MARC ?q=about We're Hiring! http://theaimsgroup.com/index.cgi?AIMS_Employment Want to add a list? Tell us about it mailto:[EMAIL PROTECTED]?subject=Add a list to MARC. The AIMS Group http://www.theaimsgroup.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
PEM_read_X509 causes crash
I have written a server on NT that crashes when it gets to the PEM_read_X509 function. Here is a portion of the code: X509* pCert = NULL; FILE *fpCert = fopen(c:\\trustedCA.pem, r); PEM_read_X509(fpCert, pCert, NULL, NULL); Does anyone know what is wrong? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how to use SSL_CTX_use_certificate_chain_file
I can' t find any documentation on SSL_CTX_use_certificate_chain_file. Is this a server or client function? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
unexpected alert packet after shutdown
We have built an OPENSSL client. We seem to get through the authentication level, and we are sending data through SSL. After sending data through SSL, we execute the following function to close SSL: SSL_shutdown(ssl); The server receives the following alert: 1503 1643BABD A90D53A7 2735C24B C102364B DD2AE585 00E51C The server expected non-SSL data at this point. I could not analyze the alert because the format was not like I expected. I throught that alerts were in the following format: 15 Alert 0300Version 0016Length 43 alert Level BA alert description I thought that Alert level would be 01 or 02, and that Alert Description would be a documented value? Has anyone ever seen an alert like this? If so, how is it decoded? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how does server get client certificate?
What function calls does a server have to make if it wants the client to send its certificate? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
client SSL_connect error
I am running an SSL client on AIX and am getting the following error message on the SSL_connect: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded. Does anyone know what this means? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
client doesn't present certificate to server
I am running a server on NT. I am am using verify peer. The server is failing on the SSL_accept with an error message of "SSL3_GET_CLIENT_CERTIFICATE:no certificate returned". My SSL_accept is return a -1. The client is also using verify peer. Is the problem in my client or server? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
unsupported certificate type
I have written code to run as a server. I am using the SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL) function. When the client tries to connect it fails saying that the certificate is an unsupported type. Both the client and server have gotten test certificates from Thawte and have the same trusted authorities. I have tried creating new certificates which doesn't solve the problem. What could be causing this problem? Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
newbie question - creating CSR?
How do I create a CSR that I will use to get a certificate from www.thawte.com. Thanks, George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
setting handshake type
How do you set the handshake type? How do you specify if you are a client, a server, or a server that requires client authentication? Thanks George __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]