ng from the above
doc. Thanks for pointing it out. I will give it a shot.
Is there any documentation available for '--extSAN' parameter? Mr.
Google did not find any helpful resource.
Thanks again,
Bernhard
Am 7/14/14 8:11 PM, schrieb Kai Engert:
On Mon, 2014-07-14 at 10:47 +020
rs (used for 'native LDAP') often use IP
instead of FQDN in the SAN extension of the server cert an it's not too
nice to use 'openssl' to get this.
I've seen bug 396255, which suggests there was so intention to support it.
TIA,
Bernhard
--
Painstaking Minds
I
...
It seems the client does this because it fears to run into
'BAD_CERT_DOMAIN' error in case SubjectAltName extensions are not
correctly set.
Regards,
Bernhard
Am 7/2/14 7:29 PM, schrieb Ryan Sleevi:
On Wed, July 2, 2014 6:09 am, Bernhard Thalmayr wrote:
Hi experts,
AIN' error should/will be
raised.
Regards,
Bernhard
Am 7/2/14 7:29 PM, schrieb Ryan Sleevi:
On Wed, July 2, 2014 6:09 am, Bernhard Thalmayr wrote:
Hi experts, is there a specification which NSS follows when performing
certificate check during the SSL handshake (especially with regard
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699
bernhard.thalm...@painstakingminds.com - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr
This e
.
I already searched bugzilla, but did not find a related issue yet.
Unfortunatley I'm not too familiar with C, looking at 'error.c' does
this mean 'header' is null?
Thanks again,
Bernhard
Am 6/26/13 11:08 PM, schrieb John Dennis:
On 06/26/2013 04:59 PM, Bernh
/lib64/libssl3.so
#16 0x7f61d61b886b in smi::Connection::sendData(char const*,
unsigned long) () from /opt/apache22_agent/lib/libamapc22.so
Would it help to load the debug version of the libs?
TIA,
Bernhard
--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen
Thanks for the detail Ryan, sorry for not checking beforehand.
Am 10/29/12 5:16 PM, schrieb Ryan Sleevi:
On Mon, October 29, 2012 9:04 am, Bernhard Thalmayr wrote:
Thanks for the details Ryan.
With NSS 3.12.X there seemed to be ''
but with NSS 3.13.x the follwing error
12 4:45 PM, schrieb Ryan Sleevi:
On Mon, October 29, 2012 8:32 am, Bernhard Thalmayr wrote:
Hi all,
sorry for this post, but I was not able to find the releasenotes for NSS
version 3.13.x neither using Google nor querying the archive
http://www.mozilla.org/projects/securi
,
Bernhard
--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699
bernhard.thalm...@painstakingminds.com - Solution Architect
This e-mail may contain confidential and/or privileged information.If
you
chain and the
"Server Key Exchange" handshake message, if it is used.
Wan-Teh
--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699
bernhard.thalm...@painstakingminds.com - Solution Architect
ingly the same agent can connect to other ssl-enabled servers.
Unfortunately the community member will / can not provide a network
trace showing the handshake messages.
TIA,
Bernhard
--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel:
Hi experts, according to
'https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables'
PKCS#11 crypto module will throw an error if not initialized by the
process which will use it (even it has been initialized by the parent
process).
It seems this behaviour has been changed with
Thanks again Wan-Teh,
I'm just trying to build the agent with Sun Studio .. unfortunately it's
not that easy as building NSS.
Rgds,
Bernhard
On 04/20/2011 05:01 PM, Wan-Teh Chang wrote:
On Wed, Apr 20, 2011 at 7:46 AM, Bernhard Thalmayr
wrote:
Thanks for the pointer Wan-Teh
m
{
bool state;
secStatus = SSL_OptionGet(sslSocket,SSL_SECURITY,
(PRBool*)&state);"
However I'm not a frequent C/C++ programmer...
Thanks again,
Bernhard
On 04/20/2011 04:42 PM, Wan-Teh Chang wrote:
On Wed, Apr 20, 2011 at 3:27 AM, Bernhard Thalmayr
wrote:
Hi exp
Hi experts, it would be great if some could shed some light on the
following
OpenAM web-agents are using NSS/NSPR for outbound connections.
I get a core-dump of Apache http server when agent is doing outound
ssl-connection on Solaris 10 SPARC (32bit-apache httpd and nss)
pstack shows me.
Hi experts,
I'm experiencing an interesting issue.
OpenAM url-policy agent, which is using NSS/NSPR, 'hangs' when trying to
establish a connection to an SSL-enabled server.
OS: Solaris10
Machine: Sun Fire T2000 (CMT)
NSS: 3.12.5
NSPR: 4.8.2
Trussing the process shows the following ...
"322
On 01/18/2011 05:16 PM, Kaspar Brand wrote:
On 18.01.2011 12:29, Bernhard Thalmayr wrote:
I meant it might be a bug in Agent code to call 'NSS_NoDBInit' ...
however this code has been there for some years already.
One explanation I can think of is that it would only break with m
On 01/17/2011 06:28 PM, Kaspar Brand wrote:
On 17.01.2011 13:38, Bernhard Thalmayr wrote:
Apache httpd 2.2.17
and what MPM are you using?
Worker MPM is used , but is configured so start multiple processes (default)
Is it possible that the
Connection::initialized boolean might not be
Thanks for your reply Kaspar, please see my comments inline.
On 01/16/2011 12:16 PM, Kaspar Brand wrote:
On 14.01.2011 10:24, Bernhard Thalmayr wrote:
the 'client' is the OpenSSO web-agent (a lib) used by Apache httpd.
Just to be sure: we're talking of this code here, right
Thanks again Robert, please see my comments inline ...
On 01/13/2011 10:40 PM, Robert Relyea wrote:
--snip--
What is the actual client software you are running?
the 'client' is the OpenSSO web-agent (a lib) used by Apache httpd.
It merley does the following ...
PR_SetConcurrency(
Hi again,
today I a built a debug version of NSS 3.12.8 (as I haven't found 3.12.9
yet)
The issue is still there, but occours much later then with 3.12.5.
Server (with lib using NSS) ran about 1.5 hours before the issue
occoured. During this time 911 SSL connections have been done. The last
Thanks a lot for the detailed explanation Robert - much appreciated.
Please see my comments in line, some stuff deleted for brevity.
On 01/12/2011 11:38 PM, Robert Relyea wrote:
--- snip ---
331569088[1bd1610]: C_UnwrapKey 331569088[1bd1610]: hSession =
0x6 331569088[1bd1610]: pMechanism =
On 01/12/2011 10:50 PM, Nelson B Bolyard wrote:
Bernhard wrote:
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0331569088331569088[1bd1610]:
Notify = 0x13231f31569088[1bd1610]: phSession =
0x7fffc331569088[1bd1610]: phKey = 0x36c1618
331569088[1bd1610]: CKA_C
On 01/12/2011 10:50 PM, Nelson B Bolyard wrote:
Bernhard wrote:
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0331569088331569088[1bd1610]:
Notify = 0x13231f31569088[1bd1610]: phSession =
0x7fffc331569088[1bd1610]: phKey = 0x36c1618
331569088[1bd1610]: CKA_C
On 01/12/2011 10:46 PM, Nelson B Bolyard wrote:
On 2011-01-11 13:26 PDT, Bernhard Thalmayr wrote:
Hi experts,
https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables
tells me that I have to build NSS/NSPR with 'TRACE'.
Unfortunatley I have not found how to make
ed an SSLTRACE log if needed.
TIA,
Bernhard
On 01/11/2011 09:59 PM, Robert Relyea wrote:
On 01/11/2011 12:51 PM, Bernhard Thalmayr wrote:
Hi Wan-Teh,
thanks for your reply.
Will it be helpfull to use the 'PKCS #11 Module Logger' before
starting with 'printfs'?
I tried that and
Hi Experts, where do I get the script 'modlogger.pl' mentioned in
'http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn2.html'?
TIA,
Bernhard
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Hi experts,
https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables
tells me that I have to build NSS/NSPR with 'TRACE'.
Unfortunatley I have not found how to make this build work.
I've already search the archive and the code but without success.
TIA,
Bernhard
--
dev-tech-cry
Hi Wan-Teh,
thanks for your reply.
Will it be helpfull to use the 'PKCS #11 Module Logger' before starting
with 'printfs'?
I tried that and get at least some output in the specified log.
-Bernhard
On 01/11/2011 08:28 PM, Wan-Teh Chang wrote:
Hi Bernhard,
The best way to debug this is to
On 01/11/2011 06:13 PM, Honza Bambas wrote:
On 1/11/2011 5:36 PM, Bernhard Thalmayr wrote:
Hi experts,
I have apache httpd running with a shared lib using NSS/NSPR.
The lib talks to an SSL enabled server using PR_WRITE. Occasionally
PR_WRITE returns error '-8023'.
OS is CentOS 5.5
Thanks for the hints Dennis,
unfortunately the server is running remotely ... inaccessible for debugging.
Do you know why 'ltrace' does not work when using '-p'?
Thanks,
Bernhard
On 01/11/2011 06:08 PM, John Dennis wrote:
On 01/11/2011 11:36 AM, Bernhard Thalmayr wr
Hi experts,
I have apache httpd running with a shared lib using NSS/NSPR.
The lib talks to an SSL enabled server using PR_WRITE. Occasionally
PR_WRITE returns error '-8023'.
OS is CentOS 5.5 64bit.
NSS: @(#)NSS 3.12.5.0 Aug 3 2010 17:15:02
NSPR: @(#)NSPR 4.8.2 2010-08-03 17:13:30
I've tri
33 matches
Mail list logo