In our setup we've been sharing a SSL_CTX between different threads
(I'll admit that I don't quite know whether that is allowed) and have
run into the following problem:
X509_STORE_get_by_subject is called to load a CA cert by both thread 1
and thread 2. It checks for the certs existence in the c
I use the OpenSSL libraries on Solaris and Linux and have recently hacked my copy of
Makefile.org to create copies of the shared libraries libssl.so and libcrypto.so with
different names (eg libxyzssl.so and libxyzcrypto.so) - note: the hack is minimal,
just building _additional_ shared librari
I notice when using d2i_PUBKEY() to convert a string RSA
SubjectPublicKeyInfo to an EVP_PKEY struct that the string pointer ends up
pointing to random memory. Is this deliberate (e.g. for security reasons)
or a bug? I would like to have the public key string still available when
the function ret
On Wed, Sep 18, 2002 at 09:18:22AM +0200, Lutz Jaenicke via RT wrote:
>
> On Wed, Sep 18, 2002 at 09:09:41AM +0200, Steve Haslam via RT wrote:
> > SSL DEBUG HACK: s->hit=1, c=0x815217c (EDH-DSS-DES-CBC3-SHA),
> > s->session->cipher=(nil) ((NONE))
> >
> > maybe there's a problem with deserialisin
On Wed, Sep 18, 2002 at 04:03:26PM +0200, Steve Haslam via RT wrote:
>
> On Wed, Sep 18, 2002 at 09:18:22AM +0200, Lutz Jaenicke via RT wrote:
> > Workaround: the problem is does not appear, when
> > SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, which is part of
> > SSL_OP_ALL (see "man SSL
On Wed, Sep 18, 2002 at 04:03:26PM +0200, Steve Haslam via RT wrote:
>
> On Wed, Sep 18, 2002 at 09:18:22AM +0200, Lutz Jaenicke via RT wrote:
> > Workaround: the problem is does not appear, when
> > SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, which is part of
> > SSL_OP_ALL (see "man SS
On Wed, Sep 18, 2002 at 09:18:22AM +0200, Lutz Jaenicke via RT wrote:
>
> On Wed, Sep 18, 2002 at 09:09:41AM +0200, Steve Haslam via RT wrote:
> > SSL DEBUG HACK: s->hit=1, c=0x815217c (EDH-DSS-DES-CBC3-SHA),
> > s->session->cipher=(nil) ((NONE))
> >
> > maybe there's a problem with deserialisi
On Wed, Sep 18, 2002 at 03:47:52AM +0100, Steve Haslam wrote:
> SSL DEBUG HACK: s->hit=1, c=0x815217c (EDH-DSS-DES-CBC3-SHA),
> s->session->cipher=(nil) ((NONE))
In fact.. (talking to myself again, sorry), I looked in d2i_SSL_SESSION(),
and it sets "cipher" to NULL, although it sets cipher_id. S
> I'm developing an OpenSSL-based SSL sniffer that monitors decrypted
> SSL traffic using the webserver's private keys on real site traffic
> (similar to ssldump). For some reasons, part of the SSL traffic is
> not being decrypted.
>
> I'm looking for possible reasons for this. The ones I am