I'm glad this works for you, but be warned: the fact that that cute
hack works in your environment now will not guarantee it will work
elsewhere. The fact that you need to transmit another few ('faked')
bytes to get the data you want is a clear sign there's a TCP stream
(or SSL BIO) issue
Variables inserted in s_server -www output are not HTML-escaped. For
example:
$ mv server.key 'bhoiserver.key'
$ openssl s_server -cert server.crt -key 'bhoiserver.key' -www
...
$ curl -s -k https://localhost:4433/ | grep hoi
s_server -cert server.crt -key bhoiserver.key -www
When viewed in a
Dear sirs,
There are a bug in Certificate Request generation, that was introduced in
OpenSSL-0.9.8h. In previous version of OpenSSL, i.e. 0.9.8g, this problem
wasn't verified. I verified this problem in Linux Slackware 12.0 and 12.1, but
compiling OpenSSL-0.9.8h in non-Slackware Linux I
Thor Lancelot Simon wrote:
I think I've discovered another problem with the current non-blocking API.
I have an application which reads data into fixed-size buffers which it
maintains per session. It uses non-blocking IO and select() when a read
returns SSL_ERROR_WANT_{READ,WRITE}.
To
Hi,
[EMAIL PROTECTED] (Arnaud Ebalard) writes:
If a token supports it but the PKCS#11 ENGINE has no equivalent that's
an ENGINE implementation issue.
I just took some minutes to look at the code and RSA_sign()
implementation in libp11 (PKCS11_sign() in p11_ops.c) basically makes a
direct
On Fri, Aug 01, 2008 at 03:49:01PM +0200, Lutz Jaenicke wrote:
Thor Lancelot Simon wrote:
The record size of the SSL record is predetermined by the sender with
16k being the maximum size specified by the protocol.
32K for SSLv2, no?
In order to return the (decrytped and authenticated) data
Thor Lancelot Simon wrote:
On Fri, Aug 01, 2008 at 03:49:01PM +0200, Lutz Jaenicke wrote:
Thor Lancelot Simon wrote:
The record size of the SSL record is predetermined by the sender with
16k being the maximum size specified by the protocol.
32K for SSLv2, no?
I stopped caring
Care to explain why you can't discuss how the API might or might not work
without throwing around gratuitous insults?
They are warnings, not insults. I'm sorry you see them that way.
This last message to which
I'm responding is merely condescending; the previous was downright
insulting and
Hurrey
I have the solution!
:clap::-D
If SSL_get_error give SSL_ERROR_NONE
I test with strcmp ( at the end, /soap:Envelope) .
because all data from the server must end with /soap:Envelope.
If my data is not complete I send CR LF and the last 975 Bytes appeared
On Fri, 1 Aug 2008 08:26:55 +0200, Ger Hobbelt said:
I'm glad this works for you, but be warned: the fact that that cute
hack works in your environment now will not guarantee it will work
elsewhere. The fact that you need to transmit another few ('faked')
bytes to get the data you want is a
10 matches
Mail list logo