.
Therefore the offending statement could simply be removed...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
forget to CC to [EMAIL PROTECTED]).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project
-session);
s-session=NULL;
}
Otherwise, the SSL_SENT_SHUTDOWN flag is not taken into account when
checking out if session should be removed from cache.
Seems you are right again. Moved the bad-session-removal to the top...
Lutz
--
Lutz Jaenicke
?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project
in it yourself.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
On Thu, Feb 14, 2002 at 04:16:40PM +0100, Richard Levitte - VMS Whacker wrote:
From: Khan Alamgir [EMAIL PROTECTED]
akh Please help!
Use a more modern OpenSSL. The current release is 0.9.6c.
And call SSL_library_init() :-)
Lutz
--
Lutz Jaenicke [EMAIL
to the function, instead of sending r which is the one that is in the
cache c is been sent.
I have just checked in an appropriate fix, it will be included in the next
snapshots. Please check out your test case again.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
__
OpenSSL Project
;
SSL_SESSION_list_remove(ctx,c);
}
Any other opinions on what is the correct solution?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3
to the function, instead of sending r which is the one that is in the
cache c is been sent.
Thanks for your report. I have added your report to my TODO list.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke
when running make test, but I could not reproduce your problem...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
On Wed, Jan 23, 2002 at 11:21:49AM -0800, Booker C. Bense wrote:
On Wed, 23 Jan 2002, Lutz Jaenicke wrote:
On Wed, Jan 23, 2002 at 07:03:20AM -0800, Booker C. Bense wrote:
On Wed, 23 Jan 2002, Lutz Jaenicke wrote:
Ok, the behaviour of the OpenSSL-0.9.7 has been adjusted:
The old
the contents must also be worked out :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax
however can offer you the standard
answer for cases without sockets: use BIO-pairs. This way you have
full control over the complete I/O process.
I do use BIO-pairs in my Postfix/TLS patchkit available at
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/
Best regards,
Lutz
--
Lutz
of X509_STORE_CTX_get_error(ctx); is
significant.
If not sure, you should start without a callback function and see,
whether the certificate verification fails (it should).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
On Thu, Dec 13, 2001 at 10:06:45AM +0100, Srikanta Nayak wrote:
How openSSL will looks EGD ? Is there any such documentation available on net
related to it?
http://www.openssl.org/support/faq.html#USER1
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
been read
by PEM_read_X509().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
. Just increasing buffer allocations only hides the problem,
it does not solve it.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
an insight into other peoples work.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
be detectable...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
X509_STORE_CTX_set_verify_cb() introduced
to allow the necessary settings.
[Lutz Jaenicke]
The fix will be available in 0.9.6c (due out in the next days!?) and 0.9.7.
Nevertheless: thanks for your effort!
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
() to obtain the
X509 objects. You can then simply write them to file using the
PEM_write_X509()/PEM_write_bio_X509() function.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
have any problems due to this behaviour?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz
.
Thanks, I have rephrased the corresponding paragraph.
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
not count
it as a really unpredictable input.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
On Wed, Nov 14, 2001 at 10:59:57AM -0800, Michael Sierchio wrote:
Lutz Jaenicke wrote:
The entropy parameter should tell, how much uncertainty is in the
data provided.
If we choose a value of 0, we mean that there may be entropy in it, but
maybe an attacker can predict the value, so
somewhat
complicated (besides building with +O4=optimization at link time)...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel
supply a patch, we will strongly consider applying it :-)
Please only take care of the current development snapshot (0.9.7-dev).
The development for 0.9.6c is more or less finished and for compatibility
reasons we should leave this point as is.
Best regards,
Lutz
--
Lutz Jaenicke
On Tue, Oct 16, 2001 at 02:30:03PM +0100, Adam Back wrote:
On Sun, Oct 14, 2001 at 06:19:30PM +0200, Lutz Jaenicke wrote:
[...]
* If you have any patch to submit that will improve the behaviour of
s_client you are most welcome to post it to this list :-)
OK, here you go, someone
to your needs, as it is intended for application and not for testing?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69
it to this list :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
for consistency with
other messages.
Will be fixed in a minute.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
the shared
library support from 0.9.7-dev to 0.9.6x?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
On Sat, Aug 25, 2001 at 01:59:24PM +0200, Lutz Jaenicke wrote:
I'll add it to the TODO list. If we change this to a dynamic limit,
we could start with 16kB (platform independant) and then applications
may decide at will. 16kB should be sufficient in most cases, because
the construct
an undocumented -Fl option (at least on 10.20).
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
will therefore be part of the next release.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
!
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Fri, Aug 24, 2001 at 06:31:56PM -0700, Doug Kaufman wrote:
On Fri, 24 Aug 2001, Lutz Jaenicke wrote:
On Thu, Aug 23, 2001 at 02:21:27PM -0500, Douglas E. Engert wrote:
! #if defined(MSDOS) !defined(WIN32)
! 1024*30, /* 30k max cert list :-) */
! #else
specs don't set this limit, but rather allows 2^24 certificates.
I understand the need to have some practical limit, but it should be
setable by the application at run time.
To be considered.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
. One better
should not work on Sundays. (fixed)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
an appropriate note tomorrow.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
anybody have an idea on why this distinction is being made?
It doesn't make sense to me. (If nobody has an idea on why it should not be
public, I will make it public.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
On Thu, Aug 16, 2001 at 09:15:36AM -0500, Stephen Hinton wrote:
This is the first patch I've submitted for OpenSSL. Feedback about what I
did wrong (and what I did right) is appreciated.
Well done. Patches have just been applied.
Best regards,
Lutz
--
Lutz Jaenicke
,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
something
There is a manual page for SSL_CTX_use_certificate in my copy of OpenSSL.
A manual page for d2i_X509 does not exist, but the handling of all
d2i_* functions is similar, so you can use the description of
d2i_SSL_SESSION.
Good night,
Lutz
--
Lutz Jaenicke
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax
of this array into the
X509 and load it using SSL_CTX_use_certificate().
(OpenSSL rsa does not have a -C option, so transferring it into an array
is left as an exercise to the reader :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http
to be extended to save
the additional information.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
has already been checked in this morning.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3
into the object, but it is actually never used.
This seems to be a bug :-)
I'll have to go through this again to make sure that I did not miss
anything and then consider the best strategy to solve this problem.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
it, it
sais the following:
(make pid):error:0A7071003:dsa routines:DSA_do_verify:BN lib:dsa_ossl.c:305
Does anyone have an idea?
Yes. At least post your operating system and compiler information :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED
it: are you already using the latest version and/or
can this problem be reproduced with it?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
indicate that it is
fixed in later versions...
Reading this ethereal printout is a bit hard. Can you supply the dump
in tcpdump binary format so that it can be further processed e.g. with
ssldump?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
On Mon, Jul 23, 2001 at 11:20:17AM +0200, Lutz Jaenicke wrote:
On Sun, Jul 22, 2001 at 05:57:21AM +, a y wrote:
HMTL-gibberish...
This indicates that there is a b missing in an `fopen(...,w)' that
should read `fopen(...,wb)', such that a LF is transformed to CR/LF.
I suppose you
Please check out the SSL_CTX_set_cipher_list manual page (use the online
version at http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html,
as I have just updated the information with respect to this error message).
Best regards,
Lutz
--
Lutz Jaenicke
please don't expect
binary compatibility coming soon.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
dsa:deleteme.param -keyform DER -new -x509 -nodes
Because the -new overrides the -newkey option. -new has RSA hardcoded
and as it is processed later in the list, its setting gets preference.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49
as a backup entropy source for openssl genrsa.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
internally
inside pem_lib.c , on line 451 , line
PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT) .
Hmm. I just had a look into the source and would guess, that something
is odd with the passphrase. Unfortunately you do not supply your password_cb.
Best regards,
Lutz
--
Lutz Jaenicke
compiler or install gcc.
gcc for HP-UX 11 is available for free from HP's download site at
http://devresource.hp.com/.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine
then their initialization to 0 is nowhere enforced...
I have never dealt with the "openssl enc" command so I'll have to look
into it deeper before actually realizing a change.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
r a cipher with DSA authentication, a DSA certificate must be present
on the server side. All DSA ciphers and some RSA ciphers (with EDH)
also do need DH parameters. Openssl s_server has built in DH-parameters,
so the last point cannot be your problem.
Best regards,
Lutz
--
Lut
on less
common platforms), and report any problems to [EMAIL PROTECTED].
Passed (normal and engine) on HP-UX 10.20 with both HP ANSI-C and gcc-2.95.2.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE
changes :-).
I did not check the details, but at least cyrus-sasl uses the DES part
of OpenSSL, if found.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine
the old passphrase, you can use the "openssl rsa" command
to modify passphrases.
If you have lost or forgotten the old passphrase, you of course cannot
recover the key (otherwise we could stop working on cryptography :-).
Best regards,
Lutz
--
Lut
es that set the new encryption (or none when not specified).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
U
ename) + len(extension);
the second "len()" is obviously wrong and should be strlen().
The warning on line 98 seems to be caused by a longint conflict in
the return types.
I'll investigate further and check in a fix.
Many thanks,
Lutz
--
Lutz Jaenicke
On Thu, Mar 22, 2001 at 10:07:36AM +0100, Lutz Jaenicke wrote:
cc -I.. -I../../include -DTHREADS -D_REENTRANT -DDSO_DL +O3
+Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W
- -DMD32_XARRAY -c dso_dl.c
cc: "dso_dl.c", line 98: warning 604: Pointers are not
romFile106
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
Lutz Jaenicke [EMAIL PROTECTED]
B
)
n bytes were sent;
If (nBytesSent == 0)
connection was closed with SSL shutdown alert (clean close);
else
call SSL_get_error() and check the error stack to find out what is going on;
man SSL_get_error, ERR_get_error.
Best regards,
Lutz
--
Lutz Jaenicke
On Tue, Mar 13, 2001 at 10:15:24PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke Hmm. The DSO code was considerably changed for the
Lutz.Jaenicke 0.9.7 version and changes are not completed yet
Lutz.Jaenicke (additional security aspects must
On Tue, Mar 13, 2001 at 10:56:44PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke 1.10 breaks existing functionality, since once ".sl" is
Lutz.Jaenicke used, ".so" crypto engines will not be loaded any
Lutz.Jaenicke l
be of type
SSLv2, even if both the server and the client could do better.
+1 to change this in both current and stable.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
On Fri, Mar 02, 2001 at 12:30:05PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke The (needed) fix should have one side effect (from
Lutz.Jaenicke conclusion, I did not try it): Since the SSL_connect()
Lutz.Jaenicke is now performed
, the bug should also
affect it. Maybe the change should also be recorded to the changelog.
Best,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~jaenicke/
__
OpenSSL Project
on installation and use.
Sincere regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49
:-)
Did I miss something?
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
to 2.95.2 and it also works.
I strongly recommend you to get rid of gcc-2.8.1 and install 2.95.2
instead.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine
.. you get the picture. This is one of the reasons that it
OpenSSL only stores the peer's certificate but not the rest of the chain.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
client certificate is not used any where
other than establishing the new session..
No, it is not used in the handshake again (that's why it must be kept inside
the stored session).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
On Tue, Jan 23, 2001 at 10:51:27AM +, Ben Laurie wrote:
Lutz Jaenicke wrote:
On Mon, Jan 22, 2001 at 04:41:41PM -0800, Nagaraj Bagepalli wrote:
Thanks for your response. If I understand this correctly, certificate
is stored in the session table so that application can retrieve
) ...
to check whether the certificate passed verification...
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
).
It does use much less machine dependent settings.
Of course, if your appointment is explicitly to work with OpenSSL...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl
snapshot as there is no
2.3.1p1 version of OpenSSH.)
I run 2.3.0p1 in production on both HP-UX and Linux (OpenSSL 0.9.6) and never
met the problem you describe...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
s libsafe does not run on SuSE
Linux 6.4, I cannot try myself. There was a short discussion on the
SuSE-security mailing list about libsafe, the result was not very much
in favor of libsafe; SuSE does not include it into the distribution.)
Best regards,
Lutz
--
Lutz Jaenicke
+ seeding like with /dev/[u]random will be performed.
+ Positions tried are: /etc/entropy, /var/run/egd-pool.
+ [Lutz Jaenicke]
Is /etc/entropy a standard location for EGD? Otherwise, and maybe
even if it is, I'd prefer an explicit file name such as /etc/egd-pool
instead
quot;hard error"). In case of a hard error, the
error message is located on the stack.
Maybe you have to extend libwww to provide this additional error information.
Maybe the server has just closed down the connection.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PR
to recompile.
Let's rather add a list of places and have this static; stop on success.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
), but the directory structure is not portable enough.
- /etc/egd-socket?
(I would not use /dev as this is for device files only (and might lead
to trouble on Linux-2.4 not even having a real /dev directory).)
Comments? Booohs? Hoorays?
Hooray, that may reduce the unnecessary traffic on openssl-* :-)
Best
On Sat, Jan 06, 2001 at 08:48:09PM +0100, Richard Levitte - VMS Whacker wrote:
From: Lutz Jaenicke [EMAIL PROTECTED]
Lutz.Jaenicke On Fri, Jan 05, 2001 at 09:49:56PM +0100, Richard Levitte - VMS
Whacker wrote:
Lutz.Jaenicke I don't know how select() would act on a regular
Lutz.Jaenicke file
http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz
duce your
setup.
Having this said, and I don't think the configuration for HP-UX 64bit
has changed significantly between versions, OpenSSL 0.9.6 is available
for some time.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http:/
or directory
make[1]: Leaving directory `/home/vswami/kde-download/openssl-0.9.5a/crypto'
make: *** [all] Error 1
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
key and certificate is already there with
SSL_CTX_check_private_key() but having a SSL_CTX_check_cert_chain()
might make tracking down problems much easier. This is not a promise
that I am going to write such a beast (at least not within a guaranteed
schedule :-).]
I hope this clarifies thing
_ learning that there is no client certificate!?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaet
, the same applies for the "outside OpenSSL" approach,
call SSL_set_cipher_list() as appropriate.
Inside OpenSSL, you should have a look into the ssl3_choose_cipher()
function.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
501 - 600 of 705 matches
Mail list logo