Having found that the Microsoft SGC extensions to SSL were not implemented
in openssl-0.9.4, I made some changes myself. However as you can see the
changes are very hacky due to my wish to keep the changes as simple as
possible.
The basic problem is that IE4 or 5 will issue a client hello message
extension and MS SGC extension.
Thanks.
--Yunhong
-Original Message-
From: Adrian Peck [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 21, 1999 9:24 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: SGC support in OpenSSL
Having found that the Microsoft SGC extensions to SSL were not
Adrian Peck wrote:
>
> Having found that the Microsoft SGC extensions to SSL were not implemented
> in openssl-0.9.4, I made some changes myself. However as you can see the
> changes are very hacky due to my wish to keep the changes as simple as
> possible.
>
> The basic problem is that IE4 or 5
> Dr Stephen Henson wrote:
> >
> > Adrian Peck wrote:
> > >
> > > The basic problem is that IE4 or 5 will issue a client hello message
> > > immediately after receiving the server hello and server
> certificate if it
> > > finds that this certificate was a Server Gated Crypto ( SGC )
> certificate
Ben Laurie wrote:
>
> Dr Stephen Henson wrote:
> >
> > Ah I see the point now. The server doesn't have to generate the RSA
> > temporary key and more importantly sign it with the certified key: this
> > is likely to be an expensive operation.
> >
> > The next problem is how can the server in gene
Dr Stephen Henson wrote:
>
> Dr Stephen Henson wrote:
> >
> > Adrian Peck wrote:
> > >
> > > The basic problem is that IE4 or 5 will issue a client hello message
> > > immediately after receiving the server hello and server certificate if it
> > > finds that this certificate was a Server Gated Cr
Dr Stephen Henson wrote:
>
> Adrian Peck wrote:
> >
> > The basic problem is that IE4 or 5 will issue a client hello message
> > immediately after receiving the server hello and server certificate if it
> > finds that this certificate was a Server Gated Crypto ( SGC ) certificate.
> > The 'point'
[01/Jan/2000 15:30:02 00267] [error] SSL handshake failed (server
sgctest.globalsign.net:443, client 192.168.255.1) (OpenSSL library error
follows)
[01/Jan/2000 15:30:02 00267] [error] OpenSSL: error:14089106:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:wrong message type
- Original Message
Rene G. Eberhard wrote:
>
> > Dr Stephen Henson wrote:
> > >
> > > Adrian Peck wrote:
> > > >
> > > > The basic problem is that IE4 or 5 will issue a client hello message
> > > > immediately after receiving the server hello and server
> > certificate if it
> > > > finds that this certificate was
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
> Sent: Sunday, January 02, 2000 12:14 AM
> To: [EMAIL PROTECTED]
> Subject: Re: SGC support in OpenSSL
>
>
> Rene G. Eberhard wrote:
> &
Dr Stephen Henson wrote:
>
> Rene G. Eberhard wrote:
> >
> > > Dr Stephen Henson wrote:
> > > >
> > > > Adrian Peck wrote:
> > > > >
> > > > > The basic problem is that IE4 or 5 will issue a client hello message
> > > > > immediately after receiving the server hello and server
> > > certificate i
Christian Buysschaert wrote:
>
> Hello Bertie,
>
> Thanks for providing this patch!
>
> I've been testing it but have been unsuccessful in getting it
> to work. I'll provide my setup here perhaps somebody could
> point out some things I've been doing wrong?
>
The actual error you receive:
>[
Dr Stephen Henson wrote:
>
> Christian Buysschaert wrote:
> >
> > Hello Bertie,
> >
> > Thanks for providing this patch!
> >
> > I've been testing it but have been unsuccessful in getting it
> > to work. I'll provide my setup here perhaps somebody could
> > point out some things I've been doing w
Ben Laurie wrote:
>
> Dr Stephen Henson wrote:
> >
> > Christian Buysschaert wrote:
> > >
> > > Hello Bertie,
> > >
> > > Thanks for providing this patch!
> > >
> > > I've been testing it but have been unsuccessful in getting it
> > > to work. I'll provide my setup here perhaps somebody could
> >
Dr Stephen Henson wrote:
>
> Ben Laurie wrote:
> >
> > Dr Stephen Henson wrote:
> > >
> > > Christian Buysschaert wrote:
> > > >
> > > > Hello Bertie,
> > > >
> > > > Thanks for providing this patch!
> > > >
> > > > I've been testing it but have been unsuccessful in getting it
> > > > to work. I'
Hello Steve,
> > I've been testing it but have been unsuccessful in getting it
> > to work. I'll provide my setup here perhaps somebody could
> > point out some things I've been doing wrong?
> ...
> I've now checked in a fix to OpenSSL 0.9.5. It shouldn't be too hard to
> produce a patch for earl
At 03:47 PM 1/1/00 +0100, Christian Buysschaert wrote:
>Hello Bertie,
>
>Thanks for providing this patch!
>
>I've been testing it but have been unsuccessful in getting it
>to work. I'll provide my setup here perhaps somebody could
>point out some things I've been doing wrong?
>
>Server: Apache 1.3
At 03:47 PM 1/1/00 +0100, Christian Buysschaert wrote:
>Hello Bertie,
>
>Thanks for providing this patch!
>
>I've been testing it but have been unsuccessful in getting it
>to work. I'll provide my setup here perhaps somebody could
>point out some things I've been doing wrong?
>
There was a simple
quot;Adrian Peck" <[EMAIL PROTECTED]>
To: "Christian Buysschaert" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, January 05, 2000 4:59 PM
Subject: Re: SGC support in OpenSSL
> At 03:47 PM 1/1/00 +0100, Christian Buyssch
19 matches
Mail list logo
