I tested a non-forking minimal test server (no verify client certs, but
server supplies cert on request, encrypted session) with many consecutive
secure client sessions using OpenSSL-0.9.2b on Solaris 2.6 through Rational
Purify and it came through with NO memory leaks or other nasty errors. This
Ulf,
I removed the cpp file and everything finally compiled without errors.
Thanks for your continued assistance on this!
Unfortunately, I'm still not able to connect and am still at a loss
as to why. When I run s_client I receive the following:
CONNECTED(0003)
31019:error:140790E3:SSL ro
"Michal Trojnara" <[EMAIL PROTECTED]>:
> Stunnel 3.2 has been released.
> News:
[...]
> Added full duplex with non-blocking sockets.
I think your program will likely get stuck when the peer starts a
renegotiation, as you don't obey SSL_ERROR_WANT_WRITE and
SSL_ERROR_WANT_READ. But when tryin
Ulf Möller wrote:
>
> > I have been trying to compile openssl-0.9.2b on solaris 2.6. I
> > used './Configure solaris-usparc-sc4 no-asm' to configure the
> > product and it compiled fine. When I do 'make test' I get the
> > error:
> >
> > ./rsa_oaep_test
> > Decryption failed!
>
> I
Dave Neuer wrote:
>
> 3) SSL and how:
> a) there are cyphersuites which don't use RSA, but they are not
> browser-supported and you can't get a cert from a recognized CA for them
> (right?)
>
Thawte will issue DSA (DSS) certificates and chains. This means the
certificates and the chains can
On Wed, 28 Apr 1999, Dave Neuer wrote:
> Subject: Proposal -- better patent FAQ/patent-specific mailing list
>
> With the amount of traffic on this list lately regarding patent issues, and
> the amount of confusion regarding said issues, it seems like it might be a
> good idea to set up a mail
On Wed, Apr 28, 1999 at 09:28:18AM -0700, Mike Davis wrote:
> I'm using curl 5.6.2beta [...] with OpenSSL 0.9.2b, to access an
> Apache server (Stronghold/2.4.1 Apache/1.3.3) on Solaris 2.6. After
> I've made a thousand or so requests via SSL, the Apache httpsd
> daemons start crashing with a se
>Dose OpenSSL allow such change? If dose, what're the key steps and
>things need to be watched out?
Removing ciphers is easy. For example if you want to use OpenSSL
without RC5 (which requires a patent license in many countries), run
"./config no-rc5; rm -Rf crypto/rc5" and make sure that "no-rc
On Wed, 28 Apr 1999, Eric Norman wrote:
>
>
> > The relevant patent is the one on the RSA cryptography algorithm.
> > It expires in September 2000. It is in the US only. Outside the US,
> > the algorithm is not patented.
>
> Just make sure you understand what you can and cannot do in a few
>
Paul Rubin <[EMAIL PROTECTED]> wrote:
> My understanding is:
>
> 1) RSAREF is only licensed to be used for non-commercial purposes.
> Setting up a web retail site with it, for example, is not permitted.
The license was posted here a few weeks ago. It does allow some
commercial use. My read (IA
With the amount of traffic on this list lately regarding patent issues, and
the amount of confusion regarding said issues, it seems like it might be a
good idea to set up a mailing list specifically for these questions.
In the auto-responder for the list, it could send a FAQ with more detailed
in
-Original Message-
From: Leland V. Lammert <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, April 28, 1999 3:08 PM
Subject: Re: While there is a discussion on RSA
>At 10:24 AM 4/28/99 -0400, Dave Neuer wrote:
>>
>>All b
> If you need a lot of hits/sec (a smart card can't handle
> many) you can use a hardware accelerator like the Ncipher
> (what I'm using) or Rainbow accelerators
and now I'm lost again. Surely the certificate only needs to
be loaded (and therefore the passp
-BEGIN PGP SIGNED MESSAGE-
On Tue, 27 Apr 1999, Paul Rubin wrote:
>
> Very good question Wade - it was a topic of discussion in our
> office yesterday. My problem with the server prompting a
> password for cert files is that it impedes the automatic
> system sta
> The relevant patent is the one on the RSA cryptography algorithm.
> It expires in September 2000. It is in the US only. Outside the US,
> the algorithm is not patented.
Just make sure you understand what you can and cannot do in a few
months when the RSA patent expires.
What you can do is w
Hi all,
Are there any plans to support PKCS#11 tokens in OpenSSL? Has someone
done something in this field? Any practical experience?
Regards,
--
Vlasta Joskova <[EMAIL PROTECTED]>
ICZ a.s.
Zirovnicka 6/3133
106 00 Praha 10, Czech Republic
Tel.: +420(2)7276 0326
Fax : +420(2)7276 0322
___
Hi all!
I have a doubt and some questions...
First the doubt: when I try to issue the new certificate for a
certain DN before the old one has expired I get error saying
that there is already a certificate for that DN...
This can cause troubles to users -> There will be a period of
time when the
Ben Laurie wrote:
> Boyce, Nick wrote:
> >
> > OK. I'm confused (;-). I thought I understood the
> > load-the-certificate-at-Apache-startup issue, but then ...
> >
> > On 28th.April,1999 Paul Rubin wrote :-
> >
> > > If you need a lot of hits/sec (a smart card can't handle many) you can
> > > u
On Wed, 28 Apr 1999, Ben Laurie wrote:
> > and now I'm lost again. Surely the certificate only needs to be loaded (and
> > therefore the passphrase needs to be entered) *once* after Apache startup ?
> > Are you saying it has to be loaded every time the server gets a hit from a
> > browser !!???!?
>as I can tell, this is the kind of gear that banks and brokerages are
>using to protect data that, if compromised, could wreak havoc costing
>not just millions, but potentially billions (10**9's) of dollars. (If
>you know of something better, please tell me).
I think I know what you mean, but yo
> Netscape servers have PKCS11 support so you can store the key in a
> secure token (i.e. smart card). I think it would be good if modssl
> also supported something like this.
mod_ssl already _DOES_ support this ;) All you've to write is
a program for yo
> Anyway, if you have really serious SSL security
> requirements, this is the kind of stuff you have to use.
> You can't do it with pure software.
Hmm. So I end up with a slow computer which very few people
have reviewed the design of, that I still have to
At 10:24 AM 4/28/99 -0400, Dave Neuer wrote:
>
>All browser-supported SSL ciphersuites use RSA, AFAIK. To use SSL legally
>in the US for commercial purposes, you must either license BSAFE from
>RSADSI, or buy a commercial Apache+SSL (from C2Net, Covalent, or Red Hat).
>
Dave,
Good question! I th
On Wed, Apr 28, 1999 at 10:31:00AM -0300, Walcir Fontanini-ADM- wrote:
> Where can I get SSLrshd ?
>
> Thanks,
> -walcit
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List
I sent this message to the curl mailing list, but thought I would
also send it to the openSSL list, in case anyone has seen a problem
like this.
I'm using curl 5.6.2beta on both Solaris 2.6 and Linux systems,
with OpenSSL 0.9.2b, to access an Apache server (Stronghold/2.4.1
Apache/1.3.3) on Solar
Boyce, Nick wrote:
>
> OK. I'm confused (;-). I thought I understood the
> load-the-certificate-at-Apache-startup issue, but then ...
>
> On 28th.April,1999 Paul Rubin wrote :-
>
> > If you need a lot of hits/sec (a smart card can't handle many) you can
> > use a hardware accelerator like the N
On Wed, Apr 28, 1999 at 08:50:20AM -0500, John Fulmer wrote:
> Now, the way I understand it, there are three options for SMTP under
> netscape 4.51:
>
> 1) No encyption
> 2) If available (EHLO STARTTLS negotiation)
> 3) Always (SSL tunnel)
>
> (Information was from a newsgroup article by someone
Hello
Besides being not very nice to users wanting to compile shared
libraries (gcc ${CFLAGS} -shared -Wl,-soname,libssl.so.0.9 -o
libssl.so.0.9.2 $(LIBOBJ) or something similar will do it),
I get unresolved symbols in bn_something..
This is Debian 2.2 on Alpha, Kernel 2.2.6, glibc 2.1.
have
OK. I'm confused (;-). I thought I understood the
load-the-certificate-at-Apache-startup issue, but then ...
On 28th.April,1999 Paul Rubin wrote :-
> If you need a lot of hits/sec (a smart card can't handle many) you can
> use a hardware accelerator like the Ncipher (what I'm using) or
> Rainbow
-Original Message-
From: David Hajoglou <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Tuesday, April 27, 1999 8:04 PM
Subject: While there is a discussion on RSA
>
>I am following the INSTALL.SSL instructions with apache_1.3.6. These
>instructions say that I shou
Hello!
Next question, slightly offtopic.
I've been working with openssl and stunnel to get Netscape Communicator's
SSl mail services to work.
IMAP and POP3, of course, work fine. SMTP is a different story.
Now, the way I understand it, there are three options for SMTP under
netscape 4.51:
1)
31 matches
Mail list logo