modssl maybe, yeah I think that will do it :)
> -Original Message-
> From: Yuji Shinozaki [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 3:17 PM
> To: [EMAIL PROTECTED]
> Subject: Apache mod to require client certs?
>
>
>
> I know one can do this via a cgi-bin, but does an
I know one can do this via a cgi-bin, but does anyone know of an
apache module that authenticates via client certs?
yuji
Yuji Shinozaki Computer Systems Senior Engineer
[EMAIL PROTECTED] Advanced Technologies Group
(804)924-7171
>>>Did you say you were writing a custom client? RANDFILE and .rnd are used
by the openssl application, not the library itself. So you will need to
seed the PRNG in your application too.
I am using the functions RAND_filename and RAND_load_file t seed the PRNG.
Everything worked fine when I wa
Shrikrishna Karandikar wrote:
>
> -Original Message-
> From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 10:46 AM
> To: [EMAIL PROTECTED]
> Subject: Re: DHE with DSS certificates
>
> Shrikrishna Karandikar wrote:
> >
> > The message on the client side re
-Original Message-
From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: DHE with DSS certificates
Shrikrishna Karandikar wrote:
>
> The message on the client side reads as follows:
>
> SSL connect using (NONE)
>
What do you mean by wrong private key? I generated the certficates and the
keys afresh, but I still see the same problem.
-Original Message-
From: Dale Peakall [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 10:47 AM
To: [EMAIL PROTECTED]
Subject: RE: DHE with DSS certificates
Shrikrishna Karandikar wrote:
>
> The message on the client side reads as follows:
>
> SSL connect using (NONE)
>
> So the client is not selecting any cipher suite at all. Why would that be ?
> I have dh parameters attached to the client certificate as well. Also I am
> doing SSL_CTC_set_cipher
> I am doing that. I am using the same function which s_server uses to load
> the DH parameters. But I still get this error message. Can anything else
be
> wrong?
The "no shared ciphers" message can occur for at least one reason that has
nothing
to do with cipher suite negotiation per se. One I
Hi,
I'd like to authenticate my client using client certificate.
The client is written in Perl, using Net::SSLeay.
I did not found anything in the documentation regarding the subject.
I suppose I have to extend the Perl module to handle this situation.
Or has anybody a solution already?
Best reg
The message on the client side reads as follows:
SSL connect using (NONE)
So the client is not selecting any cipher suite at all. Why would that be ?
I have dh parameters attached to the client certificate as well. Also I am
doing SSL_CTC_set_cipher_list(ctx, "DSS+DH") in both client and server.
On Wed, Jul 12, 2000 at 10:07:31AM -0700, Shrikrishna Karandikar wrote:
> Hi Lutz,
>
> I am doing that. I am using the same function which s_server uses to load
> the DH parameters. But I still get this error message. Can anything else be
> wrong?
Actually, it's hard to say on the distance.
The
peleg atar wrote:
>
> Dr Stephen Henson Thank you a lot for your help.
>
> I pass the"DEFAULT:!EXPORT56:@STRENGTH" string to the
> SSL_CTX_set_cipher_list function.
>
> Right now the behavior of the IE 5.01(Win2000)is
> "page can not be displayed" in the first attempt for connecting securly to
"Stefan Pedersen (QIN)" wrote:
>
> Here is how I do it... Maybe there is a more aproperiate API for this
> but I haven't found it.
>
> -8<---
> X509_NAME* x509name;
> X509_NAME_ENTRY* x509entry;
> int nid;
> int i;
>
> for(i = 0; i < x509name->entries->num; i++)
> {
> en
Rose Marie Carissimi wrote:
>
>
> When the first FD_READ is received we get an SSL_READ error. SSL_ERROR_SSL
> if I call ERR_get_error() I get the following hex value 0x24064064.
>
> I can also see in the logging that the handshake was at this point - SSLv3
> write client key exchange A -
> bef
hi,
I have successuflly compiled openssl on
winnt using vs 6.0 from msdos command prompt(nmake).
But when I try to call SSL_connect in a
connection utility i am writing i get a first chance execption.
the message is:
first chance exception in sslconx.exe
(ntdll.dll):0xc008: inv
Hi Lutz,
I am doing that. I am using the same function which s_server uses to load
the DH parameters. But I still get this error message. Can anything else be
wrong?
-Original Message-
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 12:44 AM
To: '[EMAIL PROT
I have a huge memory leak when I have the SSL Server authenticate the
client's Certificate.
Can anyone give me some insight? I don't have much info to give anyone.
The only call's that are different between my Authenticated and
Un-Authenticated versions are these:
// no Auth
I have a problem in the following situation:
I have OpenSSL 0.9.5a on AIX 4.3.3.
I use Perl 5.005_03 and the perl module Net::SSLeay 1.05, and after some
effort got the latter to run.
I write my problem here as I know no other forum for Net::SSLeay.
I want to open a client authenticated SSL v
On Wed, Jul 12, 2000 at 09:46:55AM -0400, Cico, Michael wrote:
>
> Hi,
>
> I'm in the process of developing a dig. sig. implementation for a project.
> The signature data needs to be appended to a URL query string in the form of
> a name/value pair, and then unbundled on the other side and verif
I'm trying to add ssl support to an application that uses non-blocking
sockets on Win32 platform.
I've downloaded the most recent version of the library 0,9.5a and compiled
it on my machine.
These are the steps that I follow:
Initialize the SSL library and create a context.
Conn
At 4:42 PM -0700 7/11/00, Yewen Tang wrote:
>I have installed OpenSSL 0.9.5a and Crypto::SSLeay 0.16. When I run
>net_ssl_test or other scripts
>to test, they failed to connect to HTTPS servers.
>
>The found those test scripts have established TCP connection to the
>HTTPS server, but failed to c
On Wed, 12 Jul 2000, you wrote:
EVRANDOM" that is set in e_os.h.
>
> Did you specify RANDFILE /dev/urandom?
>
> Best regards,
As environment variable or in openssl.cnf you mean?
No I didnt.
Ciao
Gerd
__
OpenSSL Project
On Wed, Jul 12, 2000 at 03:43:50PM +0200, Gerd Schering wrote:
> On Wed, 12 Jul 2000, you wrote:
> >
> > Did you specify "-rand /dev/urandom" on the command line?
> > You MUST NOT do that. If you have /dev/urandom, the OpenSSL library and
> > applications will silently query it for you.
> > If yo
Douglas Wikström wrote:
> Could anybody hint me on functions to dump a X509 cert to file and then
> recreate it in memory?
One of the following sets of macros should probably be easiest:
PEM_write_X509() & PEM_read_X509()
or
PEM_write_bio_X509() & PEM_read_bio_X509()
depending on whether you'
Hello!
Could anybody hint me on functions to dump a X509 cert to file and then
recreate it in memory?
/Douglas
--
--
Douglas Wikström <[EMAIL PROTECTED]>
--
Yes, God created Man before
Hi,
I'm in the process of developing a dig. sig. implementation for a project.
The signature data needs to be appended to a URL query string in the form of
a name/value pair, and then unbundled on the other side and verified. The
signing side is Java and the verify side is C++ using OpenSSL.
S
On Wed, 12 Jul 2000, you wrote:
>
> Did you specify "-rand /dev/urandom" on the command line?
> You MUST NOT do that. If you have /dev/urandom, the OpenSSL library and
> applications will silently query it for you.
> If you specify it on the command line, the "-rand" option tries to use
> the who
Try : http://www.microsoft.com/windows/ie/security/schannel.asp
-Original Message-
From: Gotfried, Colette [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 3:06 PM
To: '[EMAIL PROTECTED]'
Subject: MSIE 5 security patch
Hi !
Thanks for everybody's help on some previous quest
Eric Rescorla wrote:
> SHA-1 is only 2^80 strong against birthday attack. If you
> go around using SHA-1 or worse yet MD5 to sign stuff then
> using a private key of size > 1024 is only of limited value.
If you want to forge a signature, you will probably not be able to use
the birthday attack.
Hi !
Thanks for everybody's help on some previous questions.
Where can I get the MSIE security patch?
Thanks
Colette
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Dr Stephen Henson Thank you a lot for your help.
I pass the"DEFAULT:!EXPORT56:@STRENGTH" string to the
SSL_CTX_set_cipher_list function.
Right now the behavior of the IE 5.01(Win2000)is
"page can not be displayed" in the first attempt for connecting securly to
the openSSl server.
But in the se
31 matches
Mail list logo