RE: Apache mod to require client certs?

modssl maybe, yeah I think that will do it :) > -Original Message- > From: Yuji Shinozaki [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 12, 2000 3:17 PM > To: [EMAIL PROTECTED] > Subject: Apache mod to require client certs? > > > > I know one can do this via a cgi-bin, but does an

Apache mod to require client certs?

I know one can do this via a cgi-bin, but does anyone know of an apache module that authenticates via client certs? yuji Yuji Shinozaki Computer Systems Senior Engineer [EMAIL PROTECTED] Advanced Technologies Group (804)924-7171

RE: DHE with DSS certificates

>>>Did you say you were writing a custom client? RANDFILE and .rnd are used by the openssl application, not the library itself. So you will need to seed the PRNG in your application too. I am using the functions RAND_filename and RAND_load_file t seed the PRNG. Everything worked fine when I wa

Re: DHE with DSS certificates

Shrikrishna Karandikar wrote: > > -Original Message- > From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 12, 2000 10:46 AM > To: [EMAIL PROTECTED] > Subject: Re: DHE with DSS certificates > > Shrikrishna Karandikar wrote: > > > > The message on the client side re

RE: DHE with DSS certificates

-Original Message- From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 10:46 AM To: [EMAIL PROTECTED] Subject: Re: DHE with DSS certificates Shrikrishna Karandikar wrote: > > The message on the client side reads as follows: > > SSL connect using (NONE) >

RE: DHE with DSS certificates

What do you mean by wrong private key? I generated the certficates and the keys afresh, but I still see the same problem. -Original Message- From: Dale Peakall [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 10:47 AM To: [EMAIL PROTECTED] Subject: RE: DHE with DSS certificates

Re: DHE with DSS certificates

Shrikrishna Karandikar wrote: > > The message on the client side reads as follows: > > SSL connect using (NONE) > > So the client is not selecting any cipher suite at all. Why would that be ? > I have dh parameters attached to the client certificate as well. Also I am > doing SSL_CTC_set_cipher

RE: DHE with DSS certificates

> I am doing that. I am using the same function which s_server uses to load > the DH parameters. But I still get this error message. Can anything else be > wrong? The "no shared ciphers" message can occur for at least one reason that has nothing to do with cipher suite negotiation per se. One I

SSLeay and client certificates

Hi, I'd like to authenticate my client using client certificate. The client is written in Perl, using Net::SSLeay. I did not found anything in the documentation regarding the subject. I suppose I have to extend the Perl module to handle this situation. Or has anybody a solution already? Best reg

RE: DHE with DSS certificates

The message on the client side reads as follows: SSL connect using (NONE) So the client is not selecting any cipher suite at all. Why would that be ? I have dh parameters attached to the client certificate as well. Also I am doing SSL_CTC_set_cipher_list(ctx, "DSS+DH") in both client and server.

Re: DHE with DSS certificates

On Wed, Jul 12, 2000 at 10:07:31AM -0700, Shrikrishna Karandikar wrote: > Hi Lutz, > > I am doing that. I am using the same function which s_server uses to load > the DH parameters. But I still get this error message. Can anything else be > wrong? Actually, it's hard to say on the distance. The

Re: How to use SSL_CTX_set_cipher_list in order to avoid IE 5.01 problem.

peleg atar wrote: > > Dr Stephen Henson Thank you a lot for your help. > > I pass the"DEFAULT:!EXPORT56:@STRENGTH" string to the > SSL_CTX_set_cipher_list function. > > Right now the behavior of the IE 5.01(Win2000)is > "page can not be displayed" in the first attempt for connecting securly to

Re: Fetching info from certs?

"Stefan Pedersen (QIN)" wrote: > > Here is how I do it... Maybe there is a more aproperiate API for this > but I haven't found it. > > -8<--- > X509_NAME* x509name; > X509_NAME_ENTRY* x509entry; > int nid; > int i; > > for(i = 0; i < x509name->entries->num; i++) > { > en

Re: SSL_Connect problem on win32

Rose Marie Carissimi wrote: > > > When the first FD_READ is received we get an SSL_READ error. SSL_ERROR_SSL > if I call ERR_get_error() I get the following hex value 0x24064064. > > I can also see in the logging that the handshake was at this point - SSLv3 > write client key exchange A - > bef

openssl9.5a,winnt,vs6.0

hi,   I have successuflly compiled openssl on winnt using vs 6.0 from msdos command prompt(nmake).     But when I try to call SSL_connect in a connection utility i am writing i get a first chance execption.   the message is:   first chance exception in sslconx.exe (ntdll.dll):0xc008: inv

RE: DHE with DSS certificates

Hi Lutz, I am doing that. I am using the same function which s_server uses to load the DH parameters. But I still get this error message. Can anything else be wrong? -Original Message- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 12:44 AM To: '[EMAIL PROT

Memory Leaks

I have a huge memory leak when I have the SSL Server authenticate the client's Certificate. Can anyone give me some insight? I don't have much info to give anyone. The only call's that are different between my Authenticated and Un-Authenticated versions are these: // no Auth

problem with perl module Net::SSLeay and client authenticated SSL3

I have a problem in the following situation: I have OpenSSL 0.9.5a on AIX 4.3.3. I use Perl 5.005_03 and the perl module Net::SSLeay 1.05, and after some effort got the latter to run. I write my problem here as I know no other forum for Net::SSLeay. I want to open a client authenticated SSL v

Re: base64 encoding & digital sig's

On Wed, Jul 12, 2000 at 09:46:55AM -0400, Cico, Michael wrote: > > Hi, > > I'm in the process of developing a dig. sig. implementation for a project. > The signature data needs to be appended to a URL query string in the form of > a name/value pair, and then unbundled on the other side and verif

SSL_Connect problem on win32

I'm trying to add ssl support to an application that uses non-blocking sockets on Win32 platform. I've downloaded the most recent version of the library 0,9.5a and compiled it on my machine. These are the steps that I follow: Initialize the SSL library and create a context. Conn

Re: openssl + Crypto::SSLeay

At 4:42 PM -0700 7/11/00, Yewen Tang wrote: >I have installed OpenSSL 0.9.5a and Crypto::SSLeay 0.16. When I run >net_ssl_test or other scripts >to test, they failed to connect to HTTPS servers. > >The found those test scripts have established TCP connection to the >HTTPS server, but failed to c

Re: whats wrong with /dev/urandom ??? !!!!!

On Wed, 12 Jul 2000, you wrote: EVRANDOM" that is set in e_os.h. > > Did you specify RANDFILE /dev/urandom? > > Best regards, As environment variable or in openssl.cnf you mean? No I didnt. Ciao Gerd __ OpenSSL Project

Re: whats wrong with /dev/urandom ??? !!!!!

On Wed, Jul 12, 2000 at 03:43:50PM +0200, Gerd Schering wrote: > On Wed, 12 Jul 2000, you wrote: > > > > Did you specify "-rand /dev/urandom" on the command line? > > You MUST NOT do that. If you have /dev/urandom, the OpenSSL library and > > applications will silently query it for you. > > If yo

Re: Storing and reading X509 to/from file

Douglas Wikström wrote: > Could anybody hint me on functions to dump a X509 cert to file and then > recreate it in memory? One of the following sets of macros should probably be easiest: PEM_write_X509() & PEM_read_X509() or PEM_write_bio_X509() & PEM_read_bio_X509() depending on whether you'

Storing and reading X509 to/from file

Hello! Could anybody hint me on functions to dump a X509 cert to file and then recreate it in memory? /Douglas -- -- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God created Man before

base64 encoding & digital sig's

Hi, I'm in the process of developing a dig. sig. implementation for a project. The signature data needs to be appended to a URL query string in the form of a name/value pair, and then unbundled on the other side and verified. The signing side is Java and the verify side is C++ using OpenSSL. S

Re: whats wrong with /dev/urandom ??? !!!!!

On Wed, 12 Jul 2000, you wrote: > > Did you specify "-rand /dev/urandom" on the command line? > You MUST NOT do that. If you have /dev/urandom, the OpenSSL library and > applications will silently query it for you. > If you specify it on the command line, the "-rand" option tries to use > the who

RE: MSIE 5 security patch

Try : http://www.microsoft.com/windows/ie/security/schannel.asp -Original Message- From: Gotfried, Colette [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 3:06 PM To: '[EMAIL PROTECTED]' Subject: MSIE 5 security patch Hi ! Thanks for everybody's help on some previous quest

Re: DSA key sizes

Eric Rescorla wrote: > SHA-1 is only 2^80 strong against birthday attack. If you > go around using SHA-1 or worse yet MD5 to sign stuff then > using a private key of size > 1024 is only of limited value. If you want to forge a signature, you will probably not be able to use the birthday attack.

MSIE 5 security patch

Hi ! Thanks for everybody's help on some previous questions. Where can I get the MSIE security patch? Thanks Colette __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: How to use SSL_CTX_set_cipher_list in order to avoid IE 5.01 problem.

Dr Stephen Henson Thank you a lot for your help. I pass the"DEFAULT:!EXPORT56:@STRENGTH" string to the SSL_CTX_set_cipher_list function. Right now the behavior of the IE 5.01(Win2000)is "page can not be displayed" in the first attempt for connecting securly to the openSSl server. But in the se