You may need to implement this by creating your own in-memory bio so that
you can peek at the incoming data to determine whether it is an HTTP
request. Then if it's not HTTP, call SSL_accept on your bio.
I was hoping I could keep ignoring this entire bio issue, because I didn't
find it all
On Wed, Jan 10, 2001 at 10:55:46AM +0200, Itay Zandbank wrote:
You may need to implement this by creating your own in-memory bio so that
you can peek at the incoming data to determine whether it is an HTTP
request. Then if it's not HTTP, call SSL_accept on your bio.
I was hoping I
Hi, all!
Can you clear me one question about certificate verification?
My SSL-enabled server, written with OpenSSL-0.9.6, accepting client
(browser) connections with SSL_CTX ctx, previously initialized as:
int VerifyMode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
Anyway, I would really like OpenSSL to decide whether it's an SSL
connection or not (it's more general, because the underlying
protocol might
change in the future). I guess I could still use my own bio that remembers
everything that goes through it, and when SSL_accept fails,
access the
On Wed, Jan 10, 2001 at 01:09:09PM +0300, Oleg Amiton wrote:
Hi, all!
Can you clear me one question about certificate verification?
My SSL-enabled server, written with OpenSSL-0.9.6, accepting client
(browser) connections with SSL_CTX ctx, previously initialized as:
int VerifyMode =
A couple of questions:
1. As far as I can see the DN's stored in the index.txt file does not
differentiate
between a list of RDN's, and RDN's with multiple AVA's. i.e. they are all
seperated
by a slash '/' character. Is this correct?
2. What's the escape character used (for example to quote
Hello.
can you tell me why I can't get on the server the
value of ssl-session-peer ? it is NULL.
How can I get it ?
(I want from the server to get the certificate of the
client.)
Thanks in advanced.
Ornan Kraus
[EMAIL PROTECTED]
__
Do You
On Wed, Jan 10, 2001 at 02:40:31AM -0800, Ornan Kraus wrote:
Hello.
can you tell me why I can't get on the server the
value of ssl-session-peer ? it is NULL.
How can I get it ?
(I want from the server to get the certificate of the
client.)
Anyway, I would really like OpenSSL to decide whether it's an SSL
connection or not (it's more general, because the underlying
protocol might
How could the OpenSSL library possibly determine whether or not a
connection conformed to a protocol that it had no knowledge of? This has
to
be
On 10 Jan, Itay Zandbank wrote:
However, Lutz's comment from before was correct. It's hard to do it for
EVERY protocol, since some protocols require the server to speak first. It
might even be impossible, because OpenSSL might actually SEND something to
the client before realizing this
I'd like to know the date format used in the index.txt? It seems it's
milliseconds since 1/1/1970, but i always get a date dated back to 1970.
begin:vcard
n:Guillot;Xavier
tel;fax:+33 298441152
tel;work:+33 29815
x-mozilla-html:FALSE
url:http://www.cci-brest.fr
org:CCI de
The date follows the following template:
YYMMDDHHMMSSZ
+-- capital 'Z'
||++--- seconds
++- minutes
||++--- hours
++- day of month
||++--- month
++- year (1950-2049)
On Wed, 10 Jan 2001, CCI de Brest - Xavier Guillot wrote:
Dale Peakall wrote:
A couple of questions:
1. As far as I can see the DN's stored in the index.txt file does not
differentiate
between a list of RDN's, and RDN's with multiple AVA's. i.e. they are all
seperated
by a slash '/' character. Is this correct?
Yes.
2. What's the escape
Arnaud De Timmerman wrote:
All,
I'm trying to import a pkcs12 file created by openssl, in lotus notes R5.0.3. It
doesn't work, message says it could be a wrong password but I'm sure it isn't.
The pkcs12 file can be imported successfully in netscape 4.7. Once exported from
netscape, the
Read the Documentation it's all very clear, (they have done a good job on
the documentation).
I have to advice you that if your looking for AES, or some sort
of more advanced encryption system you will be very disappointed, as
openSSL is not updated very often, well not as much as it should be
The encrypted pre-master secret is one of those variable length vector
thingy's and so has its length prepended to it.
From rfc2246, section 4.7:
A public-key-encrypted element is encoded as an opaque vector
0..2^16-1
From section 7.4.7.1:
struct {
public-key-encrypted
The 12 bytes are the verify_data from section 7.4.9 of rfc2246, which also
described how they are computed. Note that these bytes are also encrypted.
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
- Original Message -
From: "Mohammed SADIQ" [EMAIL PROTECTED]
To: [EMAIL
On Mon, Jan 08, 2001 at 04:59:28PM +, Dr S N Henson wrote:
Lutz Jaenicke wrote:
I just had a look into it. Maybe I will undertand it tomorrow.
Once I understood it I will consider writing a manual page and update
the example for the verify_callback...
There is a manual page
Howdy,
I wrote a patch for Crypt::SSLeay 0.17 which includes proxy and basic
client-cert support. I can also supply an adopted version of Josh's net_ssl_test
script which illustrates its usage.
Regards
Tobias
I was sent a patch for this, but have not had time yet to
integrate it, if you
Anyone have any experience using OpenSSL to do SCEP?
(Simple Certificate Enrollment Protocol)
Primarily I'm trying to decode these SCEP messages
from a Cisco Box so I can write the proper PERL
scripts to respond.
Thanks,
- John Douglass
John,
attached is my expierence... and a first test-script. I would love to
see some open source implementation of SCEP and even are willing to
provide some funds to get this done...
regards,
Janus Liebregts
SURFnet
John Douglass wrote:
Anyone have any experience using OpenSSL to do SCEP?
This message was rejected by the mail hub at The University of
Birmingham (bham.ac.uk) because it has an apparently
executable attachment "pkiclient.exe".
The email rejected was not delivered to the following
recipients: [EMAIL PROTECTED]
Dear firewall,
it's just a perl-script using the .exe extension required by SCEP!
open in in you favorite (text)-editor.
regards,
janus
Mail Delivery System wrote:
This message was rejected by the mail hub at The University of
Birmingham (bham.ac.uk) because it has an apparently
[EMAIL PROTECTED] writes:
On 10 Jan, Itay Zandbank wrote:
However, Lutz's comment from before was correct. It's hard to do it for
EVERY protocol, since some protocols require the server to speak first. It
might even be impossible, because OpenSSL might actually SEND something to
the
On Wed, Jan 10, 2001 at 10:55:46AM +0200, Itay Zandbank wrote:
I was hoping I could keep ignoring this entire bio issue, because I didn't
find it all that exciting, and because I'm not sure m2crypto (a lowlevel
Python wrapping of the OpenSSL library) supports it.
In M2Crypto.SSL.Connection,
Janus Liebregts wrote:
it's just a perl-script using the .exe extension required by SCEP!
open in in you favorite (text)-editor.
1) Don't send executable attachments. Perl scripts are, to
the best of my recollection, human readable...
2) The list should definitely filter
Achtung, die von Ihnen versandte Mail enthaelt entweder
einen Computer Virus oder mindestens eine beigefuegte Datei des Typs
BAT, CHM, CMD, COM, CPL, EXE, HLP, INF, INS, ISP, JAR, JS, JSE, LNK, MDB, MDE,
MSC, MSI, MSP, MST, OCX, PIF, PL, REG, SCR, SCT, SHB, SHS, VB, VBE, VBS, WSC,
WSF, WSH
und
The point here is that the CGI called by the Cisco routers is named
'pkiclient.exe', whatever the web server is hosting it.
This pkiclient.exe can be a Java app, a Perl script, a VB app, whatever
you want. The name *must* be 'pkiclient.exe'.
On Wed, 10 Jan 2001, Michael Sierchio wrote:
Janus
Its Tobias's patch, you might as well get it from him.
--Josh
"Fisher, James" wrote:
Please send it Hopefully with a little instructions.
Thanks,
JF
-Original Message-
From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 09, 2001 12:18 PM
To: [EMAIL
That would be great. Could you give me Tobias's email, website etc
JF
-Original Message-
From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 10, 2001 12:35 PM
To: Fisher, James; [EMAIL PROTECTED]
Subject: Re: Client certificate question relating to Crypt::SSLeay
Howdy also,
Sure go ahead and give me the download location or send me an email...
Regards,
JF
-Original Message-
From: Tobias Manthey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 10, 2001 10:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Client certificate question relating to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I generated a local CA for my company. However, when I generated it, the
CA certificate only had like a month-long validity, and it expired today.
Is there any way to "renew" this CA certificate, or am I going to have to
generate a new CA?
Thanks,
"Fisher, James" wrote:
That would be great. Could you give me Tobias's email, website etc
JF
Here's his mail:
Original Message
Subject: Re: Client certificate question relating to Crypt::SSLeay
Date: Wed, 10 Jan 2001 16:16:20 +0100 (MET)
From: Tobias Manthey
Hi,
Can somebody help me with understanding SSL better?
(1) When a client is sending a 'Client Key Exchange' Handshake Message, the data which
is being sent to the server is 10 00 00 82 00 80 128 bytes of Encrypted Premaster
Secret
PROBLEM: I am not able to understand why '00 80' is used in
I've noticed that RSA_public_encrypt
(RSA_eay_public_encrypt) modifies RSA-_method_mod_n
and RSA_private_encrypt (RSA_eay_private_decrypt)
calls RSA_blinding_on() which modifies another element
in the RSA structure without locking.
I only want to read the private/public key once and be
able to
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: multithreaded use of RSA structure
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: multithreaded use of RSA structure
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
please fix this email error. thanks...it is replying to the group.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, January 10, 2001 2:08 PM
To: [EMAIL PROTECTED]
Subject: Message status - undeliverable
The message
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
At 01:02 PM 1/10/01 -0500, you wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I generated a local CA for my company. However, when I generated it, the
CA certificate only had like a month-long validity, and it expired today.
Is there any way to "renew" this CA certificate, or am I going
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Re: Expired CA certificate
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Re: Expired CA certificate
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: RE: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: RE: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Re: Client certificate question relating to Crypt::SSLeay
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Re: Client certificate question relating to Crypt::SSLeay
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
The message that you sent was undeliverable to the following:
IMagesh
Information about your message:
Subject: Message status - undeliverable
Is there any way to fix the already-generated CA certificate, or do I need
to make a new one?
You can keep the current keys, but generate a new cert.
There is no 'binary patch' for certs. We hope. :)
/r$
__
OpenSSL
The message that you sent was undeliverable to the following:
RShyamsundar
Information about your message:
Subject: Message status - undeliverable
1 - 100 of 178 matches
Mail list logo