David Mundy [SMTP:[EMAIL PROTECTED]] asked:
I have to make some modifications to an existing Linux Apache web server
that uses SSL but I'm a newbie to SSL.
We are changing ISPs so I need to give the server a new IP address.
Everything else such as the Host and Domain Name will be
I have been asked what standards the OpenSSL RSA key generation observe.
In particular the RSA_generate_key() function.
Any comments welcome!
TIA
Kim Hellan
Mailto:[EMAIL PROTECTED]
__
OpenSSL Project
Dear sir,
I am using the perl, v5.6.0 built for MSWin32-x86-multi-thread (Binary
build 620 provided by ActiveState Tool Corp. - Built 18:31:05 Oct 31
2000), Crypt-SSLeay [0.17.1] and libwww-perl 5.48.
When I the purl code
use LWP::UserAgent;
my $ua = LWP::UserAgent-new;
Dino Cherian K wrote:
Dear sir,
I am using the perl, v5.6.0 built for MSWin32-x86-multi-thread (Binary
build 620 provided by ActiveState Tool Corp. - Built 18:31:05 Oct 31
2000), Crypt-SSLeay [0.17.1] and libwww-perl 5.48.
When I the purl code
use LWP::UserAgent;
my $ua =
Hi,
I'm working on some stand-alone S/MIME, pkcs7 and other related routines
based on the apps files in the OpenSSL 0.9.6 code. In particular, I'm
modifying smime.c, pkcs7.c, etc.
I wrote a function:
int smime(char **argv, char **outdata, char **outerror)
that is basically identical to MAIN
Hi Mick,
Function PEM_ASN1_read is missing a parameter, during the built I get
an error : " too few actuall parameters"
char * PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
pem_password_cb *cb, void *u);
The parameter that's missing is the last one, "void *u". This
Try SSL_CTX_set_verify() with the mode parameter set to
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
The documentation is at
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html#
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
- Original Message -
From: Zhong
FYI PEM_ASN1_read() should not be called by applications, that example
is ancient and should have been discarded or updated. You would call the
corresponding PEM_read_*() function instead for example
PEM_read_PrivateKey().
Steve.
--
Dr Stephen N. Henson.
Zhong Chen wrote:
Is there any SSL_CTX_* function to force the client sending
certificate after server sends "Server Hello"? It's an optional step
in SSL handshake, and I want to make it mandatory (doable?). It will
be very helpful if you can point me to an example. Thanks.
That would
Hoeteck Wee wrote:
Hi,
I'm working on some stand-alone S/MIME, pkcs7 and other related routines
based on the apps files in the OpenSSL 0.9.6 code. In particular, I'm
modifying smime.c, pkcs7.c, etc.
I wrote a function:
int smime(char **argv, char **outdata, char **outerror)
that
Roger,
If you want to retreive your own certs (that is, the ones you'll send to
the peer) you are probably better off just "remembering" where you got
the certificates you used to initialized the SSL_CTX with via
SSL_CTX_load_verify_locations().
Read them in again using the example function
Simple GETs and POSTs work fine.
I think I figured out how to re-create the bug (not really a bug,
Crypt::SSLeay just needs better error handling):
1. I did a https POST to the server
2. The server responded with a redirect
3. Not knowing any better I tried to re-POST to the redirected page.
I suspect the problem may be that I am on a shared server and the webhost's
SSL is already running. There must be some Apache configuration to make my
SSL the dominant one for my site.
__
OpenSSL Project
On Sat, Jan 13, 2001 at 07:11:10PM -0500, David Arbogast wrote:
Dec 29 00:52:41 libsafe.so[16322]: detected an attempt to write
across stack boundary.
Dec 29 00:52:41 libsafe.so[16322]: terminating
/home/jamesb/src/openssl-0.9.6/apps/openssl
Dec 29 00:52:41 libsafe.so[16322]:
Title: OT: TSL with more than 128 bit key size?
From: Greg Stark
To: [EMAIL PROTECTED]
Sent: Monday, January 15, 2001 2:28 PM
Subject: Re: TSL with more than 128 bit key size?
The security of TLS also rests on the security of
MD5 and SHA1 (used in HMAC) and these are hard-coded.
Greg
Hi,
My threaded application fails during handshake when I use a C++ server and
a Java client. The app doesn't always fail, just about 20% of the time. I
have implemented the thread callbacks but this doesn't seem to help me any.
Is it possible to do reads and writes using the same ssl structure
Hi,
Just to clarify a bit, the application tests cipher suites. Basically, the
server is initialized with all ciphers then the client repeatedly connects
using one and only one of the ciphers and determines if the connection is
possible.
My debug info for both sides of the communication at the
I am new to openSSL and I am looking at the DES support in the crypto
functions.
In the test program provided, destest.c, the part that deals with Triple DES
in cbc mode has code like this:
des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,iv3,DES_ENCRYPT);
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Deji Akinyemi
Sent: Tuesday, 16 January 2001 14:16
To: [EMAIL PROTECTED]
Subject: Would the open ssl libraries work on an SCO unix platform?
Hi! I have an application that is being targeted towards
Hello all,
I have a question on controlling the signing
time when generating PKCS7 signed files..
I traced the code down to the
PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
V_ASN1_UTCTIME,sign_time);
call in PKCS7_dataFinal function in pk7_doit.c
in crypto/pkcs7 directory..
I
There is not relation whatsoever between the transport
channel (TCP, hosts,
ports or whatever) and the TLS protocol (being transported in
the channel).
The case you are describing is not uncommon. I have a dialup
provider that
will give me a dynamic (and hence changing) IP number
Thanks in advance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Dear Sirs,
Please explain how do you act when the same owner
has different sites. Do we have to register every site oris it possible to
use only once registeredcertificate for the same company?
Thanks in advance,
Rikard
Hgberg
23 matches
Mail list logo