> The apache/mod_ssl "HowTo" states that a directory can be > defined to require
>clients to be authenticated for a particular
> URL based upon client certificates signed by a certificate
> specified by the keyword SSLCACertificateFile. I assume
> that this implies that I can use my own self-si
Date sent: Tue, 23 Jan 2001 14:52:43 +1000 (EST)
From: Grant <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:Re: MS Explorer Client Certificate
Send reply to: [EMAIL PROTECTED]
The client certificate has the following e
What type of client certificate do you have?
Have you imported it successfully into the "Personal" area?
On Mon, 22 Jan 2001, Kenneth R. Robinette wrote:
> The apache/mod_ssl "HowTo" states that a directory can be defined
> to require clients to be authenticated for a particular URL based
> u
The apache/mod_ssl "HowTo" states that a directory can be defined
to require clients to be authenticated for a particular URL based
upon client certificates signed by a certificate specified by the
keyword SSLCACertificateFile. I assume that this implies that I can
use my own self-signed CA c
[This is a guess]
It appears that the SSL decryption engine does not have enough data to
proceed. Have you verified that the sender really has sent the entire
message. 300 bytes sounds about right for a packetized, encrypted
message. If you are using a custom-written client, try forcing a fl
Hi,
(this is an updated question, re-posted because I'm stuck and
scared.)
I've implemented a dual thread socket event pump that uses
OpenSSL for security - I'm doing all socket management.
I get a connection request, I accept the socket. Then I
call SSL_accept() on the socket and note whether
> From: Quickling [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 22, 2001 11:53 AM
> >[re conflicting Win32 C runtimes]
> Not sure about Cory, but in my case this is not trouble: I built the SSL
> libraries with the same compiler and linker as I use for my project -
> everybody's using the
I am now faced with the need to generate and validate certs
based on PKCS#3 DH Parameters: prime, base, and privateValueLength.
These don't seem to be supported directly in the command line tool,
though I may be mistaken. Is anyone using OpenSSL to generate
and manage these certs?
_
Hello all,
I had a question on specifying the signing
time when creating PKCS7 signed files..
I have looked at crypto/pkcs7/sign.c and after
liberal use of grep, I think I have traced the
function which adds the signingTime to the
PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
V_ASN1_U
Hey,
>Might it be a Win32 conflicting-runtimes problem? If all components of your
>application, including the DLLs you're using (such as OpenSSL) that rely on
>the C runtime, don't use the same incarnation of the MS C runtime, you can
>run into a variety of synchronization and memory allocation
> From: Cory Winter [mailto:[EMAIL PROTECTED]]
> Hmmm... this could be related to my problem as well. My application is
> more of a test suite which involves many connects and disconnects at a
> high rate. Sometimes, albeit rarely, my application makes it through
> it's many tests but most times
On Mon, Jan 22, 2001 at 04:19:59PM +0530, Shridhar Bhat wrote:
> Ron wrote:
> >
> > Hello,
> >
> > I would like to know what is the advantage of using openssl.
> >
> > Do openssl users still have to pay for services like verisign.
> >
> > I have looked on the opensll site but my English is not
I have an application which uses old-style va_*, with varargs.h. It works fine
in many platforms except when compiled with SSL.
Unfortunately, SSL seems to '#include ' itself and the two
definitions of va_* clash. Here is an example on Solaris :
"/usr/include/iso/stda
On Mon, Jan 22, 2001 at 04:35:36PM +0100, Irger Armin wrote:
> Hi,
>
> what means write:errno=32 ?
> -
> [root@server1 /root]# openssl s_client -connect localhost:443 -state
> CONNECTED(0003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL
Hi,
what means write:errno=32 ?
-
[root@server1 /root]# openssl s_client -connect localhost:443 -state
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=32
[root@server1 /ro
Hi,
On Sun, Jan 21, 2001 at 12:25:38PM -0500, Quickling wrote:
> I haven't thoroughly tested it, but I'm not sure I *ever* get
> a WANT_READ while writing or a WANT_WRITE while reading
> between sockets that are created and negotiated. Also I was
> under the impression that read and write were i
There's no "class" for a certificate, technically speaking.
The "class" associated with the certificate corresponds to a verification
level, and then to a trust in the identity bound to the certificate.
This "class" notion is then only an organizational one.
On Mon, 22 Jan 2001, Arnaud De Timme
> I've read that 3 types of certificates exist. From "class 1"
> to "class 3" (the higher the safer). How could I find, in a
> certificate created thanks to openssl, the number of the class
> it belongs to ?
You've been misinformed. Certificates have no intrinsic class.
Verisign, a commercial
Hi,
this a message about a discussion on this list on December.
Dr S N Henson wrote:
> Etienne Loupias wrote:
> >
> > Have you experienced this problem ? Could it be a bug of my Netscape version ( I
>use
> > Communicator 4.75 on Win98). Is there a way to access the secret key in Netscape
Try the following command and maybe you will found some information in the
subject name.
openssl x509 -in youfile -inform DER or PEM -text
-Original Message-
From: Arnaud De Timmerman [mailto:[EMAIL PROTECTED]]
Sent: lundi 22 janvier 2001 13:35
To: [EMAIL PROTECTED]
Subject: class of a c
All,
I've read that 3 types of certificates exist. From "class 1" to "class 3" (the
higher the safer). How could I find, in a certificate created thanks to openssl,
the number of the class it belongs to ?
Many thanks.
__
Ope
> I'm a newbie in SSL and I need your advice.
> I've just setup an Apache with OpenSSL configured using Mod_SSL.
> I've created my own certificate using the command
> o make certificate TYPE=custom
>
> I am able to start the SSL-enabled Apache.
>
> However, when I try to access the secure site
On Mon, Jan 22, 2001 at 05:13:10PM +0530, Shridhar Bhat wrote:
> We are trying to deploy multiple SSL-based servers
> in a cluster. We want to share the session cache of each
> of these servers so that connections from same client
> (with session id reuse) can be handled by any server in
> the sam
Shridhar Bhat wrote:
>
> Hi,
>
> We are trying to deploy multiple SSL-based servers
> in a cluster. We want to share the session cache of each
> of these servers so that connections from same client
> (with session id reuse) can be handled by any server in
> the same cluster. The scheme is simpl
Hi,
I'm a newbie in SSL and I need your advice.
I've just setup an Apache with OpenSSL configured using Mod_SSL.
I've created my own certificate using the command
o make certificate TYPE=custom
I am able to start the SSL-enabled Apache.
However, when I try to access the secure site that I've j
Hi,
We are trying to deploy multiple SSL-based servers
in a cluster. We want to share the session cache of each
of these servers so that connections from same client
(with session id reuse) can be handled by any server in
the same cluster. The scheme is simple:
Each server maintains its local ca
After some fiddling found out that the -startdate option ONLY works
when the -enddate option is set as well.
Anyone knows who is reponsible for the documentation, he/she may be
interested.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Min Sheng Lu
OpenSSL is a library used for developing applications that can
communicate using the SSL/TLS link-layer encryption facilities.
Link-layer encryption can be used to carry any other protocol. This
is demonstrated by the 'stunnel' application that can be used to
transparently add SSL encryption to
Ron wrote:
>
> Hello,
>
> I would like to know what is the advantage of using openssl.
>
> Do openssl users still have to pay for services like verisign.
>
> I have looked on the opensll site but my English is not that good,
> if someone can give me a simple explanation it would be very much
>
Great!!! it works.
I have changed SSL_get0_session() in SSL_get1_session() and I call it
after each SSL_connect(), but this did not give a complete solution.
I have set the ctx options using
SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
and now it works really well.
Thanks
On Sunday 21 January 2001, at 23 h 48, the keyboard of "Ron"
<[EMAIL PROTECTED]> wrote:
> Do openssl users still have to pay for services like verisign.
Of course :-) Verisign is not a charity, not even a political party fighting
for free software.
We self-sign our certificate for this reason
On Mon, Jan 22, 2001 at 11:05:11AM +0100, Patrick CHEMLA wrote:
> Lutz Jaenicke wrote:
> > the session must be selected by the application.
>
> So I did it using SSL_get0_session() after the first SSL_connect() and
> SSL_set_session() for all subsequent ones (you can see my code extra
On Mon, Jan 22, 2001 at 10:05:15AM +, Ben Laurie wrote:
> Lutz Jaenicke wrote:
> > On the server side, a session cache is automatically maintained (unless
> > explicitly switched off) with parameters influenced by the functions you
> > mention.
>
> Note that this cache only works if the serve
On Mon, Jan 22, 2001 at 10:11:23AM +0100, Patrick CHEMLA wrote:
> On the second SSL_connect(), it stops with an error :
> 1867:error:140920C5:SSL routines:SSL3_GET_SERVER_HELLO:old session
> cipher not returned:s3_clnt.c:636:
This question was just answered by [EMAIL PROTECTED]:
...
> As a work
Lutz Jaenicke wrote:
>
> On Sun, Jan 21, 2001 at 07:03:07PM -0500, Greg Stark wrote:
> > sorry for the misinformation. I misunderstood a thread I had read in the
> > archives. Just out of curiousity, what do the following functions do:
> >
> > SSL_CTX_set_session_cache_mode( );
> > SSL_CTX_sess
Hi,
Lutz Jaenicke wrote:
> the session must be selected by the application.
So I did it using SSL_get0_session() after the first SSL_connect() and
SSL_set_session() for all subsequent ones (you can see my code extract
in my last posted email).
SSL_get0_session should help keeping a
On Sun, Jan 21, 2001 at 07:03:07PM -0500, Greg Stark wrote:
> sorry for the misinformation. I misunderstood a thread I had read in the
> archives. Just out of curiousity, what do the following functions do:
>
> SSL_CTX_set_session_cache_mode( );
> SSL_CTX_sess_set_cache_size ( );
> SSL_CTX_set
Hi Greg, Lutz,
As Lutz proposed, I tried to use SSL_set_session().
Here is how my code looks like, as it still doesn't work :
(---DECLARATION---)
struct {
.
SSL*ssl;
} sessions[] ;
SSL_CTX*ctx;
SSL_SESSION*sslsession;
SSL *ssl; /* Struct SSL */
(---INIT
38 matches
Mail list logo
