Small update:
I got the proper error response working now (it was getting a bit late
yesterday, my brain obviously wasn't in top gear!), and it is as follows:
error:140840FF:SSL routines:SSL3_CONNECT:unknown state
Does this help anyone or provide any further indications of the problem?
What
On Wed, Mar 07, 2001 at 11:19:28AM -, Toby Shepheard wrote:
Small update:
I got the proper error response working now (it was getting a bit late
yesterday, my brain obviously wasn't in top gear!), and it is as follows:
error:140840FF:SSL routines:SSL3_CONNECT:unknown state
Does
Comments inserted below.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Lutz Jaenicke
Sent: 07 March 2001 12:32
To: [EMAIL PROTECTED]
Subject: Re: SSL_ERROR_SSL generated in SSL_connect
On Wed, Mar 07, 2001 at 11:19:28AM -, Toby
People;
I've been asked to review a document for some PKI system which
deals with some issues I have not come across before and was hoping
someone could verify what I believe is true. This is more a browser/SSL
issue than openssl, but I think I can generalize it enough.
If an
Jeffrey,
The short answer is neither. The client's only use of its private key is
to sign a hash of the handshake messages, one of which includes the server
random value.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
Greg;
Thanks. Therefore if I read this right, all the actually data
passed across the session (i.e. all the real data passed after the
handshae has been completed) is encoded with the symmetrically generated
key only and hence could not be used to non-repudiation?
Jeff
On Wed, 7 Mar
Greg,
When the client signs the handshake message hash with its private key, how
does the server (say, Apache/ModSSL) authenticate that encryption/signature
? Is the client's certificate also enclosed ? Asked for by the server ?
Needs to be stored on the server in advance ?
Regards,
Sandipan
Jeff,
That is correct, all the payload data is MAC'ed using shared symmetric
keys, so repudiation by either peer claiming tampering by the other is
possible.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
-
Hi,
I am trying to decrypt (verify a signature) some data encrypted by
AspEncrypt and put in a tempfile with:
openssl rsautl -inkey mycert.key -pubin -verify -in tempfile
And I get the following error:
RSA operation error
280:error:0406706C:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data greater than
The client sends its certificate in a Certificate handshake message. The
server can use the public key in the certificate to verify the signature,
and just as important the server needs to examine the issuer and subject
identity information in the certificate to make the access control decision.
On Wed, Mar 07, 2001 at 02:32:08PM -, Toby Shepheard wrote:
//Is this ok? I'm using the generic SSLv3_method
meth=SSLv3_method();
ctx=SSL_CTX_new(meth);
* You are not reusing an old SSL object that was already used once and
not cleared with SSL_clear()?
// The SSL object should
Sean Telles
Manager of Fulfillment
OneSecure
[EMAIL PROTECTED]
303.563.4119 (desk)
303.808.6932 (cell)
---==---
It is impossible for a man to learn
what he thinks he already knows.
- Epictetus
Lutz,
Your the best :-)
SSL_set_connect_state() did the trick. I've got some other problems now, but
hopefully I can iron them out myself. I can't say I understand why it worked
as a plain old C executable, but not in Vignette as a .so, but its now
working fine in both.
Cheers!
Toby
I called Oracle and asked the same question. They said that is was
a bug in their client software that prevent SSL V3 from being acceptable.
So I dropped it down to SSL V1, and all works fine.
Original message below--
Oracle has a handy little tool called Oracle Wallet Manager (OWM),
Christian,
I assume you mean X509 v3 and X509v1
instead of SSL v3 and SSL v1, no?
_Greg StarkEthentica,
Inc.[EMAIL PROTECTED]_
- Original Message -
From:
Christian
Ullman
To: [EMAIL PROTECTED]
Hi all.
Anybody know if there is any OCSP client to test.
I have tested Netscape PSM OCSP implementation, but it is not
RFC2560 compliant.
There is any for Explorer?
Thanks a lot, Gabi
--
Gabriel Lpez Milln
Facultad de Informtica -Universidad de Murcia
30001 Murcia - Espaa
Bodo wrote:
The symptom was, SSL_write returned -1. SSL_get_error returned 1 (SSL_ERROR_SSL).
ERR_error_string returned "error::lib(255):func(4095):reason(4095)".
Use ERR_error_string() on the return value of ERR_get_error(), not on the
return value of SSL_write(). See the
Bodo Moeller wrote:
Dan Kegel [EMAIL PROTECTED]:
I just realized I have to accept either SSLV2 or SSLV3 (or TLS)
connections, so I switched from SSLv3_server_method() to
SSLv23_server_method(). But oops, that doesn't support SSL_peek()!
What to do?
Use SSL_accept first. It will
Wherecan I get 128 bit ssl? and how do
I install it on the SUN SOlaris 7 system
Thanks
Thanks Steven, you were Oh So Close! I changed the method to SSLv2
and the SSL_accept went off as advertised! Way cool!
Now, to get the rest of the coding in place :-|
Jim
- Original Message -
From: "Reddie, Steven" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 07,
Hi! I have to read public keys stored by crypto++ which is encoded in BER
form with n followed by e. My questions:
What is exactly BER form - some encoding standard encoding scheme?
How can I read these into an RSA* type in open ssl's crypto layer?
There's some function called d2i_RSAPublicKey
Dan Kegel [EMAIL PROTECTED]:
Bodo Moeller:
Dan Kegel [EMAIL PROTECTED]:
I just realized I have to accept either SSLV2 or SSLV3 (or TLS)
connections, so I switched from SSLv3_server_method() to
SSLv23_server_method(). But oops, that doesn't support SSL_peek()!
What to do?
Use SSL_accept
Therefore if I read this right, all the actually data
passed across the session (i.e. all the real data passed after the
handshae has been completed) is encoded with the symmetrically
generated key only and hence could not be used to non-repudiation?
To be precise, the 'Finished' message, which
Yup, we ran into the same problem. Check out our tiny
patch for cygwin and OpenSSL-0.9.5a at
http://www.lymeware.com/download_fw.html. Then you
can either install the patch or just read it to find
the perl script fix.
Mike
--- yangxiande [EMAIL PROTECTED] wrote:
Hi:
i compile openssl with
Bodo Moeller wrote:
Dan Kegel [EMAIL PROTECTED]:
The symptom was, SSL_write returned -1. SSL_get_error returned 1
(SSL_ERROR_SSL).
ERR_error_string returned "error::lib(255):func(4095):reason(4095)".
Don't confuse SSL_get_error and ERR_get_error! Those are entirely
different
For all of you that have been looking into a way to save your private
keys, certs, etc. offline on a very small device, take a look at a
device referred to as the ThumbDrive. They are solid state memory
memory "disks" that connect to your computer via a USB port and
have storage from 16MB to
I am always wondering about what happened when server or client certificate is
revoked. Can I use a revoked certificate to pass the SSL handshake process ? Are there
any Certificate checking operations in the SSL protocol ?
Dou Qiang
[EMAIL PROTECTED]
27 matches
Mail list logo