Hi there,
On November 29, 2005 03:05 pm, Anil Gunturu wrote:
> I am just wondering about the steps to use a dynamic engine. Can
> somebody verify this:
> e = ENGINE_by_id("dynamic");
> if (!e) {
> return RC_ERROR;
> }
> if ((!ENGINE_ctrl_cmd_string(e, "SO_PATH", so_
Mark wrote:
Hi Goetz,
But since you are using an own program, this doesn't matter.
Could you do an
c_rehash
openssl verify -CApath cert_to_check
error 20 at 0 depth lookup:unable to get local issuer certificate
If this doesn't work, but a
cat /*.pem >ca.pem
openssl verify -CAfile ca.pem
I am just wondering about the steps to use a dynamic engine. Can somebody verify this: e = ENGINE_by_id("dynamic"); if (!e) { return RC_ERROR; } if ((!ENGINE_ctrl_cmd_string(e, "SO_PATH", so_path, 0)) || (!ENGINE_ctrl_cmd_string(e, "ID", "ATHENA", 0)) || (!ENG
On Tue, Nov 29, 2005, john guerrero wrote:
> hi steve,
>
> ok, i tried:
> openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse
>
> and got:
> RSA operation error
> 15946:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
> type is not 01:rsa_pk1.c:100:
> 15946:er
hi steve,
ok, i tried:
openssl rsautl -verify -in sigfile -pubin -inkey public.pem -asn1parse
and got:
RSA operation error
15946:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:rsa_pk1.c:100:
15946:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
Greetings!
On Tue, 29 Nov 2005, Victor Duchovni wrote:
> On Tue, Nov 29, 2005 at 05:32:45PM +0300, Dmitry Belyavsky wrote:
>
> > Greetings!
> >
> > We use openssl 0.9.8a, apache 1.3.34 with mod_ssl 2.8.25 (Debian etch).
> > The URL we request requires client certificate.
> >
> > 4119:error:1408F4
On Tue, Nov 29, 2005 at 05:32:45PM +0300, Dmitry Belyavsky wrote:
> Greetings!
>
> We use openssl 0.9.8a, apache 1.3.34 with mod_ssl 2.8.25 (Debian etch).
> The URL we request requires client certificate.
>
> 4119:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad
> record mac
Greetings!
We use openssl 0.9.8a, apache 1.3.34 with mod_ssl 2.8.25 (Debian etch).
The URL we request requires client certificate.
The command is:
zsh% openssl s_client -cipher DHE-DSS-AES256-SHA -cert
U_x_dsa_dsaparams.pem/cert.pem -key U_x_dsa_dsaparams.pem/seckey.pem -CAfile
ca_dsa.pem -con
Thanks for the reply Alain, I have changed as you mentioned by placing a
call to do a read on s_ssl_bio (for reading/writing UNEncrypted Data). Here
is how that function looks like...
bool CSSLSession::GetData(std::string& RecvData)
{
/*The RecvData WILL contain UN-ENCRYPTED-DATA tha
Hi there,
You might have missed one thing in ssltest.c... there is a first call to
BIO_read on the server side before any data is available. Before that
call, the read request on server_io is actaully 0. After the call to
BIO_read, then some data is requested. So if you're using read request,
On Tue, Nov 29, 2005, Jos Luis Gmez wrote:
> Hello,
> unfortunately it did not work. But I think it's not a problem but a
> misconfiguration: I've checked my openssl.cnf and I've noticed a
> property called nsCertType, which, if not set, means every purpose but
> object signing. I think this co
Hi*!
I am implementing IOCP server (for Windows OS) supporting SSL. For SSL
part i am trying to use OpenSSL's bio pairs. I have looked at the example in
ssltest.c. As i understand (please correct me if i am wrong) of the three
bios (s_ssl_bio, server, server_io) that get created in "doit_bio
Hi Seema,
> Thus, there seems to be a need for ssl_connect to timeout, in order to
> protect against such buggy servers. My query was:
>
> 1) Does ssl_connect have such an internal timeout mechanism
> after which the
> OpenSSL will give up on the connection attempt and return
> failure for the
Hi Mark,
Thanks for the response. I will try to explain my scenario a little
further.
My application does an ssl_connect. But the server application is buggy,
becuase of which the ssl_connect does not succeed, but returns
SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE error, which my application
in
Hi Goetz,
> But since you are using an own program, this doesn't matter.
>
> Could you do an
> c_rehash
> openssl verify -CApath cert_to_check
error 20 at 0 depth lookup:unable to get local issuer certificate
> If this doesn't work, but a
> cat /*.pem >ca.pem
> openssl verify -CAfile ca.pem
Citation from "Dr. Stephen Henson" <[EMAIL PROTECTED]>:
> On Mon, Nov 28, 2005, Stefan Vatev wrote:
>
> >
> > Hi guys,
> > I had to look in-depth the ocsp stuff of openssl and
> some
> > questions arise. Well, in ocsp.c I don't get why after
> > trying OCSP_basic_verify(bs, verify_other, store,
>
Hello,
unfortunately it did not work. But I think it's not a problem but a
misconfiguration: I've checked my openssl.cnf and I've noticed a
property called nsCertType, which, if not set, means every purpose but
object signing. I think this could be the problem with my user certificates.
Could
17 matches
Mail list logo
