Hello,
my server-application is waiting for connections via
BIO_do_accept(acc)
If a client connects to my server-application I would like to know which
IP-Adress the client has. How can I get this infomation?
Thanks for your help!
my server-application is waiting for connections via
BIO_do_accept(acc)
If a client connects to my server-application I would like to
know which
IP-Adress the client has. How can I get this infomation?
How about BIO_get_conn_ip()?
Mark
hi..
My test server has a list of trusted
CAs. Now i also want to accept connections requested by clients with self
signed certificates. Any simple way to accept the self signed certs ?
Thanks in advance.
Samy
Hi Samy,
1.
If server ready to accept
any unanimous certificate (certificate need not be verified by the any of
the server trusted CAs ) like your case self signed client certificate
,There is no point of asking client authentication. If server is
requested for client authentication
I don't understand it. I get only NULL. Nothing else.
my server-application is waiting for connections via
BIO_do_accept(acc)
If a client connects to my server-application I would like to
know which
IP-Adress the client has. How can I get this infomation?
How about BIO_get_conn_ip()?
On Thu, Feb 02, 2006, Bastian Bhrig wrote:
Hello,
my server-application is waiting for connections via
BIO_do_accept(acc)
If a client connects to my server-application I would like to know which
IP-Adress the client has. How can I get this infomation?
You can get the underlying
Do you have a small example for me, please. I get nothing really useful. :(
On Thu, Feb 02, 2006, Bastian Bhrig wrote:
Hello,
my server-application is waiting for connections via
BIO_do_accept(acc)
If a client connects to my server-application I would like to know which
IP-Adress the
Hi,
We have already some leaks in our application.
I found out, that for STACK_OF(X509) there are two cleanup functions.
sk_X509_free to free only the 'stackframe', and sk_509_pop_free for
freeing the whole stack.
Is there something for X509_STORE, too? X509_STORE_free seems not to
free the
Thanks konark.
When I initialize my ctx i call
the following functions..
# SSL_CTX_set_verify() with
option SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
# SSL_CTX-set_client_CA_list(
ctx, cafile)
things are fine when the client request
for a connection with a certificate signed
Hello,
I have a problem with sequence unpacking. Given the
following code
ASN1_TYPE *at = NULL;
STACK_OF(ASN1_TYPE) *st = NULL;
st = ASN1_seq_unpack_ASN1_TYPE(asn1-get_data(),
asn1-get_len(), d2i_ASN1_TYPE, ASN1_TYPE_free);
if I call
at = sk_ASN1_TYPE_value (st, 0)
I get the sequence members,
For which reasons do you want to accept self signed certificates ?... I
do not understand why deactivating client authentication as Konark
suggested wouldn't be good enough.
Samy Thiyagarajan wrote:
Thanks konark.
When I initialize my ctx i call the following functions..
#
Is there a way to generate cuddly error messages?
Basically, we're developing an app. The app will be deployed by people
who aren't us, and used by their users. While dumping the actual SSL
messages to a log file will help us debug things if anything horrible
happens, the first layer of support
On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote:
Hi all,
I am planning to use SSL for the communication between my client and
server. The idea is to use SSL *mainly* for peer authentication and
validation (Both server and client authentication by means of
certificates).
On Thu, Feb 02, 2006, Katie Lucas wrote:
Is there a way to generate cuddly error messages?
Basically, we're developing an app. The app will be deployed by people
who aren't us, and used by their users. While dumping the actual SSL
messages to a log file will help us debug things if
On 2/2/06, Katie Lucas [EMAIL PROTECTED] wrote:
On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote:
Hi all,
I am planning to use SSL for the communication between my client and
server. The idea is to use SSL *mainly* for peer authentication and
validation (Both server and
1) Is it possible to use SSL only for the sake of peer
authentication + validation and transfer un-encrypted data over this
channel ?
How about; you open the sockets using your socket level
interface. Then you attach SSL constructs to both ends, but with the
don't close this option.
On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote:
1) Is it possible to use SSL only for the sake of peer
authentication + validation and transfer un-encrypted data over this
channel ?
How about; you open the sockets using your socket level
interface. Then you attach
Self-signed certificates are good for one thing, at least: They ensure
that subsequent transactions are with the same entity (the same
keypair is used), even if no other piece of data in the certificate is
trustworthy.
There is a callback that you can set for the trust verification
function, as
Katie Lucas wrote:
On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote:
But with no cryptographic digest you have no guarantee that the data you
receive provides from the person who showed his certificate. I think it
would be vulnerable to a man in the middle type of attack.
Kyle Hamilton wrote:
Self-signed certificates are good for one thing, at least: They ensure
that subsequent transactions are with the same entity (the same
keypair is used), even if no other piece of data in the certificate is
trustworthy.
Doesn't Diffie-Hellman key exchange ensure that this
Please, if someone can give me an answer to my
problem, because I have to take a decision to use
openssl for the project or not. Is it feasible to
modify the d2i_ASN1_SET/ASN1_item_d2i/ASN1_item_ex_d2i
behavior or is it an easier way to do it?
__
Do
One needs to call a verify call back and set an appropriate
return code. The server might well accept things and give a temporary
and lmimitred access,
the self signed cert can be stored, an admin validates, etc. It can also
be that the server is
actually a person that accepts or not..
dear all:
i am trying to read the rsa key from the memory (rather than from a file). here
is what i did:
1. use the openssl genrsa -out key.pem 1024 to generate a rsa key in the file
key.pem.
2. copy and paste the key from the key.pem to my code.
3. use a mem bio to read the key from the
Diffie-Hellman key exchange is a means of creating a session key in a
manner that's not easily reversible by an eavesdropper, not a means of
authentication. The public/private keypair is the only means of
authenticating an anonymous third party as being that specific
anonymous third party, and
OK I understand.
By subsequent transactions I originally thought you meant during the
same session.
I apologize for diverting from the problem of the original poster.
Maybe I can redeem myself by pointing to the example callback function:
In openssl-0.9.7g/crypto/asn1/t_509.c, there is this function:
int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
{
unsigned char *s;
int i, n;
if (BIO_puts(bp,Signature Algorithm: ) = 0) return 0;
if (i2a_ASN1_OBJECT(bp, sigalg-algorithm)
On Thu, Feb 02, 2006, Chong Peng wrote:
dear all:
i am trying to read the rsa key from the memory (rather than from a file).
here is what i did:
1. use the openssl genrsa -out key.pem 1024 to generate a rsa key in the
file key.pem.
2. copy and paste the key from the key.pem to my
On Thu, Feb 02, 2006, Enis Arif wrote:
Please, if someone can give me an answer to my
problem, because I have to take a decision to use
openssl for the project or not. Is it feasible to
modify the d2i_ASN1_SET/ASN1_item_d2i/ASN1_item_ex_d2i
behavior or is it an easier way to do it?
It
Steffen Lips wrote:
Hi,
We have already some leaks in our application.
I found out, that for STACK_OF(X509) there are two cleanup functions.
sk_X509_free to free only the 'stackframe', and sk_509_pop_free for
freeing the whole stack.
Is there something for X509_STORE, too? X509_STORE_free
thanks steve. i got my code working.
actually, this is pretty easy. following is my final code. hopefully, this can
do a little bit help to those who wants to do the same thing.
note that char array skey is copy and paste from a pem file generated by using
the openssl genrsa -out key.pem 1024.
On 2/2/06, Alain Damiral [EMAIL PROTECTED] wrote:
OK I understand.
By subsequent transactions I originally thought you meant during the
same session.
I apologize for diverting from the problem of the original poster.
Maybe I can redeem myself by pointing to the example callback function:
31 matches
Mail list logo