How to get IP-Adress of clients?

Hello, my server-application is waiting for connections via BIO_do_accept(acc) If a client connects to my server-application I would like to know which IP-Adress the client has. How can I get this infomation? Thanks for your help!

RE: How to get IP-Adress of clients?

my server-application is waiting for connections via BIO_do_accept(acc) If a client connects to my server-application I would like to know which IP-Adress the client has. How can I get this infomation? How about BIO_get_conn_ip()? Mark

accepting self signed certs

hi.. My test server has a list of trusted CAs. Now i also want to accept connections requested by clients with self signed certificates. Any simple way to accept the self signed certs ? Thanks in advance. Samy

RE: accepting self signed certs

Hi Samy, 1. If server ready to accept any unanimous certificate (certificate need not be verified by the any of the server trusted CAs ) like your case self signed client certificate ,There is no point of asking client authentication. If server is requested for client authentication

Re: How to get IP-Adress of clients?

I don't understand it. I get only NULL. Nothing else. my server-application is waiting for connections via BIO_do_accept(acc) If a client connects to my server-application I would like to know which IP-Adress the client has. How can I get this infomation? How about BIO_get_conn_ip()?

Re: How to get IP-Adress of clients?

On Thu, Feb 02, 2006, Bastian Bhrig wrote: Hello, my server-application is waiting for connections via BIO_do_accept(acc) If a client connects to my server-application I would like to know which IP-Adress the client has. How can I get this infomation? You can get the underlying

Re: How to get IP-Adress of clients?

Do you have a small example for me, please. I get nothing really useful. :( On Thu, Feb 02, 2006, Bastian Bhrig wrote: Hello, my server-application is waiting for connections via BIO_do_accept(acc) If a client connects to my server-application I would like to know which IP-Adress the

X509_STORE

Hi, We have already some leaks in our application. I found out, that for STACK_OF(X509) there are two cleanup functions. sk_X509_free to free only the 'stackframe', and sk_509_pop_free for freeing the whole stack. Is there something for X509_STORE, too? X509_STORE_free seems not to free the

self signed cert - error : unknown CA

Thanks konark. When I initialize my ctx i call the following functions.. # SSL_CTX_set_verify() with option SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT # SSL_CTX-set_client_CA_list( ctx, cafile) things are fine when the client request for a connection with a certificate signed

ASN1 Sequence unpack problem

Hello, I have a problem with sequence unpacking. Given the following code ASN1_TYPE *at = NULL; STACK_OF(ASN1_TYPE) *st = NULL; st = ASN1_seq_unpack_ASN1_TYPE(asn1-get_data(), asn1-get_len(), d2i_ASN1_TYPE, ASN1_TYPE_free); if I call at = sk_ASN1_TYPE_value (st, 0) I get the sequence members,

Re: self signed cert - error : unknown CA

For which reasons do you want to accept self signed certificates ?... I do not understand why deactivating client authentication as Konark suggested wouldn't be good enough. Samy Thiyagarajan wrote: Thanks konark. When I initialize my ctx i call the following functions.. #

Shorter error messages.

Is there a way to generate cuddly error messages? Basically, we're developing an app. The app will be deployed by people who aren't us, and used by their users. While dumping the actual SSL messages to a log file will help us debug things if anything horrible happens, the first layer of support

Re: Can I have SSL for peer authentication only? (and not for data encryption)

On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and client authentication by means of certificates).

Re: Shorter error messages.

On Thu, Feb 02, 2006, Katie Lucas wrote: Is there a way to generate cuddly error messages? Basically, we're developing an app. The app will be deployed by people who aren't us, and used by their users. While dumping the actual SSL messages to a log file will help us debug things if

Re: Can I have SSL for peer authentication only? (and not for data encryption)

On 2/2/06, Katie Lucas [EMAIL PROTECTED] wrote: On Tue, Jan 24, 2006 at 06:44:30PM +0530, Urjit Gokhale wrote: Hi all, I am planning to use SSL for the communication between my client and server. The idea is to use SSL *mainly* for peer authentication and validation (Both server and

Re: Can I have SSL for peer authentication only? (and not for data encryption)

1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? How about; you open the sockets using your socket level interface. Then you attach SSL constructs to both ends, but with the don't close this option.

Re: Can I have SSL for peer authentication only? (and not for data encryption)

On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote: 1) Is it possible to use SSL only for the sake of peer authentication + validation and transfer un-encrypted data over this channel ? How about; you open the sockets using your socket level interface. Then you attach

Re: self signed cert - error : unknown CA

Self-signed certificates are good for one thing, at least: They ensure that subsequent transactions are with the same entity (the same keypair is used), even if no other piece of data in the certificate is trustworthy. There is a callback that you can set for the trust verification function, as

Re: Can I have SSL for peer authentication only? (and not for data encryption)

Katie Lucas wrote: On Thu, Feb 02, 2006 at 05:09:42PM +0100, Alain Damiral wrote: But with no cryptographic digest you have no guarantee that the data you receive provides from the person who showed his certificate. I think it would be vulnerable to a man in the middle type of attack.

Re: self signed cert - error : unknown CA

Kyle Hamilton wrote: Self-signed certificates are good for one thing, at least: They ensure that subsequent transactions are with the same entity (the same keypair is used), even if no other piece of data in the certificate is trustworthy. Doesn't Diffie-Hellman key exchange ensure that this

ASN1 Sequence unpack problem

Please, if someone can give me an answer to my problem, because I have to take a decision to use openssl for the project or not. Is it feasible to modify the d2i_ASN1_SET/ASN1_item_d2i/ASN1_item_ex_d2i behavior or is it an easier way to do it? __ Do

Re: self signed cert - error : unknown CA

One needs to call a verify call back and set an appropriate return code. The server might well accept things and give a temporary and lmimitred access, the self signed cert can be stored, an admin validates, etc. It can also be that the server is actually a person that accepts or not..

read rsa private key (in pem format) from the memory

dear all: i am trying to read the rsa key from the memory (rather than from a file). here is what i did: 1. use the openssl genrsa -out key.pem 1024 to generate a rsa key in the file key.pem. 2. copy and paste the key from the key.pem to my code. 3. use a mem bio to read the key from the

Re: self signed cert - error : unknown CA

Diffie-Hellman key exchange is a means of creating a session key in a manner that's not easily reversible by an eavesdropper, not a means of authentication. The public/private keypair is the only means of authenticating an anonymous third party as being that specific anonymous third party, and

Re: self signed cert - error : unknown CA

OK I understand. By subsequent transactions I originally thought you meant during the same session. I apologize for diverting from the problem of the original poster. Maybe I can redeem myself by pointing to the example callback function:

Weird indenting in X509_signature_print()

In openssl-0.9.7g/crypto/asn1/t_509.c, there is this function: int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) { unsigned char *s; int i, n; if (BIO_puts(bp,Signature Algorithm: ) = 0) return 0; if (i2a_ASN1_OBJECT(bp, sigalg-algorithm)

Re: read rsa private key (in pem format) from the memory

On Thu, Feb 02, 2006, Chong Peng wrote: dear all: i am trying to read the rsa key from the memory (rather than from a file). here is what i did: 1. use the openssl genrsa -out key.pem 1024 to generate a rsa key in the file key.pem. 2. copy and paste the key from the key.pem to my

Re: ASN1 Sequence unpack problem

On Thu, Feb 02, 2006, Enis Arif wrote: Please, if someone can give me an answer to my problem, because I have to take a decision to use openssl for the project or not. Is it feasible to modify the d2i_ASN1_SET/ASN1_item_d2i/ASN1_item_ex_d2i behavior or is it an easier way to do it? It

Re: X509_STORE

Steffen Lips wrote: Hi, We have already some leaks in our application. I found out, that for STACK_OF(X509) there are two cleanup functions. sk_X509_free to free only the 'stackframe', and sk_509_pop_free for freeing the whole stack. Is there something for X509_STORE, too? X509_STORE_free

RE: read rsa private key (in pem format) from the memory

thanks steve. i got my code working. actually, this is pretty easy. following is my final code. hopefully, this can do a little bit help to those who wants to do the same thing. note that char array skey is copy and paste from a pem file generated by using the openssl genrsa -out key.pem 1024.

Re: self signed cert - error : unknown CA

On 2/2/06, Alain Damiral [EMAIL PROTECTED] wrote: OK I understand. By subsequent transactions I originally thought you meant during the same session. I apologize for diverting from the problem of the original poster. Maybe I can redeem myself by pointing to the example callback function: