Ken Snider wrote:
Greetings,
I have a certificate, signed by a CA that is not under my control. I'd like
to sign this cert with my own CA as well. Is such a thing even possible? If
so, can it be done using the CA.pl script, or will I need to interact with
openssl directly?
AFAIK, the chain of
yeah you would think that but it doesnt for some strange reason.Girish Venkatachalam <[EMAIL PROTECTED]> wrote: Looks like I have not understood your problem. Why do you have to do an SSL_read() to figure out ifit has closed? SSL_write() will fail it the other sidecloses...--- michael Dorrian <[EM
Only test!
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Greetings,
I have a certificate, signed by a CA that is not under my control. I'd like
to sign this cert with my own CA as well. Is such a thing even possible? If
so, can it be done using the CA.pl script, or will I need to interact with
openssl directly?
Thank you.
_
Hi Richa, Thanks for your help! If possible, can you tell me where I can find the Tomcat's documentation about this problem. Thanks, Hung.Richa Misra <[EMAIL PROTECTED]> wrote:Hi Hung, For that, client authentication has to be set to true and certificates need to be presented by client at
Looks like I have not understood your problem.
Why do you have to do an SSL_read() to figure out if
it has closed? SSL_write() will fail it the other side
closes...
--- michael Dorrian <[EMAIL PROTECTED]> wrote:
> Here is the relevant code. The problem is in this
> do_client_loop. I need to rea
On Thu, Apr 06, 2006, Dr. Stephen Henson wrote:
> Good, that shows just about everything is working OK. To fix that you need to
> copy the file ms/_chkstk.o from the FIPS validated sources (the FIPS build
> extracts this file automatically) and copy it to the "ms" directory in the
> snapshot.
>
>
Gianluca Varenni wrote:
>> I'll fix the build system so it will also look for it in fipslibdir so
>> you
>> only have to copy it once.
>
> It worked! Now it builds successfully both the static version (out32)
> and the dynamic one (out32dll).
>
> Was I the first one successfully compiling the fi
On Thu, Apr 06, 2006, Gianluca Varenni wrote:
>
>
> It worked! Now it builds successfully both the static version (out32) and
> the dynamic one (out32dll).
>
> Was I the first one successfully compiling the fips certified OpenSSL under
> Windows (apart from you)?!?
> :-)
>
Nope, at least fo
t 0.9.7 snapshot (20060406), and uncompressed.
>perl Configure VC-WIN32 fips --with-fipslibdir=c:\msys\1.0\local\ssl\lib
Runs ok.
>ms\do_ms.bat
Runs ok. (FWIW, do_masm.bat runs well too).
Opened a VC2003 command prompt,
>nmake -f ms\nt.mak
It compiles every source properly, but it fai
Hi Hung,
For that, client authentication has to be set to true and certificates need to be presented
by client at time of handshake. For e.g if one is using web browser as client then certificates
need to be presented by it.
Also truststore and keystore must be present as part of tomcat configurat
On Thu, Apr 06, 2006, Gianluca Varenni wrote:
>
>
> Ok, almost there...
>
> Downloaded the latest 0.9.7 snapshot (20060406), and uncompressed.
>
> >perl Configure VC-WIN32 fips --with-fipslibdir=c:\msys\1.0\local\ssl\lib
>
> Runs ok.
>
> >ms\do_ms.ba
all.
What am I missing this time?
You need the latest *snapshot* of OpenSSL 0.9.7. The required features are
not
yet in any official release.
Once they have been tested by a few more people they will appear in 0.9.7j
and
later.
Ok, almost there...
Downloaded the latest 0.9.7 snapshot (2006
On Thu, Apr 06, 2006, Dr. Stephen Henson wrote:
>
> No you always need to send two certificates, it depends on what you want to
> do.
>
Urgle, typo. I mean to say "No you don't always need to send two
certificates..."
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
Op
On Thu, Apr 06, 2006, Francisco Javier Martinez Martinez wrote:
>
> Now I could import this .der certificate in my browser-certs repository,
> and I could see it as a intermediate CA, and the root CA certificate in the
> correct windows repository.
>
> But with this way I had to spread two cer
On Thu, Apr 06, 2006, Gianluca Varenni wrote:
>
>
> I tried to compile 0.9.7i (the latest available on the web) from the
> command line, using
>
> perl Configure
> VC-WIN32 --with-fipslibdir=c:\cvsroot\openssl_fips_10\openssl\fips-1.0
>
> and it failed:
>
> Usage: Configure [no- ...] [-Dxxx
- Original Message -
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
To:
Sent: Saturday, April 01, 2006 10:40 AM
Subject: Re: Compilation of OpenSSL-fips-1.0 under Windows
On Sat, Apr 01, 2006, Gianluca Varenni wrote:
The results:
- ./config fips run up to the end, spitting out t
Hello.
First thx for the quick answer.
The commands that I had been using are Openssl commands directly no perl
scripts:
Creation of root CA:
openssl req -new -x509 -days 10095 -out cacert.pem -key cakey.pem -config
./openssl.cnf
openssl x509 -inform PEM -outform DER -in cacert.pem -out
cacert.d
test
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Here is the relevant code. The problem is in this do_client_loop. I need to read from the server to check if it has closed but when i do this i cannot write to the server again for some reason. How can i rectify this..thanks in advance int do_client_loop(SSL *ssl) { int err, nwritten;
Hello list,
I have come across `make tests` failure in openssl 0.9.8a (from source) on
sparc64 (./Configure linux64-sparcv9), like some other posters before. BTW,
it also happens when configuring for linux-sparcv9 (-m32 / -Wa,-sparcv8a).
`make tests` results in a lot of wrong bits in the DES t
Hello,
> Is there any way to see --exactly-- what's going on? To log exactly
> what's going on during the connection/handshake procedure?
Try to add connection callback function, for example:
static void tls_connection_info_cb(const SSL * ssl, int type, int val)
{
if (type & SSL_CB_LOOP) {
I am trying to send the client a shutdown message. I use set shutdown on the server side and then i do ssl_shutdown.the return value from ssl_shutdown is 1 so i thought if i do get_shutdown() function on the client side that i should be able to get a return value that signals i have shutdow
23 matches
Mail list logo