Hi,
I think box A be the owner of the certificate so when u revoke it in box A it works fine.Box B may not be the owner(issuer) and when revoking the certificate , it is verified whether it is revoked by the
corresponding person who issued the certificate by checking CN field in the certificate,
> > I am experiencing a SIGSEGV in BN_BLINDING_free because mt_blinding
> > appears to be 0x11 instead of a pointer to some memory.
>
> We had an identical issue reported here:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193633
> which is somehow caused by the use of Zimbra binaries.
T
Hi,
I'm currently developping a Python application which is a standalone
xml-rpc server, so with no web server in front of it.
(more details on http://www.pykota.com/software/pykoticon if needed)
this application works perfectly fine, but now I'd like to encrypt
all traffic between the client h
We are in the process of migrating from box A (AIX 4.3.3.0 running
openssl 0.9.6g) to box B (AIX 5.3.0.0 running openssl 0.9.8). Both A and
B access the same file system which contains our CA files.
When I revoke a certificate from box A, the process works as expected.
When I revoke a certific
Hello,
> The script is running on an AIX box.
>
> openssl enc -d -a -iv 31464F4C4C455431 -des3 -K
> 31323334466F6C6C657426265472696D6461746131323334 -in
> directory_encrypt/CS4_35854292.enc
>
> A.RETURN.PKT=bad decrypt 130746:error:0606506D:digital envelope
> routines:EVP_Dec
>
> ryptFinal:wro
Hello,
> $ openssl s_client -connect secure.incab.se:443/verify/server/click
> -cert debitech/debitech_CA.pem
>
> I get the following error;
>
> unable to load client certificate private key file
> 31977:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:644:Expecting: ANY PRIVAT
On Mon, Jun 12, 2006, Kyle Hamilton wrote:
> The server has supplied you with the certificate to its CA, which
> includes the CA's public key. You're putting it in the option for
> client authentication via certificate.
>
> I believe the option is -cacert, but I'm not quite certain. (I don't
>
Hi all,
I am getting the following error message on encrypted
packets. Can someone tell me what they mean and
what I can do to correct the problem. Google did not bring
me any meaningfull results.
The script is running on an AIX box.
openssl enc -d -a -iv 31464F4C4C455431 -des
The server has supplied you with the certificate to its CA, which
includes the CA's public key. You're putting it in the option for
client authentication via certificate.
I believe the option is -cacert, but I'm not quite certain. (I don't
use s_client enough to know for sure.)
-Kyle H
On 6/1
Kyle Hamilton wrote:
>
> No, you got the problem exactly right, and it is a bug that
> does need to be addressed. (HMAC_SHA1_SIG is defined as a
> string with a nil terminator. gcc doesn't throw the error,
> but g++ rightly does. I think there's a command-line
> parameter to disable that particu
Kyle Hamilton wrote:
No, you got the problem exactly right, and it is a bug that does need
to be addressed. (HMAC_SHA1_SIG is defined as a string with a nil
terminator. gcc doesn't throw the error, but g++ rightly does. I
think there's a command-line parameter to disable that particular
error
No, you got the problem exactly right, and it is a bug that does need
to be addressed. (HMAC_SHA1_SIG is defined as a string with a nil
terminator. gcc doesn't throw the error, but g++ rightly does. I
think there's a command-line parameter to disable that particular
error check, but I'm not sur
Hello list!
I am trying to connect to a server that has supplied me with a cert. The
cert in question is called debitech_CA.pem and when I supply the
following command;
$ openssl s_client -connect secure.incab.se:443/verify/server/click
-cert debitech/debitech_CA.pem
I get the following error;
On Mon, Jun 12, 2006 at 11:42:03AM +0200, Marek Marcola wrote:
> Hello,
>
> > Is there any support for multiple primary domains and associated
> > customer certificates on the same ip and port (i.e. a multihomed SSL
> > server).
>
> If you think of mechanism such server_name introduced in RFC 354
I just noticed an insanely bad typo in my original message:
> However, when "CC=gcc fipsld" is used, the following error results:
Should instead be
> However, when "CC=g++ fipsld" is used, the following error results:
Sorry for any confusion. Any help would be very much appreciated.
- Marty
I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
If you literally typed that command in then it is a violation of the
security
policy and the result is not compliant.
If the config script chose those options when you did:
./config fip
On Mon, Jun 12, 2006, Haridharan wrote:
> I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
> ./Configure fips hpux-ia64-cc
>
If you literally typed that command in then it is a violation of the security
policy and the result is not compliant.
If the config script chose
I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
And the official OpenSSL release 0.9.7j with the following options
./Configure threads zlib shared no-rc5 no-idea no-krb5
fips --openssldir=/opt/openssl hpux-ia64-cc
I tried compling the sam
On Wed, Jun 07, 2006 at 07:40:44PM -0400, Matthew L Daniel wrote:
> If this needs to go to the dev list, let me know.
>
> I am experiencing a SIGSEGV in BN_BLINDING_free because mt_blinding
> appears to be 0x11 instead of a pointer to some memory.
We had an identical issue reported here:
https:/
Hello,
> Is there any support for multiple primary domains and associated
> customer certificates on the same ip and port (i.e. a multihomed SSL
> server).
If you think of mechanism such server_name introduced in RFC 3546 6.1
(which may be used for this purpose) - not in this release.
Best regard
Is there any support for multiple primary domains and associated customer
certificates on the same ip and port (i.e. a multihomed SSL
server).
Hello
> Your proposition was to add further breakage. It is a mistake to issue a
> blocking socket operation if you do not wish to block, end of story. This is
> just a single example of one way this can break and it is impossible to fix
> it completely without breaking proper blocking applic
Hello,
> If a blocking application sets SSL_MODE_AUTO_RETRY, SSL_read() will
> only return once data is available, or a real error occurs. This must
> not change.
It is not set for s_client.
We are taking of these case.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
23 matches
Mail list logo