Hi
When I run ssl_server (after compiling ssl_server.c ), there is a error
below. Please help me to solve this error.
[EMAIL PROTECTED] Codevidu]# ./sslserver 8000
3691:error:140A90A1:SSL routines:SSL_CTX_new:library has no
ciphers:ssl_lib.c:1424:
Aborted
--
On Mon, Sep 24, 2007 at 03:01:56PM -0700, David Schwartz wrote:
>
> > SSL works just fine to prevent MITM with self-signed certs, provided
> > the client has prior knowledge of the self-signed cert.
>
> Right, but what if they don't?
Create a key management system that makes it so, or deploy a
Hello,
> I wish to thank you both for your responses and contributions. I found
> 2 fairly important functions in the ecdsa.h file, that dont seem to
> have been fleshed out (i.e. they are declared but I am unable to find
> the actual function bodies themselves). Could you please let me know
> if y
> SSL works just fine to prevent MITM with self-signed certs, provided
> the client has prior knowledge of the self-signed cert.
Right, but what if they don't?
> It can then
> check for the right public key, or the right certificate fingerprint
> (more convenient via the OpenSSL API than extract
Hello,
> > Basically, in this case you can use the original SSL authentication to
> > bootstrap a separate MITM detection step. I strongly recommend doing this in
> > a custom application if you use SSL in a way that prevents its normal MITM
> > detection from being effective.
>
> I strongly
On Mon, Sep 24, 2007 at 12:31:15PM -0700, David Schwartz wrote:
> > Hello David,
> > I would like to learn more on MITM in this particular scenario. I
> > used to believe that if a server is using a signed certificate,
> > the MITM is not possible (Is it possible with techniques like DNS
> > poiso
> Hello David,
> I would like to learn more on MITM in this particular scenario. I
> used to believe that if a server is using a signed certificate,
> the MITM is not possible (Is it possible with techniques like DNS
> poisoning?). Looks like I missed something important. Could you
> point me to t
>> Storing some fingerprint of a certificate or public key locally
>> in some trusted place (such as a local file system) seems to be
>> quite secure (should be the same level as having a CAs root
>> certificate in a file), however, I'm not sure if this works with
>> OpenSSL which seems to expect t
Hallo,
On 9/24/07, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 24, 2007, Alex Queiroz wrote:
>
> >
> > The problem is BIO_read keeps returning -1 and BIO_should_retry
> > keeps returning non-zero forever, so I'm stuck in an endless loop.
> > What may be causing this?
> >
>
> h
On Mon, Sep 24, 2007, Alex Queiroz wrote:
>
> The problem is BIO_read keeps returning -1 and BIO_should_retry
> keeps returning non-zero forever, so I'm stuck in an endless loop.
> What may be causing this?
>
http://www.openssl.org/support/faq.html#PROG15
Steve.
--
Dr Stephen N. Henson. E
Hello,
> It was seen that the CRYPTO_thread_id() uses getpid() which was
> returning same value for all threads. Instead of getpid() I used
> pthread_self() which appears to have solved the problem
> that I had reported in this mail. I am not seeing the problem
> re-occur.
> Another users post ref
Hi,
It was seen that the CRYPTO_thread_id() uses getpid() which was returning
same value for all threads. Instead of getpid() I used pthread_self() which
appears to have solved the problem
that I had reported in this mail. I am not seeing the problem re-occur.
Another users post referrring to the
> Storing some fingerprint of a certificate or public key locally
> in some trusted place (such as a local file system) seems to be
> quite secure (should be the same level as having a CAs root
> certificate in a file), however, I'm not sure if this works with
> OpenSSL which seems to expect to be
Hallo,
I'm trying to read the PEM public key from a memory BIO with the
following code. It's Delphi, but I think the meaning is clear:
=
procedure TJSEVPKey.GetPublicKeyPEM(jsni: TiJavaScriptNativeInterface);
const
bufLen = 2048;
var
bio: Pointer;
buf: Pointer;
len: Integer;
Hello,
> to decrypt the signature (looking at the RSA_verify()
> code):
> i = RSA_public_decrypt(128, cert1->signature->data, s,
> rsa_priv,
> RSA_PKCS1_PADDING);
> p=s;
> sig=d2i_X509_SIG(NULL,&p,(long)i);
Signature should be decrypted with RSA public key.
Private key is used to create s
Hi
I want to compare two X.509 certificates by
i. matching its digital signatures
ii. using the public key to decipher the signature of
cert1, read the
precalculated fingerprint, then calculate the cert2's
fingerprint, and
finally, compares the two fingerprints.
i. memcmp(cert1->signature-
Hi,
You need to specify a cipher for encrypting your private key. Something
like:
openssl rsa -in nopassword.key -des3 -out password.key
You will be prompted for a passphrase.
oh, thanks!
Regards
Marten
__
OpenSSL Project
On Sun, 2007-09-23 at 20:40 -0700, Jim Fox wrote:
> >
> > My question asked earlier and helpfully answered by Jim Fox opened a
> > whole can of worms for me. Googling around I found no two sites
> > that to
> > my untrained eye seem to do these steps in the same way. So I
> > borrowed a
> > few
* David Schwartz wrote on Sun, Sep 23, 2007 at 22:51 -0700:
> > Here is my understanding about a real CA.
> > A real CA would be an agency or like, which would have the infrastructure
> > required to sign certificate requests (say openssl toolkit, its own key
> > pair, its own root certificate etc)
I will be out of the office starting 09/24/2007 and will not return until
09/26/2007.
Hello,
I am currently out of the office, returning on Wed., 09/26. If an urgent
response is necessary, please call on my cell phone (812-457-0647). For
all other matters, please call the MIC (812-888-4332) f
Hello,
>
> I am running an application on HPUX 11i.
> The application fails in SSL_connect(). I tried to print the error
> message with the following code snippet:
> Also, which function should I use to make sure random number generator
> is working properly. I want this to be portable, as th
Hi,
I am running an application on HPUX 11i.
The application fails in SSL_connect(). I tried to print the error message with
the following code snippet:
==
ret = SSL_connect(ssl)
if (ret != 1)
{
char *m_file, *m_data;
int m_line = 0 , m_flags = 0;
print
22 matches
Mail list logo