Re: Server won't request for client certificate

2010-02-02 Thread sandeep kiran p
Can you provide the trace output files that Kyle asked for? Probably that can help us understand whats happening. -Sandeep On Tue, Feb 2, 2010 at 9:58 AM, Felipe Franciosi wrote: > Hi all, > > Thanks for all the feedback I received regarding this matter. > > I'm just sending one last message to

Re: SSL renegotiation clarifications

2010-02-02 Thread Kyle Hamilton
Either side can initiate a renegotiation at any point. It does not matter which side does it. The Server does it by sending a HelloRequest, the Client does it by sending a ClientHello. (When the Client sees a HelloRequest from the server, it responds with a ClientHello if it is willing to renego

Re: Server won't request for client certificate

2010-02-02 Thread Felipe Franciosi
Hi all, Thanks for all the feedback I received regarding this matter. I'm just sending one last message to close the issue: despite BIO_do_handshake() succeeding, I couldn't retrieve the client certificate with SSL_get_peer_certificate(). :-( What I did is remove the BIO layer from my software a

Re: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

2010-02-02 Thread John R Pierce
Ujwal Chinthala wrote: Hmm, that could be a problem. This code is going to run on a box which is shipped to the customer. So I don't believe we want to ship these boxes with private keys in them :) any PKI fully secured session requires each host to have its own private key, and the other

RE: SSL renegotiation clarifications

2010-02-02 Thread Eisenacher, Patrick
Saju, forget about sender and receiver. Your communication endpoint, ie. client or server, issues a renegotiation on an SSL connection handle, just like it reads and writes to this SSL connection handle. Which logic you apply on when to issue your call to renegotiate is up to you and depends on

RE: SSL renegotiation clarifications

2010-02-02 Thread Saju Paul
Thank you Patrick. I'm aware that the SSL Client (SSL_connect) and SSL Server(SSL_accept) can renegotiate an SSL session. But my question is should the Sender(SSL_write) or the Receiver(SSL_read) do the renegotiation? For ex: if the Sender and Receiver decides to renegotiate either at a size(1G)

RE: [FWD] Building Win64 0.9.8l on VS2008

2010-02-02 Thread Ariel Salomon
This is the issue I reported as RT #2086. The problem has been fixed in the 1.0.0 tree but only partly addressed in the 0.9.8 tree. As I posted last week: Appears to be fixed in 1.0.0 tree; but 0.9.8m-beta still has part of the problem because it didn't get the "remove duplicate code" part of

RE: SSL renegotiation clarifications

2010-02-02 Thread Eisenacher, Patrick
Hi Saju, -Original Message- From: Saju Paul Who as in Sender-encrypter or Receiver-decrypter should renegotiate an SSL session? Can it be both or is it only the Sender? Is there a document that describes the protocol? Does renegotiation always require SSL handshake? (SSL_do_handshake)

Re: Why don't openssl RSA work for Word Document file?

2010-02-02 Thread Steffen DETTMER
> Namrata Sorte wrote: > > Ya to be more specific, I want to sign and verify Word Document > > File and using command line will be fine for now. Are you looking for something like openssl smime -sign -in ml.doc... openssl smime -encrypt -in in.doc... maybe? With RSA based certificates it uses R

[FWD] Building Win64 0.9.8l on VS2008

2010-02-02 Thread Lutz Jaenicke
Forwarded to openssl-users for public discussion Best regards, Lutz - Forwarded message from Del Hyman Jones - Subject: Building Win64 0.9.8l on VS2008 Date: Mon, 1 Feb 2010 17:15:28 - Thread-Topic: Building Win64 0.9.8l on VS2008 Thread-Index: AcqjYiayMNdYT1+HTXyt5bFZjxGglQ

Re: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

2010-02-02 Thread Ujwal Chinthala
Hmm, that could be a problem. This code is going to run on a box which is shipped to the customer. So I don't believe we want to ship these boxes with private keys in them :)__ OpenSSL Project htt

SSL renegotiation clarifications

2010-02-02 Thread Saju Paul
1. Who as in Sender-encrypter or Receiver-decrypter should renegotiate an SSL session? Can it be both or is it only the Sender? Is there a document that describes the protocol? 2. Does renegotiation always require SSL handshake? (SSL_do_handshake) Are they any circumstances where the ha