On Fri, Jun 13, 2014 at 03:53:07AM +, Viktor Dukhovni wrote:
> For now, don't clear SSL_OP_NO_TICKET if
> it is already set unless you've provided your own session tickets.
That is your own session ticket keys.
--
Viktor.
_
On Thu, Jun 12, 2014 at 11:49:39AM +0200, Dimitrios Apostolou wrote:
> >The options start out "clear" by default.
>
> Are you positive on that? I'm quite sure that SSL_OP_LEGACY_SERVER_CONNECT
> is on for example.
I was not sure, looking at the code for SSL_CTX_new() in the "master"
development
Hi,
sorry for the first answer, I didn't read in details :-/
looking at your certificate chain, you are in fact trying to validate a
certificate issued by RapidSSL using pit-ca
---
Certificate chain
0 s:/serialNumber=abcu8WWhYjl3NQaipWsZh5eFlY3Giv71/OU=GT82566018/OU=See
www.rapidssl.com/resour
> From: owner-openssl-us...@openssl.org On Behalf Of Anant Rao
> Sent: Wednesday, June 11, 2014 09:45
> The signature is generated by a client program (also a 'c' program). What is
> the format of a signature? How do I find out?
The format for an ECDSA or DSA signature is an ASN.1 SEQUENCE of tw
On Thu, Jun 12, 2014, Karthik R wrote:
> Does the recent vulnerability exposed in openSSL - CVE-2014-0224 and
> CVE-2014-0221 affect openssl-fips-2.0.5 ?
>
> If Yes, How do I get fips compliant openSSL?
>
If you mean the FIPS module then no. The FIPS module does not contain any
TLS or DTLS co
lib.c cryptlib.c
C:\temp\102\openssl-1.0.2-stable-SNAP-20140612\tmp32dll\e_os.h(62) :
fatal error
C1083: Cannot open include file: 'openssl/opensslconf.h': No such file
or directory
NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual
Studio 10.0\VC\BIN\cl.EXE&q
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the setting
valid for ssl's SSL_CTX object.
SSL_CTX_add_client_CA() adds the CA na
Does the recent vulnerability exposed in openSSL - CVE-2014-0224 and
CVE-2014-0221 affect openssl-fips-2.0.5 ?
If Yes, How do I get fips compliant openSSL?
-Karthik R
I used this pascal procedure to handle other CAs
procedure TWEBStandaloneServer.InsertCA(CA,Root:UnicodeString);
var
x509 : pX509;
begin
{ The next four functions are only useful for TLS/SSL servers.
f_SSL_CTX_add_client_CA : function(C: PSSL_CTX; CaCert:
PX509): Integer; cdecl
I am pleased to announce some changes to the OpenSSL team (see
https://www.openssl.org/about/):
Andy Polyakov has been added to the core team
Tim Hudson has been added to the dev team
Viktor Dukhovni has been added to the dev team
We anticipate some more additions in the near future.
The
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the setting
valid for ssl's SSL_CTX object.
SSL_CTX_add_client_CA() adds the CA name
Hi
it seems that you could use the following functions :
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
-> sets the list of trusted CA sent to client (here Rapid SSL CA and pit-ca)
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char
*CApath)
On Wed, 11 Jun 2014, Viktor Dukhovni wrote:
On Wed, Jun 11, 2014 at 07:24:05PM +0200, Dimitrios Apostolou wrote:
Hello list,
given that I'm developing a custom client-server application that
communicates via TLS, I decided to zero-out all options since I don't care
about backwards compatibili
I used this pascal procedure to handle other CAs
procedure TWEBStandaloneServer.InsertCA(CA,Root:UnicodeString);
var
x509 : pX509;
begin
{ The next four functions are only useful for TLS/SSL servers.
f_SSL_CTX_add_client_CA : function(C: PSSL_CTX; CaCert:
PX509): Integer; cdecl
Yes,
The client certificate is excepted.
- Original Message -
From: Saurabh Pandya
To: openssl-users
Date: Thu, 12 Jun 2014 12:05:09 +0530
Subject: Re: 2 Server certificates
> To handle CA cert chain, you can use SSL_CTX_add_extra_chain_cert..
>
> are you expect certificate form clien
15 matches
Mail list logo