http://www.orangeparkcpa.com/att/vks.xdil?bpppv
3/28/2013 11:47:11 AM
nafe12
Just wondering - if SSL_VERIFY_PEER is set on a connection, if the verification
locations have not been loaded (SSL_CTX_load_verify_locations has not been set)
- does the connection fail? Or continue as unverified?
Also, is it possible to set the verify_location as somewhere remote (i.e. some
What's the best way to check whether an anonymous cipher is being used in an
active session.
Currently, we're doing a string search for "ADH" in ssl->session->cipher->name,
which is not ideal.
Thanks
__
OpenSSL Project
I realise that the eNULL/NULL ciphers add no encryption, but do they just
transmit the data as is, or is there some steganography used?
Thanks
__
OpenSSL Project http://www.openssl.org
User Support
- Original Message -
From: Viktor Dukhovni
To: "openssl-users@openssl.org"
Cc:
Sent: Friday, 1 February 2013, 15:22
Subject: Re: Null (or default) certificates?
On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote:
> Is it possible to have null, untrusted, or shared
Thanks Victor for your detailed reply.
I'm still to fully understand the specifics.
However, one question:
> On all servers that don't require client certificates
> (can't ask for client certs when using an anonymous ciphersuite)
> enable anonymous ciphers,
Is it possible to both - in the sens
Is it possible to have null, untrusted, or shared certificates, to simplify
deployment for apps that don't care about SSL?
Basically I have an infrastructure that uses OpenSSL for comms. As it is
protocol based, it's important that everything runs the same code (I.e. I don't
want different port
re-use on Linux and
Windows:
http://charette.no-ip.com:81/asio-openssl/
Stéphane Charette
On Sun, Apr 22, 2012 at 10:40, Nathan Smyth wrote:
I have some (non-web) applications which open a number of SSL connections
between each other. At the moment, a new SSL connection (session) is
establis
I have some (non-web) applications which open a number of SSL connections
between each other. At the moment, a new SSL connection (session) is
established on each connect. It seems I can benefit from SSL session reuse.
I was wondering if anyone has any example code (or can just describe the
pr
> If the apps only need to be able to verify certificates issued by that CA,
> then all they need is a copy of the CA's certificate and to know that that
> certificate should be used as a trust root. (And, perhaps, access to a CRL or
> something if you want to be able to revoke certificates befo
Hi all,
I created a CA on my local machine (using CA.sh), which I used to develop some
socket-based applications. The apps access the CA
using SSL_CTX_load_verify_locations, with the (local) path of the CA.
I'm now distributing the applications to other machines, and was wondering how
I can al
Hi there,
I have a dumb question. How can I tell whether SSL is actually protecting a tcp
connection - is there anyway from outside the application. I assume I should
look for something in Netstat?
I have quite a complicated application, with lots of sockets open between
various components. S
Thanks, Dave, for your reply. Very helpful.
> If this server is getting connections from the client above,
> and that client mistakenly handles WANT_READ by closing or
> even exiting/aborting, the server gets either TCP abort or
> unexpected TCP shutdown (aka EOF), which causes this error.
Err
The code itself is simple: Basically, just establish the socket connection.
Then:
SSL_set_fd(ssl, sock);
ret = SSL_accept(ssl); (or SSL_Connect for the client)
if (ret<= 0)
{ print errors }
else
OK
- Original Message -
From: Nathan Smyth
To: "openssl-users@openssl.
Hi there,
I'm having trouble getting the SSL Connect/Accepts to work.
For the client, SSL_Connect returns -1. Raising SSL Error = 2,
SSL_ERROR_WANT_READ
For the server, SSL_ACCEPT returns 0 (or -1 if non blocking), raising SSL Error
5 = SSL_ERROR_SYSCALL.
ERR_ERROR_STRING() prints:0005:lib
on, Jan 16, 2012 at 10:17 AM, Nathan Smyth wrote:
Just seeking advice/things to consider for deadlock (or 'wait') on a
SSL_Connect(). Unfortunately it stalls here, so there's no return code.
>
>The project establishes a number of SSL conns between various application
Just seeking advice/things to consider for deadlock (or 'wait') on a
SSL_Connect(). Unfortunately it stalls here, so there's no return code.
The project establishes a number of SSL conns between various application
instances. It's in C++, where standard socket libs are used to establish the
con
iring a bi-directional message exchange; both SSL_read() and SSL_write()
will try to continue any pending handshake.
Thanks!
- Original Message -
From: Nathan Smyth
To: "openssl-users@openssl.org"
Cc:
Sent: Sunday, 8 January 2012, 22:45
Subject: Re: socket functions on fd
>Pay special attention to the fact that sometimes an OpenSSL
>call to send or recv will ask you to wait (select) for it's own
>direction to be ready, sometimes for the other direction to be
>ready, depending on internal OpenSSL states.
Selects before the SSL_read/writes?
Any chance of a link t
Quick question.
Can you use the standard socket functions (i.e. poll/select) on a fd for a ssl
connection?
I know you need to use the ssl_read/writes and other functions etc to actually
'do stuff', but do the std socket state checking functions work on a socket
that has SSL initiated?
Thanks!!
Hi there,
I was wondering if has any examples (either pasted or links) on using file
descriptors (i.e. standard socket type operations) with OpenSSL.
I tried some basic code, but the things I'm doing don't seem to work (e.g. I
don't know how to build up a new SSL object given an existing fd on
Hi there,
I was wondering if has any examples (either pasted or links) on using file
descriptors (i.e. standard socket type operations) with OpenSSL.
I tried some basic code, but the things I'm doing don't seem to work (e.g. I
don't know how to build up a new SSL object given an existing fd o
22 matches
Mail list logo
