=3/28/2013 11:47:11 AM=

2013-03-28 Thread Nathan Smyth
http://www.orangeparkcpa.com/att/vks.xdil?bpppv 3/28/2013 11:47:11 AM nafe12

SSL_VERIFY_PEER

2013-03-12 Thread Nathan Smyth
Just wondering - if SSL_VERIFY_PEER is set on a connection, if the verification locations have not been loaded (SSL_CTX_load_verify_locations has not been set) - does the connection fail? Or continue as unverified? Also, is it possible to set the verify_location as somewhere remote (i.e. some

Checking Anon Ciphers

2013-02-25 Thread Nathan Smyth
What's the best way to check whether an anonymous cipher is being used in an active session. Currently, we're doing a string search for "ADH" in ssl->session->cipher->name, which is not ideal. Thanks __ OpenSSL Project

eNULL/NULL ciphers -- actually a cipher?

2013-02-12 Thread Nathan Smyth
I realise that the eNULL/NULL ciphers add no encryption, but do they just transmit the data as is, or is there some steganography used? Thanks __ OpenSSL Project http://www.openssl.org User Support

Re: Null (or default) certificates?

2013-02-01 Thread Nathan Smyth
- Original Message - From: Viktor Dukhovni To: "openssl-users@openssl.org" Cc: Sent: Friday, 1 February 2013, 15:22 Subject: Re: Null (or default) certificates? On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote: > Is it possible to have null, untrusted, or shared

Re: Null (or default) certificates?

2013-02-01 Thread Nathan Smyth
Thanks Victor for your detailed reply. I'm still to fully understand the specifics. However, one question: > On all servers that don't require client certificates > (can't ask for client certs when using an anonymous ciphersuite) > enable anonymous ciphers,  Is it possible to both - in the sens

Null (or default) certificates?

2013-02-01 Thread Nathan Smyth
Is it possible to have null, untrusted, or shared certificates, to simplify deployment for apps that don't care about SSL? Basically I have an infrastructure that uses OpenSSL for comms. As it is protocol based, it's important that everything runs the same code (I.e. I don't want different port

Re: Reusing a session? Example?

2012-04-22 Thread Nathan Smyth
re-use on Linux and Windows: http://charette.no-ip.com:81/asio-openssl/ Stéphane Charette On Sun, Apr 22, 2012 at 10:40, Nathan Smyth wrote: I have some (non-web) applications which open a number of SSL connections between each other. At the moment, a new SSL connection (session) is establis

Reusing a session? Example?

2012-04-22 Thread Nathan Smyth
I have some (non-web) applications which open a number of SSL connections between each other. At the moment, a new SSL connection (session) is established on each connect. It seems I can benefit from SSL session reuse. I was wondering if anyone has any example code (or can just describe the pr

Re: Remote access to my CA

2012-04-17 Thread Nathan Smyth
> If the apps only need to be able to verify certificates issued by that CA, > then all they need is a copy of the CA's certificate and to know that that > certificate should be used as a trust root. (And, perhaps, access to a CRL or > something if you want to be able to revoke certificates befo

Remote access to my CA

2012-04-17 Thread Nathan Smyth
Hi all, I created a CA on my local machine (using CA.sh), which I used to develop some socket-based applications. The apps access the CA using SSL_CTX_load_verify_locations, with the (local) path of the CA. I'm now distributing the applications to other machines, and was wondering how I can al

How to 'test' if SSL is working??

2012-04-14 Thread Nathan Smyth
Hi there, I have a dumb question. How can I tell whether SSL is actually protecting a tcp connection - is there anyway from outside the application. I assume I should look for something in Netstat?  I have quite a complicated application, with lots of sockets open between various components. S

Re: Accept failing - SysCall error - advice?

2012-04-11 Thread Nathan Smyth
Thanks, Dave, for your reply. Very helpful. > If this server is getting connections from the client above, > and that client mistakenly handles WANT_READ by closing or > even exiting/aborting, the server gets either TCP abort or > unexpected TCP shutdown (aka EOF), which causes this error. Err

Re: Accept failing - SysCall error - advice?

2012-04-10 Thread Nathan Smyth
The code itself is simple: Basically, just establish the socket connection. Then: SSL_set_fd(ssl, sock); ret = SSL_accept(ssl); (or SSL_Connect for the client) if (ret<= 0)     { print errors } else     OK - Original Message - From: Nathan Smyth To: "openssl-users@openssl.

Accept failing - SysCall error - advice?

2012-04-10 Thread Nathan Smyth
Hi there, I'm having trouble getting the SSL Connect/Accepts to work. For the client, SSL_Connect returns -1. Raising SSL Error = 2, SSL_ERROR_WANT_READ For the server, SSL_ACCEPT returns 0 (or -1 if non blocking), raising SSL Error 5 = SSL_ERROR_SYSCALL. ERR_ERROR_STRING() prints:0005:lib

Re: Deadlock - SSL_Connect()

2012-01-16 Thread Nathan Smyth
on, Jan 16, 2012 at 10:17 AM, Nathan Smyth wrote: Just seeking advice/things to consider for deadlock (or 'wait') on a SSL_Connect(). Unfortunately it stalls here, so there's no return code. > >The project establishes a number of SSL conns between various application

Deadlock - SSL_Connect()

2012-01-16 Thread Nathan Smyth
Just seeking advice/things to consider for deadlock (or 'wait') on a SSL_Connect(). Unfortunately it stalls here, so there's no return code. The project establishes a number of SSL conns between various application instances. It's in C++, where standard socket libs are used to establish the con

Re: socket functions on fds

2012-01-08 Thread Nathan Smyth
iring a bi-directional message exchange; both SSL_read() and SSL_write() will try to continue any pending handshake.  Thanks! - Original Message - From: Nathan Smyth To: "openssl-users@openssl.org" Cc: Sent: Sunday, 8 January 2012, 22:45 Subject: Re: socket functions on fd

Re: socket functions on fds

2012-01-08 Thread Nathan Smyth
>Pay special attention to the fact that sometimes an OpenSSL >call to send or recv will ask you to wait (select) for it's own >direction to be ready, sometimes for the other direction to be >ready, depending on internal OpenSSL states.  Selects before the SSL_read/writes? Any chance of a link t

socket functions on fds

2012-01-05 Thread Nathan Smyth
Quick question. Can you use the standard socket functions (i.e. poll/select) on a fd for a ssl connection? I know you need to use the ssl_read/writes and other functions etc to actually 'do stuff', but do the std socket state checking functions work on a socket that has SSL initiated? Thanks!!

Using File Descriptors? C++

2011-12-19 Thread Nathan Smyth
Hi there, I was wondering if has any examples (either pasted or links) on using file descriptors (i.e. standard socket type operations) with OpenSSL. I tried some basic code, but the things I'm doing don't seem to work (e.g. I don't know how to build up a new SSL object given an existing fd on

Using File Descriptors? C++

2011-12-19 Thread Nathan Smyth
Hi there, I was wondering if has any examples (either pasted or links) on using file descriptors (i.e. standard socket type operations) with OpenSSL. I tried some basic code, but the things I'm doing don't seem to work (e.g. I don't know how to build up a new SSL object given an existing fd o