Thanks Lutz,
And further reading on the archive and google has also enlightened me on this.
I'm actually almost surprised that this has worked at all, but I guess it
depends on the relative sizes of the SSL block and my 8k block.
I don't want to sound too ignorant of SSL (although I am), but w
Hi,
Does the SSL layer have its own read buffering?
Our application has a standard non-blocking socket loop where we wait for a read
event, read 8k, and go back to wait for more. If we have more than 8k then we
have multiple events until the data is complete.
On extending the application to
The depth should be greater than or equal to the depth of the CA chain. i.e. if
you have:
Certificate
Intermediate CA 1
Intermediate CA 2
Root CA
... you need a depth of 4.
More specifically if the Root CA is not found within your verify depth, then the
verification will
Just use Anonymous Diffie-Hellman if you don't need certificates. All you need
to do is change the cipher set.
G.
"Marco Cunha" <[EMAIL PROTECTED]> on 11/01/2001 11:51:54
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:(bcc: George Shaw/EMEA/Viewlocity)
Subject: RE:
Hi,
If you are allowing anon-DH, then you are permitting certificate-less SSL, which
is a potential security hole, unless your implementation is not worried about
that.
Our implementation needed to enable this, and our solution was to make this
configurable to the end user, then it is their re
Hi,
I've been investigating the way that verify depth works in OpenSSL, and I've
managed to confuse myself over what it actually means. It seems to be used in
two places, with different meanings and/or effects.
1. In the verify_callback example in s_cb.c.
Here the verify depth is set as a g