Hi everybody,
my english is not so good, but i try to explain my
problem.
i connect to a server with my client-application.
All works fine
if i set had verification off.
if i set the verification, the servercertificat was
bad (verification-
error 19). i think
the problem is that i have
I'm writing an application that acts as an SSL server. It is pointed to
a certificate store directory that contains hashed (.m) links to
the certificates in the chain (individual PEM files), and told which
server certificate to use. I provide OpenSSL with these using
SSL_CTX_load_verify
Thanks Lutz,
I'm incorporating OpenSSL into a web browser and what I'm really after is a behavior
similar to the other browsers around i.e. when an untrusted site is visited the user
is warned but also gets the option to 'install' the received server certificate so
that the next time the site
On Wed, Apr 04, 2001 at 10:03:27AM +0100, Graeme English wrote:
> I'm incorporating OpenSSL into a web browser and what I'm really after is a behavior
>similar to the other browsers around i.e. when an untrusted site is visited the user
>is warned but also gets the option to 'install' the receiv
>>> [EMAIL PROTECTED] 04/04/01 10:32:37 >>>
>> As you say if I the peer sends the certificate chain then the verify error changes
>to X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, but I don't think this is the behavior I
>need (also its up to the web server whether it sends the chain, I believe)
>No,
On Wed, Apr 04, 2001 at 02:37:23PM +0100, Graeme English wrote:
> I mentioned this since previously I had not defined SSLCertificateChainFile in my
>httpd.conf (apache , mod_perl) and when I did the following (excuse the hack!)
> STACK_OF(X509) *cert_chain = (struct stack_st
>*)S
Hi everyone,
I'm trying to get apache with mod_proxy and mod_ssl (1.3.12/2.6.4) to
verify certificates on remote servers. It would automaticaly accept
self-signed certificates which is clearly a vulnerability.
I activated SSL_EXPERIMENTAL mode, and the program compiled without
incident, but wh
better.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Evan Cross" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 7:33 PM
Subje
Hi again,
I have finally managed to get the trusted certificate to
load into the application but now I am getting errors about
the certificate chain being to long.
The server only sends its certificate and the client loads
the Root CA cert to verify the server certificate.
As I stated before
Hi, all.
To test my sample SSL client program, I created two different CA files
from two different linux machines.
One from the SSL server machine(With the CA.pl -newca command) - the
right one, and another one from the different machine(With the same
CA.pl -newca command) - the false on for the t
Please stay with openssl-users...
On Thu, Jul 19, 2001 at 02:03:40PM -0600, Sejin wrote:
> One from the SSL server machine(With the CA.pl -newca command) - the
> right one, and another one from the different machine(With the same
> CA.pl -newca command) - the false on for the testing.
> My purpos
11 matches
Mail list logo