Hmm ok I get it.
So, to be able to get the fingerprint for the used certificates during a
TLS handshake is possible by using the SSL_set_verify callbacks in the
application or is the mentioned postfix useful for this purpose?
On Mon, Mar 15, 2021 at 12:23:54PM +0100, Robert Ionescu wrote:
> I already found the callbacks for the verification process and I am
> still trying to figure it out if it is possible to change them in a
> way that they will print some certificate information to determine
> which certificate was
I already found the callbacks for the verification process and I am still
trying to figure it out if it is possible to change them in a way that they
will print some certificate information to determine which certificate was
used?
On Fri, Mar 12, 2021 at 09:06:57AM +0100, Robert Ionescu wrote:
> With "wrong" certificate I meant "invalid certificate". So the idea
> was in a bigger environment with a lot of certificates, to make the
> invalid certificate debugging easier by getting more information from
> openssl to
On Thu, Mar 11, 2021 at 8:40 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users On Behalf Of
> Viktor
> > Dukhovni
> > Sent: Thursday, 11 March, 2021 10:39
> > To: openssl-users@openssl.org
> > Subject: Re: Client certificate a
> From: openssl-users On Behalf Of Viktor
> Dukhovni
> Sent: Thursday, 11 March, 2021 10:39
> To: openssl-users@openssl.org
> Subject: Re: Client certificate authentication
>
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am sear
If he's trying to muck with the library, he's probably struggling with a
precompiled binary he doesn't have the source code to.
-Kyle H
On Thu, Mar 11, 2021, 11:48 Viktor Dukhovni
wrote:
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am searching for the functions in
> On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
>
> I am searching for the functions in openssl used to verify the clients
> certificate when using mutual authentication.
The same code verifies peer certificate chains, whether client or server.
> My intention is to find a way to log a
Hi,
I am searching for the functions in openssl used to verify the clients
certificate when using mutual authentication.
My intention is to find a way to log a wrong user certificate directly
inside the openssl source.
Any help would be highly appreciated
Hi,
I am trying to get 2 way certificate authentication going in Apache. I have
installed the certificate into my browser (firefox) but it just times out.
Anyone have any ideas? Thanks.
Dave
Here is the ssl section of my Apache config
SSLEngine on
SSLOptions +ExportCertData +StrictRequire
I'm trying to set client certificate authentication.
It looks that I cant set even the simple demo...
With apache2.2 installed:
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart
Browse with firefox to (https)localhost - page retrieved after
security warning, ssl working
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
I am not 100% sure of the details, but I do recall a hang being a
symptom of using a
On Sat March 20 2010, Nuno Gonçalves wrote:
I'm trying to set client certificate authentication.
It looks that I cant set even the simple demo...
Look like your e-mail client isn't correct either, it
seems to be sending the same message every two hours.
Mike
With apache2.2 installed:
sudo
On Sat, Mar 20, 2010, Graham Leggett wrote:
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
I am not 100% sure of the details, but I
the http:// links. To see
if the list had that blocked due to spam.
I apologize for any inconvenience.
Regards,
Nuno
On Sat, Mar 20, 2010 at 18:13, Michael S. Zick open...@morethan.org wrote:
On Sat March 20 2010, Nuno Gonçalves wrote:
I'm trying to set client certificate authentication
Wasn't there a pb with a great number of CA names? There are 16K already?
The pb was in apache ad some of my three neurons seem to agree.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
/PS
__
OpenSSL Project
You are right.
Looks ubuntu packages didn't get that update up to now.
Thanks,
Nuno
2010/3/20 Peter Sylvester peter.sylves...@edelweb.fr:
Wasn't there a pb with a great number of CA names? There are 16K already?
The pb was in apache ad some of my three neurons seem to agree.
We're currently working to produce on software to decrypt S-63 maps:
http://www.iho.shom.fr/publicat/free/files/S-63_e1.1_EN_2008.pdf
We're trying to use OpenSSL to perform the data authentication and
integrity checking. However, the descriptions of data formats in the
OpenSSL
Hello list
I have been experimenting on client certificate authentication using openssl
s_server command
but i have a problem in this case:
i am running ssl server using the command:
openssl s_server -accept 443 -cert sslcert/cacert.pem -key
sslcert/private/cakey.pem -Verify 1 -CAfile ca
: 505-844-2018
Email: [EMAIL PROTECTED]
-Original Message-
From: Bencoe, Michael K
Sent: Sunday, June 05, 2005 7:34 PM
To: openssl-users@openssl.org
Subject: CA certificate authentication and more
Our development team just completed a successful experiment using SSL
and mutual certificate
Bencoe, Michael K wrote:
Our development team just completed a successful experiment using SSL
and mutual certificate authentication between a Java socket server and a
C++ socket client. The C++ client used OpenSSL, while the Java server
used the SSL services provided with the 1.4 SDK
Mike Koponick wrote:
Hello Everyone,
Please forgive me, I am a newbie. I would like to authenticate my
users to a website SQL database via a certificate.
Could I create a certificate that would allow a specific user (that
the certificate was created for) to authenticate to a website that has
Hello Everyone,
Please forgive me, I am a newbie. I would like to authenticate my users to a website SQL database via a certificate.
Could I create a certificate that would allow a specific user (that the certificate was created for) to authenticate to a website that has the username/password
[EMAIL PROTECTED] wrote:
Is there a (reasonable) way to authenticate a client (browser)
certificate from a CGI without having to modify the web server
configuration.
What we are up against is that we produce a package that is supported
on a variety of platforms and web servers. We have been
Is there a (reasonable) way to authenticate a client (browser)
certificate from a CGI without having to modify the web server
configuration.
What we are up against is that we produce a package that is supported
on a variety of platforms and web servers. We have been informed the
to meet
Reposting this since it got lost in the churn.
I have a Perl script using that is failing mysteriously to connect with
an HTTPS site requiring client certificates for authentication. Here's
the command that allows me to connect to the site in question:
openssl s_client -connect hostname:443
I have a Perl script using that is failing mysteriously to connect with
an HTTPS site requiring client certificates for authentication. Here's
the command that allows me to connect to the site in question:
openssl s_client -connect hostname:443 -cert test.crt
-key test.key -CAfile
How can i verify from an OpenSSL server application if the client certificate/private
key matches the server certificate/private key?
regards
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
Marius Cabas wrote:
How can i verify from an OpenSSL server application if the client
certificate/private key matches the server certificate/private key?
What do you mean,, match? The keypair used by the server is not the
same keypair used by the client. Do you mean something like are signed
was adding support for Apache 2 fairly soon.
W.r.t : What kind of LDAP lookup works best with
X509_NAME_oneline()-style names?
do check the howto's. The certificate authentication can be done
against the certificate subject or serial number.
W.r.t: Should the LDAP tree be somewhat special?
It does
with client certificate
authentication
Dear group,
Has anybody tried doing ldap client certificate authentication for an
apache
2.0.39 ssl server ?
Our environment is :
RedHat linux 7.1 kernel 2.4.x
apache 2.0.39 (inc. mod_ssl)
openssl-engine-0.9.6g
openldap (on a different redhat linux
On Wed, 2 Oct 2002, Sarath Chandra M wrote:
Dear Jose,
I had looked at the site u mentioned. But my problem is in applying the
patch (http://authzldap.othello.ch/modssl-patch.html) to mod_ssl
as said in the installation page of the same site.
If you could tell me how to apply this patch,
Title: Message
Dear group,Has anybody tried doing ldap client certificate
authentication for an apache2.0.39 ssl server ?Our environment is
:RedHat linux 7.1 kernel 2.4.xapache 2.0.39 (inc.
mod_ssl)openssl-engine-0.9.6gopenldap (on a different redhat linux
server)The apache website has
I get the following error on the client:
24611:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:s3_pkt.c:985:SSL alert number 51
24611:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
and on the server:
24610:error:0407006A:rsa
Benjamin Grosman [EMAIL PROTECTED]:
I am able to fetch the issue and subject details of the client certificate
from inside the server, but how do I know that someone hasn't simply
generated their own certificate with the same details?
If you initialize the verification settings with about
I've been trying to set up "require" certificates for my web site. I added
the CA Certificates to the conf/ssl.crt directory and the browsers offer
more certificates than they did before I added the CA Certs. The problem is
that once I submit the certificate the server refuses the certificates.
Howard Uman wrote:
I've been trying to set up "require" certificates for my web site. I added
the CA Certificates to the conf/ssl.crt directory and the browsers offer
more certificates than they did before I added the CA Certs. The problem is
that once I submit the certificate the server
37 matches
Mail list logo