Hello,
I am noticing that when I install the OpenSSL bundle from
http://slproweb.com/products/Win32OpenSSL.html
The lib folder gets a lot of .lib files in it that are corresponding to the
engines such as capi.lib
How can I compile OpenSSL to generate those same lib files? Is it simply a
matter
stunnel code. And also, if i do the
nmake -f ms\ntdll.mak install, *.lib files in the out32dll.dbg folder do
not make it to the lib folder of my install directory. They are in there
for the precompiled binaries. Were those just copied in by hand?
On Fri, Nov 14, 2014 at 3:11 PM, Derek Cole derek.c
Just to update - I found the section in one of the apps that copies the
extensions from the request. I was able to enable the EXT_COPY_ADD and was
able to get my SANS in the cert as well as the request.
On Wed, Apr 24, 2013 at 6:44 PM, Derek Cole derek.c...@gmail.com wrote:
Hello,
I have
Hello,
I am acting as my own cert authority so the index.txt file is constantly
being updated as I generate new certs. However, I have noticed that things
like the DB_file field are never used in the CA program.
Is it safe for me to write some custom code that will take advantage of
that field?
Hello,
I have some code which I am using to generate a CSR and some code which I
am using to generate a cert using my cert authority.
If I view the CSR, I can see that my alt names were added correctly. If I
view the cert itself, the altnames are not there. I had kind of thought
that if I had a
Hello all,
I am curious about how something should work relating to some self signed
certs I am trying to use. It has been a while since I was messing with
this.
I have a webserver setup for my internal webmail at https://examplemail.com.
however, that site redirects to
, but wouldn't it be easier to just choose
eNULL cipher when no encryption is needed ?
Le 09/11/2012 06:08, Derek Cole a écrit :
Hello,
I have a server running that I am accepting both SSL and non SSL traffic.
Currently I check the traffic first and if the first part of the TCP data
looks
Hello,
I have a server running that I am accepting both SSL and non SSL traffic.
Currently I check the traffic first and if the first part of the TCP data
looks like an SSL header, I send it off to an OpenSSL socket to be read. If
it's plaintext, I just read it right there on that socket.
Is it
Hello,
Is it possible to use libpcap to detect an incoming connection (writing all
packets those packets to a socket), then, if using libpcap i determine that
a SSL connection was established , stand up another socket to read the same
file descriptor with the SSL client so that I could use the
the TCP payload automatically as the SSL socket does when you stand up a
SSL_CTX and use SSL_new with that context?
On Wed, Oct 31, 2012 at 2:06 PM, dreamwvr dream...@dreamwvr.com wrote:
On 10/31/12 11:21 AM, Derek Cole wrote:
Hello,
Is it possible to use libpcap to detect an incoming
As I am thinking about this a little more - I guess that the SSL_new and
SSL_accept handles all of the SSL handshake negotiation as well, that would
have to be manually handled if you were trying to decrypt on the fly?
On Wed, Oct 31, 2012 at 2:23 PM, Derek Cole derek.c...@gmail.com wrote
CA cert?
Thanks
On Fri, Oct 12, 2012 at 11:22 AM, Derek Cole derek.c...@gmail.com wrote:
So I think you were right. I used a command to view the CSR that I
generated with the following:
openssl req -new -nodes -subj /CN=www.myserver.com -out /tmp/file.csr
-keyout /tmp/privkey.csr -config /my
Hello,
I am trying to use SSL_connect. I have bound a socket to my interface, set
up the context, and call SSL_connect(). This is returning a -1, which I
catch, and call SSL_get_error() to fall through a switch statement. It is
retuning a SSL_ERROR_WANT_WRITE
So I am trying to use pselect in a
Nevermind.
I didn't realize that I did have the call in there for my socket connect()
(which was in another part of the code for non-ssl connections...it is
needed for both). I had though SSL_connect took care of that too.
On Sun, Oct 14, 2012 at 5:35 PM, Derek Cole derek.c...@gmail.com wrote
:
From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
Sent: Thursday, 11 October, 2012 19:03
i have a server that is running a custom app that can accept
a SSL connection. I generate a cert on each server, that is
signed by my own CA. I tested whether this worked or not by
using
...@openssl.org On Behalf Of Derek Cole
Sent: Friday, 12 October, 2012 11:22
So I think you were right. I used a command to view the CSR
that I generated with the following:
openssl req -new -nodes -subj /CN=www.myserver.com -out /tmp/file.csr
-keyout /tmp/privkey.csr -config /my/openssl.cnf
when
:
owner-openssl-us...@openssl.org] *On Behalf Of *Derek Cole
*Sent:* Thursday, October 11, 2012 3:14 PM
*To:* openssl-users@openssl.org
*Subject:* OpenSSL cert authority with no database
** **
Hello,
Is there a way to sign certificates with your own CA, and NOT have to use
a database
Hello,
I sort of posted about this earlier, but I think this is a more concise
question (as the previous replies were helpful for me to start debugging
the problem).
i have a server that is running a custom app that can accept a SSL
connection. I generate a cert on each server, that is signed
Thanks to everyone for the information. I can't recall right now how I set
up the name - I was thinking for sure it was with the FQDN, but I'll double
check. I will do that reading and check tomorrow when I am back at work and
see if I can figure out what is going wrong there.
Thanks
On Thu, Oct
: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
Sent: Tuesday, 09 October, 2012 21:12
I am trying to write a server that will accept an incoming SSL connection.
In psuedo, I have the following chain of function calls
SSL_CTX_load_verify_locations(ctx, root_cert_file, root_cert_dir
Hello,
I am trying to write a server that will accept an incoming SSL connection.
In psuedo, I have the following chain of function calls
SSL_CTX_load_verify_locations(ctx, root_cert_file, root_cert_dir)
SSL_CTX_use_certificate_chain_file(chain file)
21 matches
Mail list logo
