], s390x[3], power
PC[4], ARM[5] ). If you want to test another architecture, we have created
a toolkit[6] that you can use to perform the statistical tests easily.
*Sincerely,*
*George Pantelakis*
1 - https://minerva.crocs.fi.muni.cz/
2 - https://github.com/openssl/openssl/issues/23860/
3 - https
:) I did have to make minor modifications for it to
compile with the Visual Studio C++ compiler, though.
Thanks,
George
On 2021-01-26 4:29 a.m., Jan Just Keijser wrote:
On 26/01/21 05:28, George wrote:
Hi,
I'm trying to get OpenSSL 1.0.2u with the FIPS Object Module
2.0.16 in Windows 10
reader" actually get called. Do I need to do anything else to
enable this functionality? I would like to force the user to enter PIN
number every time.
Thanks,
George
oblems in Windows but there is no real answer as to why they
are occurring:
https://www.codeproject.com/Questions/1254182/Smart-card-apis-throw-first-chance-exceptions-but
Thanks,
George
On 2021-01-11 9:41 a.m., Michael Wojcik wrote:
From: openssl-users On Behalf Of George
Sent: Sunday, 10 J
the suggested
workaround, it worked.
My original code, which is based on
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c
worked perfectly after I added in the libp11 fix. :)
Thanks!
George
On 2021-01-11 11:01 a.m., Jan Just Keijser wrote:
Hi,
On 08/01/21 22:35, George wrote:
Hi
n generate an exception on C_GetSlotList(...) multiple times but
it eventually is successful. Is this normal behaviour?
int pkcs11_enumerate_slots(PKCS11_CTX *ctx, PKCS11_SLOT **slotp,
unsigned int *countp)
{
. . .
rv = cpriv->method->C_GetSlotList(FALSE, NULL_PTR, );
. . .
}
related to this in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c
Thanks,
George
On 2021-01-05 11:51 a.m., Jan Just Keijser wrote:
Hi,
On 05/01/21 07:39, George wrote:
Hi,
I was looking at the code in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c and
rea
cert
label: Card Authentication - PIVKey
E7F4FBE4644BA647ADDBE261BE596757
subject: DN: CN=PIVKey E7F4FBE4644BA647ADDBE261BE596757
*ID: a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45*
Thanks,
George
On 2020-12-23 6:00 a.m., Jan Just Keijser wrote:
Hi,
callback
functions, or should it already contain a value when
ENGINE_load_private_key is called?
Is there a way to skip the callback transfer_pin and use a hard coded
pin for test purposes when calling ENGINE_load_private_key(...)?
Thanks!
George
On 2020-12-19 8:05 p.m., Jan Just Keij
gt; x509 -engine pkcs11 -signkey
"pkcs11:object=Authentication - *;type=private;pin-value=123456"
-keyform engine -in req2.pem -out cert2.pem
Thanks,
George
On 2020-12-18 3:40 a.m., Jan Just Keijser wrote:
Hi,
On 18/12/20 06:21, George wrote:
Hi,
I'm
cmd_string(pkey_engine, "LIST_ADD", "1", 0);
ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
ENGINE_ctrl_cmd_string(pkey_engine, "MODULE_PATH",
pkcs11MiddlewareLibrary, 0);
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
Thanks!
George
Ok. So I use the libp11 project DLL file for the SO_PATH and my smart
card middleware DLL for the MODULE_PATH when setting up the OpenSSL Engine?
Thanks,
George
On 2020-12-17 3:22 a.m., Jan Just Keijser wrote:
Hi,
On 16/12/20 20:26, George wrote:
Hi,
I've been looking at the code
gine, "LOAD", NULL, 0);
Do you see anything wrong with this?
Thanks,
George
On 2020-12-15 4:38 a.m., Jan Just Keijser wrote:
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actually going to populate EVP_PKEY with a private
key in the callback function:
int (*client_cert_cb)(SSL
have a private key, should I use something else?
Thanks,
George
On 2020-12-14 12:59 p.m., Michael Wojcik wrote:
You can't get the private key from the smartcard. Instead, you have to let the
engine do the encryption. I don't know what ENGINE_load_private_key actually
does - in my PKCS#11 work
it was not possible to get a private key from a smart card?
Once I have pkey, do I simply use it within the /client_cert_cb/
callback function?
Thanks,
George
On 2020-12-14 10:58 a.m., Michael Wojcik wrote:
From: openssl-users On Behalf Of George
Sent: Monday, 14 December, 2020 08:15
Thanks
/work with Visual Studio in Windows?
Are there any other ways to get the Smart Card to work without needing
to install additional software?
Thanks!
George
On 2020-12-14 3:51 a.m., Jan Just Keijser wrote:
Hi,
On 14/12/20 08:08, George wrote:
Hi,
I'm new to OpenSSL and am trying to set up
know how I can get around this problem?
Thanks,
George
Yes, indeed I don't want to take into account the CN, only the SANs. Thanks
for the extra flag and all the clarifications!
Best regards,
Theodor
>
>
> > > > For now I am using X509_VERIFY_PARAM_set1_host with
> SSL_CTX_set1_param to
> > > > do this specific check.
> > >
> > > That's the
> I am writing a SSL/TLS client (using Boost.Beast but underlying it's using
> OpenSSL) and although I have set on the SSL context the 'verify_peer'
flag,
> there is no verification to prove the server presents an X509 which
> contains in the Subject Alternative Names the hostname of that server.
I am writing a SSL/TLS client (using Boost.Beast but underlying it's using
OpenSSL) and although I have set on the SSL context the 'verify_peer' flag,
there is no verification to prove the server presents an X509 which
contains in the Subject Alternative Names the hostname of that server.
As this
the 0.9.8e code, before moving to a more recent
version.
Best regards,
George Shaw.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
.
-Original Message-
From: Michel [mailto:msa...@paybox.com]
Sent: 03 November 2011 14:10
To: openssl-users@openssl.org
Cc: Shaw Graham George
Subject: Re: Empty CA name list in Certificate Request in 0.9.8e
Hi George,
didn't you forget a call to :
SSL_CTX_set_client_CA_list()
see http
DLTSRVPGM SRVPGM(OPENSSL/libssl)
CPF2105: Object LIBSSL in OPENSSL type *SRVPGM not found.
ssl/*.o does not link to a module object
GMAKE[1]: Leaving directory `/home/qsecofr/openssl-0.9.8e'
On Tue, Apr 6, 2010 at 4:18 PM, Shaw Graham George gs...@axway.com
wrote:
Hmm, my version
still have CCSID of 37.
Pankaj
On Sun, Apr 4, 2010 at 8:23 PM, Shaw Graham George gs...@axway.com
wrote:
You should read the detail of the readme files for this and maybe
previous ports at rt.openssl.org.
Firstly, for this port to work, you need to install the IBM AS/400
GNU utilities
libraries on top of it which will be used by ILE
Code. I believe that I won't be able to use PASE libraries in native
environment, right?
Pankaj
On Tue, Apr 6, 2010 at 1:20 PM, Shaw Graham George gs...@axway.com
wrote:
OK, one step forward. I guess that previously you had
George
Sent: 06 April 2010 10:53
To: openssl-users@openssl.org
Subject: RE: OpenSSL on IBMi
-c is an option, not an argument, so I think you'll find that the
problem is that icc is objecting to the file-to-be-compiled is not at
the end of the command line - i.e. is it looking for a - character in
temp1
http://rt.openssl.org/Ticket/Display.html?id=1565user=guestpass=guest
Only for 0.9.8e, though.
G.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Pankaj Aggarwal
Sent: 04 April 2010 10:05
To: openssl-users@openssl.org
: *** [links] Error 1
$
I have set the PATH environment variable as follows :
/qibm/ProdData/DeveloperTools/qsh/bin/:/usr/bin:.:/QOpenSys/usr/bin
I am using the old perl binaries for OS400 from CPAN site.
Any idea where the problem is?
On Sun, Apr 4, 2010 at 3:08 PM, Shaw Graham George gs...@axway.com
pages
it seems that UTF-8 is supported, but not Unicode - for example the
config man page says that null characters in strings is not allowed.
If not, then does anybody know of any other tools that I could use to
make my test keys/certificates.
Thanks in advance,
George
@openssl.org
Subject: Re: Creating a certificate with Unicode characters in Issuer
andSubject
On Thu, Nov 19, 2009, Shaw Graham George wrote:
Hi,
I have a requirement to make some test keys/certificates that contain
Unicode (Chinese) data in the Issuer and Subject fields. Print-out
from an example
No, this is the output from openssl x509 -text, but without -nameopt utf8,
which has no effect on the output anyway.
G.
-Original Message-
From: dry...@sky-haven.net [mailto:dry...@sky-haven.net]
Sent: 19 November 2009 17:16
To: Shaw Graham George
Subject: Re: Creating a certificate
What remote application or software is it that is generating these errors?
Is it Java?
G.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Biswatosh
Sent: 03 August 2009 15:32
To: openssl-users@openssl.org
Subject: Fw:
Is the server IIS?
And do you get all of the response?
Because IIS doesn't necessarily close SSL connections in a tidy manner -
it can give SSL_ERROR_SYSCALL.
G.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of chithuanand
you very much,
Kind regards,
George Ping
Hi,
I'm no Linux guru but this worked for me (or rather it's equivalent).
To ensure that you link to your development libraries:
g++ -o tls-srv main.o /home/dev/openssl-0.9.8d/lib/libssl.so.0.9.8
/home/dev/openssl-0.9.8d/lib/libcrypto.so.0.9.8
... and then use LD_LIBRARY_PATH in your run-time
http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html?
G.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Yolanda Craven
Sent: 04 March 2008 17:35
To: openssl-users@openssl.org
Subject: Openssl + cipher
I'm new to using openssl and I
Surely http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html.
G.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baur, Mateus
(Brazil RD-CL)
Sent: 05 March 2008 12:25
To: openssl-users@openssl.org
Subject: RE: cipher algorithms
Yes, I know
You need to open a socket to the proxy server and send it an HTTP
CONNECT request.
If the proxy server sends back an OK reply, then it has opened a socket
to the proxy. After that the proxy acts as a port forwarder, so you can
continue your SSL dialog with the proxy as if it was the SSL server.
Hi,
This may or may not be helpful ... it depends on your code, and what
applications that you are talking to that lead to these errors:
(1) reminds me of a problem that can occur when using OpenSSL against
some Java implementations. You can test it by using openssl s_client or
s_server using
FYI. I found the problem.
Our build environment had the following environment variable set:
LINK=/manifest:no
Removing this environment variable solved the problems.
G.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Shaw Graham George
Sent: 24
Hi,
I've tried to follow the instructions in INSTALL.W64 for building
OpenSSL for 64-bit Windows, but while C programs are compiling OK, the
link of the dlls is failing:
link /nologo /subsystem:console /opt:ref /dll /out:out32dll\libeay32.dll
/def:ms/LIBEAY32.def @C:\Documents and
I forgot to mention. 0.9.8e.
G.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Shaw Graham George
Sent: 24 August 2007 13:40
To: openssl-users@openssl.org
Subject: Problem building Windows 64-bit
Hi,
I've tried to follow the instructions
...
G.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darryl Miles
Sent: 15 August 2007 15:40
To: openssl-users@openssl.org
Subject: Re: Problem handling unexpected SSL shutdown
Shaw Graham George wrote:
The sequence of events goes like this:
1
handling unexpected SSL shutdown
Shaw Graham George wrote:
The problem is that, on Windows at least, my server doesn't appear to
get the SSL shutdown notify packet, for some reason. So, if that is
to be expected, I'm looking for an alternative way of detecting the
closure.
I've now tested
Hi,
We have an application that provides HTTPS, either as client or server,
for our customers. At the moment I am doing some testing between our
client and our server, as a result of a problem with one of our
customers, and there is a particular sequence of events, that involves
an unexpected
I check for a shutdown before actually doing the put?
But I would still have thought that the put should return an error if
the socket has been shutdown.
Thanks again,
G.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Shaw Graham George
Sent: 15
Of jimmy bahuleyan
Sent: 15 August 2007 14:01
To: openssl-users@openssl.org
Subject: Re: Problem handling unexpected SSL shutdown
jimmy bahuleyan wrote:
Shaw Graham George wrote:
Hi,
We have an application that provides HTTPS, either as client or
server, for our customers. At the moment I am doing
I only know some basics about SSL, symmetric keys and asymmetric keys, and
I'd greatly appreciate anyone who can shed some light on this question!
My understanding (and feel free to correct anything below here!) is that SSL
transactions between a web browser and a web server involve first a
All,
I am using this script on an AIX box and until an
upgrade it worked just fine.
Now the encryption and decryption is failing with
the block size error. When I look at the encoded encrypted packet it looks like
it is on multiple lines as it was before I added the A parameter.
Is
Hi all,
I am getting the following error message on encrypted
packets. Can someone tell me what they mean and
what I can do to correct the problem. Google did not bring
me any meaningfull results.
The script is running on an AIX box.
openssl enc -d -a -iv 31464F4C4C455431 -des3
Help all,
I am trying to use an openssl script on an AIX box to
produce and encrypted packet. This packet will have to be
decrypted by a C# program. I am having any luck in getting
the C# program to decrypt the packet encrypted by
the AIX script.
The Openssl.org documentation
All,
If I have learned anything from socket code it is that you
can never be sure if you get a partial or a full packet. The question is
if a packet is encrypted (des3) how do you know you have
received the full packet ?
Obviously you can not check for a string or a delimiter that
Hello,
Is anyone aware of a method for using PKI certificates for authentication
with PHP..?
All suggestions are appreciated...!
Thomas
__
OpenSSL Project http://www.openssl.org
User Support
Title: Message
Hello,
I'm
looking for a primer or how-to on setting up FakeBasicAuthwith a Wiki
portal engine running in PHP, with a MySQL backend.
Any
suggestions are greatly appreciated..!
Thomas
Some problems w/reverse DNS prevented posting this until now.
On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote:
On Wed, Dec 28, 2005, George Garvey wrote:
I'm having a very similar problem as this one.
I have a file I made from data sent from an AS2 system
Some problems w/reverse DNS prevented posting this until now.
On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote:
On Wed, Dec 28, 2005, George Garvey wrote:
I'm having a very similar problem as this one.
I have a file I made from data sent from an AS2 system
to get the build to work.
Regards and thanks for your time,
George
I'm having a very similar problem as this one.
I have a file I made from data sent from an AS2 system. The HTTP
headers before the data are (abbreviated to the S/MIME stuff):
Subject: EDIINTDATA
Message-Id: [EMAIL PROTECTED]
Disposition-Notification-To: inXServices
Hi,
I'm new to OpenSSL, and I'm hoping someone can tell me the easiest/best way
to parse an email address from a X.509 V3 client email cert.
Any suggestions would be appreciated.
Thanks,
Thomas
__
OpenSSL Project
I'm trying to build openssl for the purpose of getting openssh build
for DG-UX 4.20MU07 . I tried to to build 0.97 and 0.98 with the
exact same result and I am getting nowhere. Could anybody point out
what I'm missing ?
The output of make report is in the following:
OpenSSL self-test
Hi,
I'm new to OpenSSL, and I'm hoping someone can tell me the easiest/best way
to parse an email address from a X509 V3 client email cert.
Any suggestions would be appreciated.
Thanks,
Thomas
__
OpenSSL Project
idea what the problem is.
Thanks,
George
. If it turns out your server's behaviour is within spec, I'll
work to update the plugin.
George
--
[EMAIL PROTECTED]
pgpwdQiKBzMTb.pgp
Description: PGP signature
man gcc
---
George Shaw
Senior Software Engineer
Axway
a Sopra Group company
Tel: +44 (0) 7802 452186
Fax: +44 (0) 1454 299684
email: [EMAIL PROTECTED]
www.axway.com
---
Ce message est exclusivement destin aux personnes dont le nom figure
ci
being returned?
George
--
[EMAIL PROTECTED]
pgpZ6eLFt7qV0.pgp
Description: PGP signature
On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote:
On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote:
On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote:
On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:
Check whether there's a line
On Mon, Jul 19, 2004 at 07:58:07AM -0600, The Doctor wrote:
On Mon, Jul 19, 2004 at 09:25:44AM -0400, George Theall wrote:
On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote:
On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote:
On Sun, Jul 18, 2004 at 03:18:48PM -0600
protocol:s23_clnt.c:478:
Check whether there's a line such as srv_features:127.0.0.1 S in your
mail server's access DB -- that disables STARTTLS when the connecting
client is 127.0.0.1.
George
--
[EMAIL PROTECTED]
pgpPvuvz9f1qs.pgp
Description: PGP signature
On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote:
On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:
Check whether there's a line such as srv_features:127.0.0.1 S in your
mail server's access DB -- that disables STARTTLS when the connecting
client is 127.0.0.1
return values in the range -128 to 127. This
is a problem when the values are sign extended by getc.
(Isn't the C standard fun.)
George Rogers
At 10:59 AM 6/30/2004 -0400, you wrote:
There might not BE a definition of getc since it returns
an int and the default is to return an int. I searched
before next CRL
The parameter default_days specifies how many days certificates last
by default; that's what you want to change.
default_crl_days refers to the Certificate Revocation List (CRL). You
probably want to leave that short, like 30 days.
George
--
[EMAIL PROTECTED]
pgp34dTY1wvDY.pgp
] Invalid method of request
\x80F\x01\x03
The
address 172.16.250.10 is completely different from those, which there are in our
network. I guess that is the problem.
If
I change the address for the correct in httpd.conf what should I
reinstall?
Thank
you in advance.
George
Scienton
Dear Friends,Bellow I described my PROBLEM. Please help me.I tried Apache with SSL (both HTTP and HTTPS protocols).1. ./apachectl stop2. ./apachectl startssl Apache/1.3.29 mod_ssl/2.8.16 (Pass Phrase Dialog) Some of your private key files are encrypted for security reason In ordr to read them
it. This solution entails that you are able to influence all users of
the system to impose a registry change. If you can't do this, then the
solution is void and you must find another way to load balance.
Hope this helps.
George
Nicolas Laigle wrote:
Hi everybody,
I'm not sure
I am getting an error from SSL_CTX_use_certificate_file.
I am getting 33558531 error:02001003:system library:fopen:No such process.
Does anyone know what this means?
Thanks
George
__
OpenSSL Project
Hi,
SSL_pending() returns the number of bytes in the SSL buffer that have been
decrypted by not requested by SSL_read(). This will occur when there is a
mismatch between the number of bytes requested by SSL_read() and the block
size used to encrypt/decrypt the data.
SSL_ERROR_WANT_READ (and
You can use Anonymous Diffie-Hellman cipher, which is excluded from the
default cipher list. But beware ... this will not stop a man-in-the-middle
attack. You should look at the set cipher functions in the manual pages.
G.
-Original Message-
From: Petr Knez [mailto:[EMAIL PROTECTED]]
bytes, but still no success. I am having trouble finding
information on the formating of the private key file in OpenSSL "file.pem" and
wouldappreciate any help in this
area.
Thank you,
George
see it though.
I am calling this from C++ so I have to do lots of casting to get the
function pointers to be accepted in the first call, but I'm not sure that has
anything to do with it.
--
George Staikos
__
OpenSSL Project
==
George Ascione, Technology and Support
[EMAIL PROTECTED]
LightHouse Hosting LLC.
121 Commons Way Toll Free: (877) 465-HOST
Princeton New Jersey. 08540Fax: (609) 688-0907
http
Screw the latest versions...
I fixed this by downgrading to:
Crypt-SSLeay-0.22
and libwww-perl-5.51
For Solaris 2.7 perl 5.6.1 and for Linux RedHat 6.2 perl 5.005_03
What a complete waste of 2 days.
- George
-Original Message-
From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
Sent
encrypted site (56bit), it actually
works:
lwp-request https://laborla.zeborg.com/
I am using Solaris 2.7 and openssl .96b.
Thanks for your help!!
- George
George Richman
Zeborg, Inc.
1801 Century Park East, Suite 120
Los Angeles, CA 90067
t: 310.499.6057
f: 310.499.6001
www.zeborg.com
that applications
people make poor system mechanics.
And thanks, Alex ... way across the seas (and a continent) in Germany!
George
--
George Walsh,
Managing Director,
Travel Seewise Pacific Corp
Vancouver Canada
__
Your favorite
really need to do an SSL_shutdown?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
On Wednesday 25 July 2001 05:55, Jean-Marc Desperrier wrote:
George Staikos wrote:
On Tuesday 24 July 2001 20:26, George Staikos wrote:
I've been noticing many problems with some new certificates which
are being issued by Entrust and Verisign.
Actually I looked it over more
ARGH forgot to attach them. Here they are
Untars into cert/
--
George Staikos
certproblems.tgz
). The .der files were extracted from Netscape's cert7.db. If
there are secrets in these files, then I think these guys are all in trouble
because I have them too now. :)
--
George Staikos
__
OpenSSL Project
depending on wheter your using C++.
edit the make files or do a make distclean and Configure with
LD=$CC ./configure...
Good Luck,
--
Boyd Gerber [EMAIL PROTECTED]
ZENEZ 3748 Valley Forge Road, Magna Utah 84044
Office 801-250-0795 FAX 801-250-7975
--
George Walsh,
Managing Director,
Travel
]]
Sent: 10 July 2001 21:04
To: '[EMAIL PROTECTED]'
Subject: Re: Return code from SSL_write
On Tue, Jul 10, 2001 at 03:55:24PM +0100, Shaw, George wrote:
I'm encountering a problem with SSL_write when writing a large amount of
data (about 1Mb) using non-blocking sockets.
For smaller amounts of data
Hi,
I'm encountering a problem with SSL_write when writing a large amount of
data (about 1Mb) using non-blocking sockets.
For smaller amounts of data (about 1kb), the return code (bytes written)
what you would expect.
For the larger amount of data, the return code is -1. When checking
How do you generate a CRL with the openssl tool?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
How do you generate a CRL with the openssl tool?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
How do I let my server accept certificates from multiple trusted
authorities? Do I combine the certificates into one big file?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support
,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
is
the certificate considered OK.
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
but the
SSL_write fails because the server has failed. How can I stop the client
before attempting to write to the server. Shouldn't the client fail on its
connect if the handshake is not successful on both ends.
Thanks,
George
I am oring these two constants together in my call to
SSL_CTX_set_verify(). It still doesn't prevent the client from continuing.
Do you have any other suggestions?
Thanks,
George
George,
On the server side, in your call to SSL_CTX_set_verify(), you have two
choices if you want
I have written a server on NT that crashes when it gets to the
PEM_read_X509 function. Here is a portion of the code:
X509* pCert = NULL;
FILE *fpCert = fopen(c:\\trustedCA.pem, r);
PEM_read_X509(fpCert, pCert, NULL, NULL);
Does anyone know what is wrong?
Thanks,
George
I can' t find any documentation on SSL_CTX_use_certificate_chain_file. Is
this a server or client function?
Thanks,
George
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
1 - 100 of 127 matches
Mail list logo