RE: connection refused, error code 146

Title: RE: connection refused, error code 146 The output was: connect: Connection refused connect:errno=146 [snip] ^^ There's your problem. Connection refused most likely caused by server not configured properly. Make sure your server is configured to listen on port 443.

RE: Default_crl_days

Andrew, If you are using the makess.bat file to generate your CA cert, I would look at that and check for a param called -days in the X509 command. This also may show you why your certs are expiring. Hope that helps, Rob -Original Message- From: Andrew T. Finnell [mailto:[EMAIL

RE: Default_crl_days

Sorry, I'm assuming a Windows environment, and the default file would be testss.bat, not makess.bat. Sorry for the confusion. Rob -Original Message- From: Neff Robert A [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 3:54 PM To: '[EMAIL PROTECTED]' Subject: RE: Default_crl_days

RE: Trust

Steve, Actually, you will be further ahead using your self-signed certificate and private key to sign additional certificates that you create using OpenSSL for your servers. Then, simply import that self-signed CA certificate that corresponds to the private key you used to sign the server

RE: ?

As have I. Stupid question but: Are you sure you've subscribed to the list? I always get my own postings as should you. -Original Message- From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 28, 2002 1:42 PM To: [EMAIL PROTECTED] Cc: Mike Schiffman Subject: Re: ? On

RE: re[2]: HELP, SSL_connect fails !

No, that is incorrect coding. See SSL_connect() docs for further information regarding return values. -Original Message- From: Daryl Odnert [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 28, 2002 1:35 PM To: '[EMAIL PROTECTED]' Subject: RE: re[2]: HELP, SSL_connect fails ! Jeff,

RE: HELP, SSL_connect fails !

My apologies Daryl, your code will work correctly. I based the solution off my code which does: int rval; if ((rval = SSL_connect(con)) 0) { // good return } else { int err = SSL_get_error(con, rval); /* handle the error here */ } Must be slipping in my old

RE:

You cannot snoop a secure https transaction without somehow pretending to be the destination host. To do that requires the cert, which is public, and private key, which you will not have. The proxy acts as an SSL transport only, after establishing the initial socket connection to the

RE:

Rescorla [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 1:40 PM To: [EMAIL PROTECTED] Subject: Re: Neff Robert A [EMAIL PROTECTED] writes: You cannot snoop a secure https transaction without somehow pretending to be the destination host. To do that requires the cert, which is public

RE: Why DNS/IP in certificate?

is it possible to have an OpenSSL server located behind a Network Adress Transalation device (a NET device is sometimes part of firewalls, eg the Cisco PIX) and still have the client handshake complete without error ? Yes, you can use NAT devices quite easily since they really are just a simple

RE: Why DNS/IP in certificate?

, Neff Robert A wrote: The client needs to verify who it is connected to. Anyone in the world can present a certificate to establish an ssl connection. In a nutshell, the checks that need to be made on the client end are: a. Do you trust the signer of the certificate received b

RE:

Ralf, I, for one, am still receiving these... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: None Subject: RSET RSET MAIL FROM: SIZE=3789 RCPT TO:[EMAIL PROTECTED] DATA RSET RSET MAIL FROM: SIZE=2592 RCPT TO:[EMAIL PROTECTED] DATA RSET RSET MAIL FROM:

RE: I got 4 or more emails identical....

Title: RE: I got 4 or more emails identical I'm getting multiples here. Please investigate and slam the door shut! Thank you! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Thursday, December 20, 2001 11:40 AMTo: [EMAIL PROTECTED]Subject: RE: I

RE:

Title: RE: Yes, I received this as well -Original Message-From: Fabro, Loic [mailto:[EMAIL PROTECTED]]Sent: Thursday, December 20, 2001 1:31 PMTo: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'Cc: 'Richard Levitte - VMS Whacker'Subject: RE: I just got two "blank" emails

RE: newbie question

Go to either http://www.netscape.com/ http://www.verisign.com/ http://www.rsa.com/ and read up on the docs contained there. On each site can be found good info discussing the questions you ask. -Original Message- From: Murali K. Vemuri [mailto:[EMAIL PROTECTED]] Sent: Friday,

RE: OCSP_basic_verify

Steve, Please, please, please put your comments like this into the CVS source or man pages. Your knowledge of this stuff is priceless to us mere mortals! :-) Thank you. Rob -Original Message- From: Dr S N Henson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 12, 2001 12:57 PM To:

RE: Cryptology Questions

It is not the connection I was referring to but the environment that was generating the certs. Was the original user attempting to store his client's generated key pairs on his server? Then that server better be secured. Perhaps I wasn't clear on that point. However, I personally would never

RE: Java toolkit for SSL???

Try Eric Rescola's site: http://www.rtfm.com/puretls/ -Original Message- From: Tat Sing Kong [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 10:55 AM To: [EMAIL PROTECTED] Subject: RE: Java toolkit for SSL??? I'm sure I heard of one a while back called SSLava or something,

RE: Cryptology Questions

Title: Cryptology Questions hmmm...a tall order for us busy folks...but I'll help you out some. 1. Provided you are using a "strong" password to encrypt your key when using DES-CBC you are pretty secure. Remember that if I can get access to, orcopy, your .pem file from off your machine I

RE: Cryptology Questions

Title: RE: Cryptology Questions Yes, the digest is used to validate that the data wasn't altered. Remember that anyone can calculate the digest of a message. If the digest wasn't encrypted with your private key, then someone could change the data, recompute the digest, and exchange the

RE: certs

Leonid, The quick answer to your question is that YOU must parse the cert received from the client to determine whether s/he has access to your site or not. The use of a Verisign signed certificate, with the trusted Verisign CA cert chain contained within the OpenSSL CA cert store, simply means

RE: SMTP server questions

Here are some RFC's containing security discussions regarding SMTP that you might find helpful: http://www.ietf.org/rfc/rfc2449.txt http://www.ietf.org/rfc/rfc2487.txt http://www.ietf.org/rfc/rfc2554.txt http://www.ietf.org/rfc/rfc2595.txt -Original Message- From: Eric Daigneault

RE: private key and certificate to the CA

Since you didn't specify the -config option, you are using the default config file with a location of /usr/local/ssl/openssl.cnf. That directory doesn't exist in Windows. A simple solution is to place the following into a .bat file in your openssl\ms directory, and run it from that directory:

RE: DES - 3DES (novice)

In my zeal to quickly help you, I forget to switch the cipher string after I cut-n-pasted into my reply. My apologies. Read the file SSL_CTX_set_cipher_list.pod in the OpenSSL/doc/ssl directory for further information on that function call. Here's the correct call for your purpose:

RE: return value -1

Ruby, You can find additional info in the Openssl\doc\ssl directory. In this case, examine the file ssl_accept.pod which explains the function syntax, purpose, errors, and behavior of SSL_accept(). From your question it is quite apparent that you should really start by reading as much openssl