Hello,
My certificate was working when the openssl version was 0.9.7d. But once i
upgraded to openssl 0.9.8d it is failing giving the reason as :
level fatal
value certificate_unknown
Can anyone please let me know what could be the problem.
Thanks,
Kartik
PS:
hi,
This Error tells that your server is demanding a certificate from client
side that means authentication needed.. but client is not sending any
certificate..
so please check your code where your client is sending certificate to
Server..
hope u'll get something from there..
On Tue, Nov 25,
Hi all,
It works,The problem was the strlen(to) as you mention. thank you for your
reply.
cheers
I am new to openssl and now i face the problem
SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificat errror .While
searching in google
i have found you too had the same problem and also you was able to rectify
the
problem. Can you please help me to solve this problem .
The server
yes its true that server does not request certificate automatically
everything is done by using APIs .. so nothing to say on it..
here the problem is not of server but from client side as the server is not
able to get the client certificate..
On Tue, Nov 25, 2008 at 3:21 PM, Michael Simms
Hi
I am new to openssl and now i face the problem
SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificat errror
.While searching in google
, i have found you too had the same problem and also you was able to
rectify the problem. Can you please help me to solve this problem .
Thanks
Thomas J. Hruska wrote:
According to the FIPS 1.2 Security Policy, Appendix A, Platform 8
cannot be built as FIPS compliant because 'x84-64 asm' is a
non-existent platform. There is no such thing as x84. It should say
'x86-64 asm'. Validation, from what I understand, only covers those
Steve Marquess wrote:
Thomas J. Hruska wrote:
According to the FIPS 1.2 Security Policy, Appendix A, Platform 8
cannot be built as FIPS compliant because 'x84-64 asm' is a
non-existent platform. There is no such thing as x84. It should say
'x86-64 asm'. Validation, from what I understand,
Ahh, ok... When you first said that you where just saying printf was wrong
to use because it was not a string, it makes sense that strlen wouldn't work
either, i just missed that.
I know I'm throwing away slen in the example, I'm curious how I would pass
it along though in my tests with two
Is there another way in C to use openssl's sign/verify/encrypt/decrypt
without using the low-level api? I got my test prog working, I guess I need
to figure out how to do a SHA1 hash of my data next.
~Shaun
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
I can sympathize with Steve, having gone through a Common Criteria
certification and finally understanding that what I considered the
truth was misleading to the validators, leading to numerous
inconclusive verdicts.
As to the real-worldness aspect, this is often a 'checkbox' that gives
assurance
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shaun wrote:
| Is there another way in C to use openssl's sign/verify/encrypt/decrypt
| without using the low-level api? I got my test prog working, I guess
I need
| to figure out how to do a SHA1 hash of my data next.
Your friends are
* to sign:
I'm really going to be using php to encrypt/sign (
openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
from php, I'm assuming I can use EVP_* to decrypt/verify these? Is RSA just
a lower level api where as the EVP's are more for the beginner guys like me?
:)
~Shaun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shaun wrote:
| I'm really going to be using php to encrypt/sign (
| openssl_private_encrypt(), openssl_sign() ) I don't see any EVP functions
| from php,
Hm. There must be something wrong here.
I'm almost sure that the EVP interface is available to
when building php; include the --with-openssl= option
- on unix/linux platforms it would look something like...
./configure --with-openssl=[DIR]; does a dynamic bind of libssl libcrypto
libraries.
check the built php binary with the ldd command.
Saju
-Original Message-
From: [EMAIL
Hi All,
After building the FIPS capable OpenSSL with the latest from the snapshot
directory, while running the make test on solaris I am getting this error.
ERROR:2d072065:lib=45,func=114,reason=101:file=fips_rand_selftest.c:line=364:
Platform: - SunOSĀ 5.8 Generic_108528-29 sun4u sparc
Yes, that's required to use the openssl functions in php... but still
doesn't explain where the EVP functions are...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Saju Paul
Sent: Tuesday, November 25, 2008 2:03 PM
To: openssl-users@openssl.org
Subject:
Ok well if the EVP interface and the RSA interface pretty much do the same
thing I would imagine that the php openssl_sign and openssl_private_encrypt
functions will generate a signature/encrypted data that EVP can
verify/decrypt?
At the moment I can get openssl_sign and RSA_sign to generate the
On Tue, Nov 25, 2008, Justin A wrote:
Hi All,
After building the FIPS capable OpenSSL with the latest from the snapshot
directory, while running the make test on solaris I am getting this error.
ERROR:2d072065:lib=45,func=114,reason=101:file=fips_rand_selftest.c:line=364:
That's a a
The EVP functions should be in OpenSSL's crypto library.
some examples written in C
http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node22.html
http://www.nlnetlabs.nl/downloads/publications/hsm/hsm_node23.html
Saju
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
From: [EMAIL PROTECTED] On Behalf Of vinni rathore
Sent: Tuesday, 25 November, 2008 04:58
To: openssl-users@openssl.org
Subject: Re: Client verify failing - continued
yes its true that server does not request certificate automatically
everything is done by using APIs .. so nothing to
EVP function in php...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Saju
Sent: Tuesday, November 25, 2008 5:15 PM
To: openssl-users@openssl.org
Subject: RE: sign/verify kicking my ass
The EVP functions should be in OpenSSL's crypto library.
some
Hi
As michael said we need to have multiple SSL_connect before it succeeds.
But now my problem is that the handshake fails with cause as
SSL_connect failure to due to bad MAC. the server sends this alert to
client and handshake fails.
Could you pls advise how to debug it further.
Best regards
Hi
This is one of the rude method i followed, write a script which behaves
has a server with debug messages enable and try to connect to that
server. You might get some idea to work on it further .
for example( server script ) :
openssl s_server -accept -cert server_signed.pem -key
24 matches
Mail list logo
