Hi all,
I'm trying to compile OpenSSL 0.9.8k in MS-DOS 7.1 with DJGPP and I
keep getting errors stating that various utilities cannot be found
under the djgppbin directory. All of my environment variables are
correctly set and ./Configure runs fine, but this strange error keeps
coming up.
On 2009.10.28 at 14:56:54 -0400, Victor Duchovni wrote:
On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
But for some setups, especially in OpenSSL 1.0, which supports EC
ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still
Hi Mourad,
-Original Message-
From: On Behalf Of Mourad Cherfaoui
Sent: Wednesday, October 28, 2009 6:23 AM
To: openssl-users@openssl.org
Subject: TLS trust of a chain of certificates up to a root CA. Certificate
Sign extenstion not set
I have a chain of certificates C-B-A-RootCA.
Parimal Das wrote:
Its the second case Darry,
Here the 'sleep' is Operating System Sleep mode induced by closing the lid
of laptop.
After opening the laptop, when the system wakes up,
My application is always hanging at the same place.
Bug is in your code. It is doing what you asked it do
Mark Williams wrote:
I can think of one. In the near future I will need to add SSL support
to a
legacy application which uses two threads to read/write from/to a
socket.
If SSL supported this it would make my life much easier. As the
situation
stands I am not sure how to tackle this
Daniel Marschall:
Hello.
I am not searching bugs in my code. I have a certificate and a CRL.
And the functionality -issuer_checks is buggy. My cert and CRL have
exactky the same DN as issuer.
What is the bug then? All you've reported so far is:
1) When you compare using exact string
Mark Williams wrote:
I can think of one. In the near future I will need to add
SSL support
to a
legacy application which uses two threads to read/write from/to a
socket.
If SSL supported this it would make my life much easier. As the
situation
stands I am not sure how to
Hi Doug,
After extracting the private key from the testkey.pem file and putting it into
the vendor's tool file format, the vendor tool generated digest ends up
looking
like:
E39C9EEB4A60BFAF93235B376E9E54883C127BC40300
F4760E34AC2ECB484B2DFF06E87113C9F1F9F99F0200
Ah! Now I see
Mark Williams wrote:
2) Let the two threads read and write to your own two
independent queues and
service the application side of the SSL connection with your
own code to and from the read and write queues.
Won't I still need to combine the reading and writing to the SSL object
into a
Hello,
Here is my test code. I am downloading a file with https connection.
This is compiled as $g++ -lssl -lcrypto sslShow.cpp. on OS X 10.5.8
Using default OS X libs (libcrypto 0.9.7 and libssl 0.9.7)
When it has downloaded some 2MB data, I closed my laptop lid (OSX induced
sleep)
After 5
On Wed, Oct 28, 2009 at 06:51:02PM +0100, Dr. Stephen Henson wrote:
On Wed, Oct 28, 2009, Mourad Cherfaoui (mcherfao) wrote:
I am not sure I understand why the client is broken? Did you mean that the
sign bit can be omitted if the client sends the entire chain of certificates
(except maybe
Mark Williams wrote:
2) Let the two threads read and write to your own two
independent queues and
service the application side of the SSL connection with your
own code to and from the read and write queues.
Won't I still need to combine the reading and writing to
the SSL
Parimal Das wrote:
Please suggest.
1. What i should include in this code to correct this hang?
It depends on what your code should do in this case. Do you want to wait a
limited amount of time for the other side to reply? Or do you want to wait
possibly forever? Your current code
Mark Williams wrote:
There is one added complication in that the protocol is a datagram
protocol at a
higher level (although it uses TCP). I am concerned that the whole
protocol could
block if there is not enough data to encrypt a whole outgoing message
but the peer cannot
continue until
On Thu, Oct 29, 2009 at 11:33:13AM +0300, Victor B. Wagner wrote:
Yes, of course, in a strictly technical sense. From a user perspective,
however, both are the same sort of thing, something one needs to configure
to enable kEDH or kEECDH ciphers. When neither set of parameters is
Hi David,
There is one added complication in that the protocol is a datagram
protocol at a
higher level (although it uses TCP). I am concerned that the whole
protocol could
block if there is not enough data to encrypt a whole
outgoing message
but the peer cannot
continue until
On Thu, Oct 29, 2009, Joe Orton wrote:
On Wed, Oct 28, 2009 at 06:51:02PM +0100, Dr. Stephen Henson wrote:
On Wed, Oct 28, 2009, Mourad Cherfaoui (mcherfao) wrote:
I am not sure I understand why the client is broken? Did you mean that the
sign bit can be omitted if the client sends the
google: TCP OPTION KEEPALIVE
http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/
You would be best with an application level timeout,
which would send an application enquiry (heartbeat)
from the laptop to the server.
Waking up from sleeping, the application would send the next heartbeat.
(any
Mark wrote:
There is one added complication in that the protocol is a datagram
protocol at a
higher level (although it uses TCP). I am concerned that the whole
protocol could
block if there is not enough data to encrypt a whole outgoing message
but the peer cannot
continue until it gets the
Hi There,
I am completely new to open SSl and have hit a snag that I could use some
help with.
I am trying generate a CA and a signed self certificate for a netgear FXV538
VPN.
Using the following 3 commands listed in the instructions for the firewall
adding the approriate path names
1.openssl
Jeff,
Thanks for the suggestion. Unfortunately, I can't use a prebuilt Win32 binary
because I'm literally building on an MS-DOS host for an MS-DOS target using
DJGPP. No Visual Studio here!
No worries though, I managed to get OpenSSL to compile with a bit of fiddling.
I'm providing my
Radius needs to be set up to trust that CA. That isn't an openssl
question, that's a radius question.
-Kyle H
On Wed, Oct 28, 2009 at 6:25 AM, ashokgda r.as...@gdatech.co.in wrote:
Hi,
I am using radius server for authinticating my ThinClient Laptop for
WirelessAP in TLS security mode.
Hi,
Shortly: HP Insight Manager (a management tool) crashes my server SSL
application.
Operating system: Windows 2003 Server
OpenSSL version: 0.9.8k
Post-mortem debugger points the crash ocurring in a call to
CRYPTO_malloc() inside SSLv3_client_method()
(wich is weird since I never call this
CRYPTO_malloc is an internally-used function, to allocate memory. In any
event, though, do you do an earlier CRYPTO_malloc_init?
http://openssl.org/support/faq.html#PROG2
-Kyle H
On Thu, Oct 29, 2009 at 11:23 AM, Josue Andrade Gomes
josue.gomes.honey...@gmail.com wrote:
Hi,
Shortly: HP
If a certificate does not have the standard keyUsage: signature, then that
certificate cannot sign any message, at all. No email, no client signature of
TLS authentication parameters, nothing.
-Kyle H
On Wed, Oct 28, 2009 at 9:10 AM, Mourad Cherfaoui (mcherfao)
mcher...@cisco.com wrote:
There is one added complication in that the protocol is a datagram
protocol at a
higher level (although it uses TCP). I am concerned that the whole
protocol could
block if there is not enough data to encrypt a whole outgoing message
but the peer cannot
continue until it gets the message.
Thanks for the tip. No, I don't call CRYPTO_malloc_init. But I don't
think it is necessary. I'm pretty sure
that I'm not mixing compiler options.
Also, if this was the case it was crashing all the time, right?
SSL connections work fine with any client except this HP Insight Manager thing.
Of
On Mon, Oct 26, 2009, Adam Rosenstein wrote:
You are correct, I made a paste error in the mail. The certs were correct
at the time I tested however (my test script just regenerates things each
time and I pasted an old ee with a new root ca).
I just tried openssl-SNAP-20091026.tar.gz and
From: owner-openssl-us...@openssl.org On Behalf Of Josue Andrade Gomes
Sent: Thursday, 29 October, 2009 14:23
Shortly: HP Insight Manager (a management tool) crashes my server SSL
application.
Operating system: Windows 2003 Server
OpenSSL version: 0.9.8k
Post-mortem debugger points the
Ger Hobbelt wrote:
It is presumed that every SSL_write() requires a flush (at TCP level this
mechanism is called a Push). This basically means the data needs to flush
to the reading API at the far end on exactly the byte boundary (or more)
data than you sent. This mean you have a guarantee to
30 matches
Mail list logo
