including the PGP source code, the Schneier book or the
Menezes, Vanstone, and Van Oorschot book, the RFC mentioned above as well as
http://www.ietf.org/rfc/rfc2412.txt, and others that I have forgotten.
Greg Stark, [EMAIL PROTECTED]
Chief Security Architect
Ethentica, Inc.
www.ethentica.com
available on the market (as
long as no other patents are infringed by the product). You can even use
OpenSSL for free! As the poster noted, we are talking about the RSA modular
exponentiation algorithm, not any other algorithm that is the property of
RSA Security, Inc.
Greg Stark, [EMAIL PROTECTED
In the U.S., DES and DSA are royalty-free; it is also possible to implement
Elliptic Curve cryptography without stepping on patents, but some care is
needed.
Greg Stark, [EMAIL PROTECTED]
Chief Security Architect
Ethentica, Inc.
www.ethentica.com
410-715-0039 Ext. 13
- Original Message
to
form your blowfish key, the brute force attack is made easier by a factor of
two.
Perhaps if you were using a symmetric algorithm which naturally uses mod p
keys, you could use the output of DH_generate_key() directly, but neither
blowfish nor any of the ciphers in openssl have this property.
Greg
rs appear to be kept in the registry, at least on
my Win98 machine. Check out the "HKLM/Software/Microsoft/System Certificate"
and "HKCU/Software/Microsoft/System Certificate" keys. I would not recommend
trying to directly delete the registry keys, however.
Greg Stark, [EMAIL PROTECTED]
to in his Sep. 99 article, although
you've managed
to communicate both points much more clearly in seven lines.
Greg Stark, [EMAIL PROTECTED]
Chief Security Architect
Ethentica, Inc.
www.ethentica.com
__
OpenSSL Project
PreMasterSecret pre_master_secret;
} EncryptedPreMasterSecret;
-
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
- Original Message -
From: "Mohammed SADIQ" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, January 10, 20
The 12 bytes are the verify_data from section 7.4.9 of rfc2246, which also
described how they are computed. Note that these bytes are also encrypted.
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
- Original Message -
From: "Mohammed SADIQ" [EMAIL PROTECTED]
.
To decrypt, read in n bytes at a time. Decrypt the n bytes block and extract
the n-k bytes of plaintext.
Most folks use a hybrid technique that's faster.
Greg Stark, [EMAIL PROTECTED]
Chief Security Architect
Ethentica, Inc.
www.ethentica.com
- Original Message -
From: [EMAIL PROTECTED
to
the server with in the case of client auth), and redoes the SSL
handshaking.
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
- Original Message -
From: "Louis LeBlanc" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 12, 2001 3:06 PM
S
of code in verify.c, but
perhaps someone has already solved this problem.
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
__
OpenSSL Project http://www.openssl.org
User Support
Try SSL_CTX_set_verify() with the mode parameter set to
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
The documentation is at
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html#
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
- Original Message -
From: Zhong
e function ReadPublicKey() of
openssl-0.9.6/demos/maurice/loadkeys.c
You also might find that the x509 utility's -C option does just what you
want. Try openssl x509 -in certifle -C -noout
--
Greg Stark, [EMAIL PROTECTED]
Ethentica, Inc.
www.ethentica.com
- Original Message -
Fr
meant when you
wrote
" ... I have generated my own self signed CA certificate unsing openssl and
I have imported it successfully into IE in the trusted CA list on the
machine running my web server. ..."
I confess I am not an IIS expert so this is just a quick guess.
Dave,
See
http://www.openssl.org/docs/crypto/EVP_SignInit.html#
You should allocate the amount of storage indicated by the EVP_PKEY_size()
function. It may a little too much; the actual used is returned by
EVP_SignFinal.
_
Greg Stark
Ethentica, Inc
These are normal if you have compiled the openssl crypto libraries for Win32
with the debugging options enabled.
__
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
__
- Original Message -
From: "Hellan,Kim KHE" [EMAIL PROTECTED]
To: [EMAIL PROTE
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
Since I am involved in using openSSL to transport a protocol
designed within my company I have the luxury of changing the way the
protocol behaves. I am planning to change it so that the following
SSL_SENT_SHUTDOWN and
SSL_RECEIVED_SHUTDOWN do?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Cory Winter" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 2
developer. I might just be willing to trust anybody whose
certificate chain is rooted at Verisign.
2) Don't know if this potential problem is an issue for OpenSSL --
although I don't even think it supports any signing-only ciphersuites!
_
Greg Stark
Ethentica, Inc
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Andrew Cooke" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 25, 2001 3:07 PM
Subject: Re: localhost certificate (no, really!)
to bypass
authentication JUST FOR TESTING PURPOSES, you can do so by calling
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE). But note that any connections made
are not authenticated, but they are enrcrypted.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
must obey trademark law (in the U.S. at any
rate) if you use their trademarks. I have seen folks try to refer to the
algorithm as ARCFOUR in an attempt to evade trademark issues, but I don't
know if that really works.
END LEGAL COMMENTS
_
Greg Stark
Ethentica, I
better.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Evan Cross" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 31, 2001 7:33 PM
Subject: server Certificate ve
use the public part to derive the
private part.
Sorry, but you'll have to generate a new public/private keypair. If you
cannot be sure that your previous private key was securely destroyed, you
should consider revoking your certificate if you had one issued.
_____
There is an excellent book on SSL/TLS (see http://www.rtfm.com/sslbook/)
which includes many OpenSSL examples and discussions.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "A
ke message digest calculations. But you don't
need to be aware of them, they happen automagically.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Peter Groff" [EMAIL PROTECTED]
complaint one *might* make is the absence in OpenSSL of an
example to perform the most common identity check, that the hostname
contained in the CN field of the subject name matches the hostname the
client intended to connect to. I am not complaining, though.
_
Greg
e"
else
echo "plenty of time"
fi
_____
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Dicks, Gareth M" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; "Dicks, Gareth M&
://www.openssl.org/docs/apps/openssl.html#. If your password is badpass,
then you can use openssl genrsa -des3 -out rca.key -passout pass:badpass
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From
Make sure you use the same C runtime library to link your application as you
specified to build openssl. Which makefile did you use to build openssl,
nt.mak or ntdll.mak?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
65537 is nice number because it "big enough" in
the Goldilocks sense, unlikely to be a factor of L, and is fast to compute
with if the binary exponentiation algorithm is used.
_
Greg Stark
Ethentica, Inc.
[EMAIL
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Patricio Valdebenito" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 16, 2001 2:52 PM
Subject: deign question
Hello, my name
No. Your question doesn't make any sense, so folks are just trying to guess
what you *might* mean.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Auteria Wally Winzer Jr.&qu
Probably caused by the browser. The certificates don't really have much to
say about whether you get 40-bit or 128-bit cryptography. Upgrade to a
browser that supports 128-bit cryptography.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
. Your first
call to DH_new() doesn't do anything except create a memory leak. DH_check()
returns its answer in the integer *pointed* to by the second parameter. So,
if dh_error is an int then you need to pass dh_error to DH_check().
_
Greg Stark
Ethentica, Inc
with a few examples.
When you ask how can Xenroll work with OpenSSL, do you want use Xenroll to
generate the certificate requests and use openssl to sign them? This can
certainly be done.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
( dh_struct );
dh_secret = malloc ( DH_size( dh_struct ) );
DH_compute_key ( dh_secret, client_key, dh_struct );
free ( dh_secret );
BN_free ( client_key );
DH_free ( dh_struct );
return (0);
}
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
IDEA is patented in the U.S. I believe the patent holders have made it
available royalty-free for *some* uses, but you need to check with them
(http://www.media-crypt.com/).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Patrick Li" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 21, 2001 8:43 PM
Subject: SSL_read
Hi,
I got a question about SSL_read. If
already generated it, so perhaps that is the
case. In any event, check the return value from DH_compute_key(). If it
is -1, then you have an error.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From
of the SSLv2 record protocol in any
of the TLS or SSLv3 rfc's or draft RFC's. I do have an HTML document that I
scrounged from somewhere (probably sun) describing SSLv2. I'd be glad to
e-mail to anyone or post it to the list.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
_read_X509().
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Philip J Grabner" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, February 24, 2001 5:39 PM
Subject: QUESTION: how to retrieve the
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Josh Howlett" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 15, 2001 5:12 PM
Subject: help: DH_compute_key
Hi all,
W
in
proprietary databases. Folks on this list seem to have lots of experience
with Apache-SSL, mod-ssl, Netscape, and IIS.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Gil Schi
();
}
}
}
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "srinivasa siripurapu" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 28, 2001 8:25 PM
Subject: PKCS8 and JAVA Application
Hi,
I am tryi
are looking for.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Scott Fagg" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 28, 2001 11:44 PM
Subject: Re:
Why not RSA? In theory, you could create and use DSA-signed certificates
which contain DSA or DH parameters, but there is very little support for
these in existing software.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
to libdes.
I haven't seen more recent versions of BSAFE, so I don't know if they still
contain the acknowledgement.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Alex Graveley&qu
It is the hash of the entire DER encoded
certificate.
You can calculate it using the 'openssl' utility
via:
openssl dgst -sha1 -c cert.der
_Greg StarkEthentica,
Inc.[EMAIL PROTECTED]_
- Original Message -
Jeffrey,
The short answer is neither. The client's only use of its private key is
to sign a hash of the handshake messages, one of which includes the server
random value.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
Jeff,
That is correct, all the payload data is MAC'ed using shared symmetric
keys, so repudiation by either peer claiming tampering by the other is
possible.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Sandipan Gangopadhyay" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 07, 2001 10:38 AM
Subject: Re: Question
Christian,
I assume you mean X509 v3 and X509v1
instead of SSL v3 and SSL v1, no?
_Greg StarkEthentica,
Inc.[EMAIL PROTECTED]_
- Original Message -
From:
Christian
Ullman
To: [EMAIL PROTECTED]
ect places.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Marcel Loesberg" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 09, 2001 9:17 AM
Subject: Can't compile openssl-0.9.6
Hi,
/catalog/38354-6.htm, though
I have never looked at it.
Good luck,
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Erick Perez - CriptoData Panama" [EMAIL PROTECTED]
To: [EMAIL PRO
PI mailing list archives
(http://discuss.microsoft.com/archives/cryptoapi.html). You might search on
CRYPT_MACHINE_KEYSET to get some posts on similar sorts of issues.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
. It
has the chicken-and-egg problem you mentioned, but that's life.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "John Pliam" [EMAIL PROTECTED]
To: "Rich Salz" [EMAIL P
Aslam,
Look at the 'Tweaks' section of the Install.W32 file. You'll should end
up getting these lines in do_masm.bat
perl util\mk1mf.pl debug VC-WIN32 ms\nt.mak
perl util\mk1mf.pl dll debug VC-WIN32 ms\ntdll.mak
_
Greg Stark
Ethentica, Inc.
[EMAIL
\mk1mf.pl %SKIPS% VC-WIN32 ms\nt.mak
Look through the perl script and maybe a few other places to see what no-***
options are supported. Please post the results to the list. I think it is of
general interest.
Good luck,
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
n or buggy commercial
SSL implementations.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Hubert Froehlich" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 15, 2
Chaz,
Creation should be no problem; see
(http://www.mail-archive.com/openssl-users@openssl.org/msg15592.html) for a
discussion of some other issues that may arise.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
If you look carefully in the INSTALL.W32 file (look under Tweaks:), you will
see how to do it.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Eli Zvik" [EMAIL PROTECTED]
Just note that the IP address is not authenticated and thus is untrusted.
Whether this matters or not depends on what you are doing with it.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
-connect www.verisign.com:443
and after it stops spewing, type GET / and press return.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "D. David Pirzadeh" [EMAIL PROTECTED]
You don't have to do the cutting; the EVP_* functions do it
for you.
_Greg
StarkEthentica, Inc.[EMAIL PROTECTED]_
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday,
.
This will at least give you some hints on where to do your thing in the
protocol, if not the code.
I'll try to look around in the code a bit later for ideas.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
of the server-specified CA's.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 21, 2001 11:35 AM
Subject: how to generate
)
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Dailou Walker" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 14, 2001 10:13 AM
Subject: How to test for a complete
extensions in your certificate.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 21, 2001 1:10 PM
Subject: Re: how to generate
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Pradeep Kamath" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 22, 2001 11:40 AM
Subject: key size 384 gives problem on server
Hello
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Hegde, Ramdas" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 22, 2001 6:10 PM
Subject: Strange behaviour with SSL_CTX_set_verify
After I
uses up 11
bytes of the RSA payload, so the smallest modulus would be 48+11=59 bytes,
or 472 bits. You should not use such small moduli, however.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
\vcvars32.bat on your command line
*before* running any nmake commands. This sets up the environment properly.
For myself, to make this easy to do, I create a shortcut to command.com and
fill in the batch file entry to point to the vcvars32.bat file.
_
Greg Stark
A QuestionPlease check out
(http://www.openssl.org/docs/ssl/SSL_get_error.html#) and collect all
possible error information before posting, including the underlying socket
error code if applicable.
Thank,
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
are.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Tat Sing Kong" [EMAIL PROTECTED]
To: "openssl" [EMAIL PROTECTED]
Sent: Tuesday, April 03, 2001 12:20 PM
Subject: Certificate
RC4 is not license-encumbered but rather trademarked. However, to answer
your question, add the no-* flags to the perl lines in the ms\do_masm.bat
file.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
why do you want to do this? Do you know the difference between a private and
public key?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Mevlana Sari" [EMAIL PROTECTED]
would use the OR the flags
SSL_VERIFY_PEER and SSL_VERIFY_FAIL_IF_NO_PEER_CERT
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Colin Fox" [EMAIL PROTECTED]
To: [EMAIL PROTE
Jeremy,
What exactly is the problem you are having?
Reiner's comments seemed right on, so perhaps you can give a little more info,
what error messages are you getting, what are you trying to achieve,
etc.
_Greg StarkEthentica,
Inc.[EMAIL
check out the doc/openssl.txt file.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Tim Newsham" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 16, 2001 2:35
Carl,
For Internet Explorer, you would have to write a customized
Cryptographic Service Provider (CSP) to accomplish this. It is not trivial.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
the session was resumed by looking at the session id's in the clear text
handshake messages.
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Roberto Rodrigues - McLean" [EMAIL
SSH is not run over SSL, it runs over its own secure transport protocol.
OpenSSH just uses the crypto library from OpenSSL.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: [EMAIL
bytes using PKCS#1 block type 1
padding (for an RSA certificate).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "ET Tan" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL
for
managing session resumption. See the documentation for SSL_set_shutdown()
(http://www.openssl.org/docs/ssl/SSL_set_shutdown.html#) for some hints of
what to do.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
-Length header or some other heursitic (like
looking for the /HTML tag), how can your client be certain the transport
closure packet (TCP FIN) wasn't spoofed?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
George,
Do you really need to allow SSLv2? I'm curious, as I would think that by now
there are almost no systems left which CANNOT use SSLv3.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Isaac Foraker" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 19, 2001 5:51 PM
Subject: win32 compile failed
For your puposes, you'd expect it to look like any other random function
that outputs four bytes. What exactly do you need for your 'unique enough'
property?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original
OpenSSL on NTfollow the instructions in install.w32; other than that, you'll
have to tell us what errors you are getting.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Timothy H
be able to do
better with some other techniques.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Kenneth R. Robinette" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April
@openssl.org/msg11445.html).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Harald Koch" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 19, 2001 4:48 PM
Subject: Re: Me
It is documented @
(http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html#).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: George Lind [EMAIL PROTECTED]
To: [EMAIL PROTECTED
George,
The alert is encrypted under the current ciphersuite, as it should be.
It is almost certainly a close_notify alert, which is expected and correct.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
The memory BIO will grow itself as needed to hold data written into it. You
do not need to size it in advance.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Hausermann Laurent [EMAIL
Also you might find the ssldump tool useful. Please see
www.rtfm.com/ssldump.
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: Lutz Jaenicke [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent
even if the client
doesn't authenticate. With the second option, the client must authenticate
or the handshake fails. Are you perhaps using option #1?
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_
- Original Message
Laurent,
You cannot use a memory BIO that way; BIO_new_mem_buf() creates a
READ-ONLY BIO. See (http://www.openssl.org/docs/crypto/BIO_s_mem.html#).
Instead, just do bp = BIO_new(BIO_s_mem()) and go from there
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
, then the output goes to
stdout. If you set it to the null sink BIO, you don't get any output.
Since stdout is typically buffered, you may need to flush stdout, perhaps
with BIO_flush(bio_s_out);
good luck
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
Gustavo,
Take a look at the archived articles
(http://www.mail-archive.com/openssl-dev@openssl.org/msg08902.html) and
(http://www.mail-archive.com/openssl-users@openssl.org/msg18264.html).
_
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED
1 - 100 of 128 matches
Mail list logo