date:19991217

Re: How to timeout a SSL_connect?

1999-12-17 Thread Alexey Melnikov


Sean Walker wrote:
 That's what I was going to do too, but under Win32 you can't set the
 All of my research has said the same thing. I couldn't set the timeouts. If
 you can manage to figure it out, please post your solution! :)

SO_RCVTIMEO/SO_SNDTIMEO doesn't work (i.e. read only or ignored) even on
several Unixes.
You should use select() with timeout, however this will require
modifications to OpenSSL.

Alexey
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to timeout a SSL_connect?

1999-12-17 Thread Nicolas Roumiantzeff


You could start a secondary thread that sleeps for the desired number of
seconds then close the socket (if the primary thread has still not succeeded
in connecting). This should exit the primary thread socket call with an
error.

Nicolas Roumiantzeff.

Sean Walker wrote:

 That's what I was going to do too, but under Win32 you can't set the
 All of my research has said the same thing. I couldn't set the timeouts.
If
 you can manage to figure it out, please post your solution! :)

 Sean Walker
 Dingbat Designs


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to use OpenSSL with nonblocking IO

1999-12-17 Thread Bodo Moeller


On Thu, Dec 16, 1999 at 05:40:18PM -0700, Alexey Melnikov wrote:

 I am developing multithreaded server that uses asynchronous socket IO.
 I would like to add SSL support, however it seems that OpenSSL handles
 socket IO itself. Server architecture requires that all socket
 operations are controlled by socket IO subsystem, but not by OpenSSL.
 
 Does anybody use OpenSSL with nonblocking sockets?

Non-blocking sockets (of the O_NONBLOCK kind) are no problem even if
OpenSSL does all the socket I/O itself.  If you need some other
variety of I/O and don't want to write a special BIO module for it,
then look at BIO pairs (crypto/bio/bss_bio.c, example code in
ssl/ssltest.c, more example code [in Lisp] available from URL:
ftp://ftp.lavielle.com/pub%2fcl-https%2f1999-10-15;type=d).
They are pipe-like -- you can give one end to the SSL library for
writing and reading, at the other end your application relays between
the SSL library and the actual I/O mechanisms.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL CA as trusted CA in Netscape browser - help

1999-12-17 Thread Massimiliano Pala


NortonNg wrote:
 
 hi..
 i saw your post at openssl mailing list about a way to add any arbitrary
 CA certificate into certificate database of Netscape Communicator,
  i am interesting about it..can you show me the source code.
 
 
 jkng.
 

Soory You got the wrong person, mine was only a reply stating that it is very
dangerous to add certificates to Netscape db WITHOUT explicit user acceptance
and that it should be forwarded to Netscape and signaled as a bug: it does not
give the ability to the user to refuse the certificate... :-D

If you want to add a CA certificate to Netscape db, simply send a certificate in
.der format with the

Content-Type: application/x-x509-ca-cert

Then the user will be asked to accept the CA certificate. I send you some code
from the OpenCA project.

C'you,

Massimiliano Pala ([EMAIL PROTECTED])

#!/usr/bin/perl 

## Send Certificates Tool - V2.0
## (c) 1999 by Massimiliano Pala and the OpenCA Group

## Uses the OpenCA::TRIStateCGI module by Massimiliano Pala
## to generate, check and manipulate FORMs Objects
use OpenCA::TRIStateCGI;

## Uses the OpenCA::Configuration module by Massimiliano Pala
## to load the configuration file
use OpenCA::Configuration;

my $query = new OpenCA::Configuration;

## Build a Configuration Object
my $config = new OpenCA::Configuration;

## Define the Configuration Name
my $CONFIG = 'secure.cnf';

## Load the Configuration file (read and parse)
if( $config-loadCfg( $CONFIG ) == undef ) {
print "Content-type: text/html\n\n";
configError( "Unable to load configuration file (request.cnf)!");
}

## Flush the output stream
$|=1;

my $cacert = getRequired( 'CACert' );
putCACert( "$cacert" );

## Subroutines Section (Last Modified on 08 September 1998)
## Changes by Massimiliano Pala ([EMAIL PROTECTED])

sub putCACert  {

my @keys = @_;
$cacert  = $keys[0];

print "Content-Type: application/x-x509-ca-cert\n\n";
open (FD ,"$cacert") or die "Error: Can't access CA Certificate!";

while (FD) {
print $_;
}

close FD
}

sub getRequired {

## Returns required parameter SINGLE STRING VALUE
## this function simplifies the parameter access
## but returns only the first parameter

my $name = @_[0];
my $tmp;

if( ($tmp = $config-getParam($name)) == undef ) {

## If there is an Error, just send the missing
## parameter error to the browser
configError( "Missing Configuration Keyword : $dir" );
}

## If all gone well we should have the value string in
## $ret and return it to the calling funcion;

$ret = $tmp-{VALUES}-[0];
return $ret;
}

sub configError {
my @keys = @_;
my $err = $keys[0];

print $query-start_html(-title="Administration Error",
-BGCOLOR="#FF");
print "CENTERBRHR WIDTH=80%BR/CENTER";
print "OLOLH1FONT COLOR=redError 690 /FONT/H1";
print "OL BConfiguration Error/B. $err./OL/OL/OL";
print "CENTERHR/CENTER\n/BODY\n/HTML\n";
}

 S/MIME Cryptographic Signature

Re: Other quetion..

1999-12-17 Thread Michael Ströder


Raul Gutierrez Rodriguez wrote:
 
 Where can i find all posible value of the fields:
 
 subjectKeyIdentifier
 authorityKeyIdentifier
 basicConstraints
 keyUsage

RFC

http://www.microsoft.com/security/tech/certificates/structuring.asp

 nsCertType

doc/openssl.txt of your friendly OpenSSL source tree.

http://www1.netscape.com/eng/security/certs.html

Ciao, Michael.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: apps\ca Y2K bug

1999-12-17 Thread Dr Stephen Henson


Nelson Alves da Silva Filho wrote:
 
 POSSIBLE bug regarding the ca application (OpenSSL-0.9.4).
 
 I think the function ASN1_UTCTIME_set_string (a_utctm.c) is not Y2K safe and, 
consequently, the "startdate" and "enddate" entries of openssl.cnf ca section as well.
 

Check out the description of UTCTime in RFC2459. If you still think
there's a problem please be a bit more specific.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Other quetion..

1999-12-17 Thread Raul Gutierrez Rodriguez


HI:

Where can i find all posible value of the fields:

subjectKeyIdentifier
authorityKeyIdentifier
basicConstraints
keyUsage
nsCertType

at the openssl.conf file and what is the meaning of echa file?

Slds
Raul Gutierrez

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to timeout a SSL_connect?

Re: How to timeout a SSL_connect?

Re: How to use OpenSSL with nonblocking IO

Re: OpenSSL CA as trusted CA in Netscape browser - help

Re: Other quetion..

Re: apps\ca Y2K bug

Other quetion..

7 matches

Site Navigation

Mail list logo

Footer information