Re: Some queries
Jagannadha Bhattu wrote: 1. If we do not set SSL_OP_SINGLE_DH_USE then the same public and private keys are used for all connections? If so how can this provide security at all as one client can decrypt other client's messages? Different clients would get different common DH secret values. That is, client public DH key power server private key. 2. Is it required to seed the random number generator whenever we use SSL? or only in cases where it is explicitly asked such as in the documentation of RSA_generate_key. It's reasonable to seed all the time your application have some hard to predict data 3. According to my understanding, SSL private key and public key are RSA keys and for ephemeral keying we can use another set of RSA keys or with the key generated by DH params. Let me know if my understanding is wrong. If this is the case then in the supported Ephemeral key is required if SSL server key could only be used for signing, say DSA. RSA could be used without ephemeral keys because SSL server could decrypt client's secret with RSA. ciphers list that we get with the command openssl ciphers -v 'ALL', I see 3 fields: key exchange (Kx), Authentication (Au) and Encryption (Enc). What is the meaning of all these fields? At what phase of SSL protocol does all these things come into picture and how they work? Where can I get detailed documentation about all these? SSL/TLS1 specifications could be something to start from Thanks JB __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Loading a PKCS7 SignedData structure with d2i_PKCS7_fp
On Fri, Jul 08, 2005, Fred Anderson wrote: Thanks once again for the help, Steve. I've gotten beyond the segmentation fault using your suggestions. Now I'm getting the following error on the PKCS7_verify call: error:2106906D:PKCS7 routines:PKCS7_dataInit:unknown digest type Ah, now that one is in the FAQ.. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Apache API and ssl certificates.
When you do please tell me!! I have the same problem -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fco .J. Arias Sent: Saturday, 9 July 2005 6:15 AM To: Lista OPENSSL Subject: Apache API and ssl certificates. Hello, Know anyone how to extract clearly information about certificate of client into C module in apache. For example extract the name of CA that signed the client certificate and use it. Thanks, Fran. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.10/43 - Release Date: 6/07/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.11/45 - Release Date: 9/07/2005 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]