from:"Patrick Proniewski"

Re: [openssl-users] Why no peer certificate available.

2015-05-25 Thread Patrick Proniewski

On 26 mai 2015, at 05:17, Jerry OELoo wrote:

 Hi.
 I found there is a website which has https support.
 https://www.ib-channel.net/miegin/web/jsp/B02-01.jsp
 and browser can show its certificate chain.
 but when I use openssl to connect website, it returns fail.


Openssl works great here: 

$ openssl s_client -connect www.ib-channel.net:443
CONNECTED(0003)
depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, 
Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification 
Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/1.3.6.1.4.1.311.60.2.1.3=JP/businessCategory=Private 
Organization/serialNumber=0104-01-022916/C=JP/postalCode=108-8001/ST=Tokyo/L=Minato-ku/street=7-1,
 Shiba 5-chome/O=NEC Corporation/OU=NEC WOSC-IB005/CN=www.ib-channel.net
...
...

but it's kinda old: 

$ openssl version
OpenSSL 0.9.8y 5 Feb 2013

A more current release shows the same error you posted: 

$ apps/openssl version
OpenSSL 1.0.2a 19 Mar 2015

$ apps/openssl s_client -connect www.ib-channel.net:443
CONNECTED(0003)
write:errno=54
---
no peer certificate available
---
...
...
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] compared performances on Mac OS X 10.6.8

2015-05-10 Thread Patrick Proniewski

Hello,

I've compiled OpenSSL 1.0.2a on Mac OS X 10.6.8, and used `openssl speed` to 
compare performances with stock OpenSSL (0.9.8). In many tests, 1.0.2a is a bit 
faster, or as fast as 0.9.8y, but on the 6 AES tests, the old one is almost 
twice as fast as the new one:

OpenSSL 1.0.2a 19 Mar 2015
built on: reproducible build, date unspecified
options:bn(64,32) rc4(8x,mmx) des(idx,cisc,16,long) aes(partial) idea(int) 
blowfish(ptr) 
compiler: cc -I. -I.. -I../include  -fPIC -fno-common -DOPENSSL_PIC -DZLIB 
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 
-fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM 
-DGHASH_ASM
../..
aes-128 cbc  93494.07k   102637.16k   104677.80k   105762.76k   106145.31k
aes-192 cbc  78912.98k84939.17k86991.87k88263.00k88350.72k
aes-256 cbc  68691.56k73564.65k74554.37k75421.01k75803.31k
../..
aes-128 ige  89849.59k94381.10k97713.32k98399.23k97045.16k
aes-192 ige  76133.38k80632.62k81332.31k82033.66k81988.27k
aes-256 ige  66744.15k69558.66k70501.12k70079.15k70041.60k
../..


OpenSSL 0.9.8y 5 Feb 2013
built on: Jun 27 2013
options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) 
blowfish(ptr2) 
compiler: -arch x86_64 -fmessage-length=0 -pipe -Wno-trigraphs -fpascal-strings 
-fasm-blocks -O3 -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN 
-DMD32_REG_T=int -DOPENSSL_NO_IDEA -DOPENSSL_PIC -DOPENSSL_THREADS -DZLIB 
-mmacosx-version-min=10.6
../..
aes-128 cbc 149709.21k   157970.02k   159079.54k   160057.16k   159908.25k
aes-192 cbc 132826.18k   138516.09k   139301.84k   139847.86k   139845.95k
aes-256 cbc 119058.45k   123144.42k   123989.61k   124192.42k   124275.21k
../..
aes-128 ige 157970.54k   168814.05k   171997.82k   171239.04k   172713.37k
aes-192 ige 139152.02k   145860.99k   148705.55k   148606.98k   150433.13k
aes-256 ige 124678.17k   130624.07k   132307.43k   131849.37k   132539.38k


Is it a compilation issue? (I've tested both -arch on 1.0.2a with same results).

thanks,
patpro
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] upgrade system's OpenSSL and libs on Mac OS X 10.6.8

2015-05-10 Thread Patrick Proniewski

Hi,

Disclaimer: I'm not a developer.

I would like to upgrade openssl, libssl and libcrypto on my Mac OS X 10.6.8 
system. The purpose is to allow system and softwares to use the new libs (for 
example ssh, sshd, Mail...). Do you think it's possible?

I can already install openssl and libs somewhere else (/usr/local), but if 
possible I would like to replace those provided by the system.

Any help greatly appreciated.
patpro
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Why no peer certificate available.

[openssl-users] compared performances on Mac OS X 10.6.8

[openssl-users] upgrade system's OpenSSL and libs on Mac OS X 10.6.8

3 matches

Site Navigation

Mail list logo

Footer information