List [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
--
+-------+
| Matthias Loepfe Roentgenstr. 22 Phone: +41 1-272 6111 |
Hi
Rich Salz wrote:
>
> We have a patch that adds OCSP checking to client-side certs for mod_ssl.
> It has some client code, and additions to OpenSSL to parse the data
> structures. We're in the process of upgrading to the current OpenSSL
> release. With the change in US export regulations, w
http://support.microsoft.com/support/kb/articles/q249/8/63.asp
best regards
Matthias
+---+
| Matthias Loepfe Roentgenstr. 22 Phone: +41 1-272 6111 |
| AdNovum Informatik AG CH-8005 Zuerich Fax: +41 1-272
he questions: 1) Is (from the spec point of view) the server side allowed
to choose according to his own preferences?
2) Why should the server not enforce his own preference?
x27;t use the correct hostname to connect to the server. If you get
any warning box (name mismatch) it does not work. IE makes the step up
only if the CN part of the cert matches the name you typed in in the URL
4) You use an IE prior to version 4
Matthias
--
Ben Laurie wrote:
>
> Matthias Loepfe wrote:
> > Also I think it would probably be a good idea to think about supporting
> > the MS-StepUp in OpenSSL.
>
> Is there a spec for it?
see
http://www.microsoft.com/security/tech/sgc/TechnicalDetails.asp
or
http://www.mic
www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
--
-
[EMAIL PROTECTED] wrote:
>
> On Thu, Oct 28, 1999, [EMAIL PROTECTED] wrote:
>
> > Full_Name: Matthias Loepfe
> > Version: mod_ssl-2.3.9
> > OS: Solaris 2.6
> > Submission from: (NULL) (193.192.235.3)
> >
> > In the builtin passphrase getter a magic c
d have the processid (and probably the thread id) included.
This way it would be possible to separate the log entries from different
concurrent processes and assign them to a particular client (ip).
regards
Matthias
--
EA_128_SHA /*IDEA-CBC-MD5*/, 128, 128 },
regards
Matthias
-------
Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
Email: [EMAIL PROTECTED] Voice: +41 1
Ralf S. Engelschall wrote:
>
> On Wed, Jul 28, 1999, Matthias Loepfe wrote:
>
> > I check you patch and found out that it works except in the case where you
> > use apache as a proxy with https.
> >
> > To fix the problem just check 'actx to be NULL&
[EMAIL PROTECTED] wrote:
>
> On Wed, Jul 28, 1999, [EMAIL PROTECTED] wrote:
>
> > Full_Name: Matthias Loepfe
> > Version: 2.3.9
> > OS: Solaris 2.6
> > Submission from: (NULL) (193.192.235.3)
> >
> > I'm not sure if the following is realy seen
)
regards
matthias
---
Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
Email: [EMAIL PROTECTED] Voice: +41 1 272 6111 Fax: +41 1 272 6312
*** apache_1.3.6/src/modules/ssl/ssl_engine_kernel.cSun
n);
> +return rv;
> +}
> +
> +/* override SSL_read in the following code... */
> +#define SSL_read ssl_io_suck_read
> +
> +#endif /* SSL_EXPERIMENTAL */
>
> /* _
> **
>
__
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
--
--
possible that some data gets transfered with a weak cipher in place.
-------
Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
Email: [E
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager[EMAIL PROTECTED]
> >
>
> __
> Apache Interface to OpenSSL (mod_ssl)
of ssl_locl.h everything works perfect.
Matthias Loepfe wrote:
>
> Hi Ralf
>
> I'm testing the optimized dynamic renegotiations and found some points I would
> like to discuss.
>
> 1. If for example mod_ssl tries to make a quick renegotiation and fails, now
>mod_ssl ret
ion the client
certs
are transfered encrypted.
But this makes the renegotiation optimizations even more important.
So that's it for the moment.
best regards Matthias
---
Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
Email: [EMAIL PROTECTED] Voice: +41 1
t; installs new certificates into the file.
> > I'm looking at the gid-tagcert.c program that comes with modssl,
> > and see that it uses some info about the file layout that doesn't
> > seem to be in the cert7.html file, so I'm wondering where the info
> > ca
any advice.
>
> Paul
> __
> Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
> Official Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAI
Ralf S. Engelschall wrote:
>
> On Wed, Apr 14, 1999, Matthias Loepfe wrote:
>
> > A renegotiation only happens if:
> >
> > 1.) if current cipher is not contained in the new cipher list
> > 2.) if current cert chain length is longer than the verify depth
> &g
DIUM:EXP
You can verify it with 'openssl ciphers -v '
cu
Matthias
-------
Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
Email: [EMAIL PROTECTED] Voice: +41 1 272 6111 F
> get this working?
Yes. It works perfectly.
---
Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
Email: [EMAIL PROTECTE
Ralf S. Engelschall wrote:
>
> On Tue, Nov 03, 1998, Matthias Loepfe wrote:
>
> > I played around with NS-Browser and the 128 bit step-up.
>
> What exactly do you mean here? The fact that you used a Fortify'ed NS or that
> you disabled some ciphers or that you used
SSL_ERROR_WANT_READ)) {
errno = EINTR;
}
}
else
#endif
rv = read( fb->fd_in, buf, nbyte );
...
regards
Matthias
-------
Matthias Loepfe, AdNovum Informatik AG, Roentgenstr. 22, CH-8005 Zurich
26 matches
Mail list logo