authentication
Available compression methods:
NONE
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
SSLv2, cipher SSLv2 IDEA-CBC-MD5, 2048 bit RSA
1 handshakes of 256 bytes done
test sslv2 with client authentication
[stkap...@cisco.com - Fri Feb 10 16:40:08 2012]:
I have verified with a new build that I was able to connect WITHOUT
forcing the TLS version. So the changes worked in my tests.
OK, thanks for the update, ticket resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
10:47 AM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Wed Feb 08 00:12:25 2012]:
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Wed Feb 08 00:12:25 2012]:
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
Vs
Win2008 R2
[stkap...@cisco.com - Wed Feb 08 00:12:25 2012]:
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
Vs
Win2008 R2 64bit IIS7 set to require client auth
Command issued:
openssl s_client -connect stk-tms.a51.lab:443 -cert
/config/lighttpd/ssl.pem -CAfile
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
Vs
Win2008 R2 64bit IIS7 set to require client auth
Command issued:
openssl s_client -connect stk-tms.a51.lab:443 -cert
/config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state
Output attached
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, February 07, 2012 5:59 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Tue
normally access is down atm. Does anyone know
of a public IIS test server requiring client authentication?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
to discuss.
Thx
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, February 07, 2012 2:44 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap
[stkap...@cisco.com - Tue Feb 07 21:13:11 2012]:
FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied
on powerppc/linux) as well and found the same behavior. I also
tested against IIS on Windows 7 64bit as the server with the same
behavior. Maybe that will help
attached
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, February 07, 2012 5:59 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap
...@openssl.org]
Sent: Sunday, February 05, 2012 3:52 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Sun Feb 05 17:33:28 2012]:
Hi Stephen I will try to test
]
Sent: Sunday, February 05, 2012 3:52 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Sun Feb 05 17:33:28 2012]:
Hi Stephen I will try to test with the client and get back
[stkap...@cisco.com - Mon Feb 06 18:27:26 2012]:
Files attached..
The .zip file seems corrupted.
Also please try a more recent version of OpenSSL. Quite a bit has
changed since November.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Mon Feb 06 18:27:26 2012]:
Files attached..
The .zip file seems corrupted.
Also please try a more recent version
[stkap...@cisco.com - Sat Feb 04 21:00:23 2012]:
Setup:
Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux
Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication
set to Accept or Require
Local network, IPV4 addressing
I do not have the specific build of openssl
:
[stkap...@cisco.com - Sat Feb 04 21:00:23 2012]:
Setup:
Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux
Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication
set to Accept or Require
Local network, IPV4 addressing
I do not have the specific build of openssl 1.0.1
:
[stkap...@cisco.com - Sat Feb 04 21:00:23 2012]:
Setup:
Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux
Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication
set to Accept or Require
Local network, IPV4 addressing
I do not have the specific build of openssl 1.0.1
[stkap...@cisco.com - Sun Feb 05 17:33:28 2012]:
Hi Stephen I will try to test with the client and get back to you.
This is in an internal lab so it is not reachable. I can provide
packet sniff along with the certs /keys if that would be useful?
Yes. Also please try it with the -no_tls1_2
Setup:
Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux
Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication
set to Accept or Require
Local network, IPV4 addressing
I do not have the specific build of openssl 1.0.1 yet, will get that
from the other dev.
Symptom
Hi,
There is a comment (starting on line 2169 of s3_clnt.c openssl-0.9.8o) that
states:
/* XXX: For now, we do not support client
* authentication using ECDH certificates.
* To add such support, one needs to add
* code that checks for appropriate
* conditions and sets ecdh_clnt_cert to 1
Hi All,
If client authentication requested by the server, is it MUST to send the
certificate chain along with client certificate? Does RFC mandates sending
certificate chain?
Regards
Jaya
__
OpenSSL Project
If client authentication requested by the server, is it MUST to send
the certificate chain along with client certificate? Does RFC
mandates sending certificate chain?
The client is supposed to send the chain up to, but not necessarily
including, the root. Look at teh description
I am currently testing the ssl client i developed. I need to test it when it connects to a server which requires client authentication. However i do not know how to enable it in openssl's command line server (s_server). How do i enable client authentication in openssl s_server?
Sent from
On Fri, Dec 14, 2001 at 04:19:41PM +0530, ratan.sarkar wrote:
I am trying to implement Client authentication through SSL ..
but I am lil bit confused abt the verify callback function ...
what I want is ,at the time of handshake server will get the client cerificate and
server will check
Hi,
I am trying to implement Client authentication
through SSL ..
but I am lil bit confused abt the verify callback
function ...
what I want is ,at the time of handshake server
will get the client cerificate and server will check the DN and timestamp of the
client cerificate ..
I have set
Hi all,
I'm trying to write an application (an SSL server) that does client
authentication.
My application sends the certificate request using a renegotiate on an
already open connection.
When I connect to my applicatio with either an OpenSSL s_client or with
Netscape, everything wroks fine
I think I have sent this question... I am sorry if I have bothered you
with this email. I know that client authentication might be initialized by
the server... but I wish to know more about this... Thanks.
Dear all,
I am total newbie of TLS or SSL. I have a question about what I
the appropriate .cnf files.
Hope this helps...
- Original Message -
From: Lakshminarayanan Venkatesan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, November 02, 2000 3:37 PM
Subject: Client Authentication
Hi,
This problem may be old, but i am using SSL for the first time the
demo
Hi all,
can someone provide me with a good example how to handle
client
authentication on a SSL connection. I've already take a look
at the
examples in the openssl distribution and it didn't help
much.
On my code I'm doing the following:
1. Using openssl I've created a self-signed CA.
2
); [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [iaik-ssl] Client authentication failure when using OpenSSL
client against iSaSiLk server!
It is perfectly legal to use RSA client authentication even if a DSA
ciphersuite is used. The server specifies in its certificate request
iSaSiLk library
(version 3.01) just supporting DSA, and the server requires client authentication the
wrong certificate chain from the client are sent back to the server (in the
certificates SSL message), i.e. the RSA certificate chain are sent to the server even
if the selected cipher suite
It is perfectly legal to use RSA client authentication even if a DSA
ciphersuite is used. The server specifies in its certificate request
message which types of certificates it allows, if you want to restrict
that you can use
context.setAllowedCertificateTypes(SSLContext.CERTTYPE_DSS_SIGN
Hi everybody,
I have a problem when I want to use client authentication. I use OpenSSL
0.9.4.
Here is the code part on the client side:
== Client code
==
SSL_load_error_strings();
/* Create a SSL context
On Tue, Apr 25, 2000 at 10:39:32AM +0200, Laurent Christophe wrote:
Hi everybody,
I have a problem when I want to use client authentication. I use OpenSSL
0.9.4.
Here is the code part on the client side:
[code snippet shortened]
Server code
Hi,
can anyone send me a working example relative to client authentication?
I've compiled a demo distributed within OpenSSL (demos/ssl/serv.cpp) but
if I run this server with s_client the first doesn't get peer
certificate.
Thanks,
Ernesto Del Prete
n
sid_ctx but require client authentication, of course.
Doh. Yes, you are right.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group;
Bodo Moeller wrote:
"Roger Bodén" [EMAIL PROTECTED]:
I've noticed that the session re-use doesn't work if I turn on
client authentication in my SSL server, [...] A full SSL negotiation
is performed each time my client connects. If I turn off client
authentication the ses
Ben Laurie [EMAIL PROTECTED]:
Bodo Moeller:
[...]
The test in ssl_sess.c (function ssl_get_prev_session) is a little
more paranoid than is usually necessary -- if the SSL_CTX-internal
cache is used, usually one wouldn't really have to care about these,
as the SSL_CTX is enough of a context
Bodo Moeller wrote:
Ben Laurie [EMAIL PROTECTED]:
Bodo Moeller:
[...]
The test in ssl_sess.c (function ssl_get_prev_session) is a little
more paranoid than is usually necessary -- if the SSL_CTX-internal
cache is used, usually one wouldn't really have to care about these,
as the
"Roger Bodén" [EMAIL PROTECTED]:
I've noticed that the session re-use doesn't work if I turn on
client authentication in my SSL server, [...] A full SSL negotiation
is performed each time my client connects. If I turn off client
authentication the session cache works as intended.
Hello,
I've noticed that the session re-use doesn't work if I turn on client
authentication in my SSL server, in openssl 0.9.2b. I have set the
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE flags when I register my
callback function with SSL_CTX_set_verify(). This same behaviour is
found both
42 matches
Mail list logo