Because of lack of time, and because I'm not entirely sure we've gotten
all the reported bugs, I'm moving the release of 0.9.6h until thursday
night (swedish time). Please test the snapshots for the 0.9.6 branch
until then, on as many platforms as you have available and you feel
you have the time
Claus Assmann <[EMAIL PROTECTED]>:
>> Ed Kasky <[EMAIL PROTECTED]>:
>>> 27781:error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:tls peer did
>>> not respond with certificate list:s3_srvr.c:1638:
> AFAIK the client can respond with an empty list (RFC 2246, section
> 7.4.6). This is what sen
In message <[EMAIL PROTECTED]> on Mon, 18 Nov 2002
18:54:57 -0800, Ed Kasky <[EMAIL PROTECTED]> said:
ed> At 10:45 PM Monday, 11/18/2002, Richard Levitte - VMS Whacker wrote -=>
ed> >ed> Eudora has a client certificate that it received during it's first
ed> >ed> attempt to send through sendmail a
OCSP Gurus,
I am attempting to implement an app which
attempts
to verify PKCS7 signatures on data. It does
all the local
verification one would expect.
Now I want to add OCSP into the mix. Given a
locally verified
certificate chain, I want to perform OCSP on any
and all certs
involved
I have got the reason.
It is because that I haven't call SSLeay_add_all_algorithms(),so the cipher
can't run well.
thanks all!
--- "<[EMAIL PROTECTED]>" wrote --
>
> I want to generate a rsa encrypted private key file using openssl
> commands,and then use the privkey file to retrieve the priv
At 10:45 PM Monday, 11/18/2002, Richard Levitte - VMS Whacker wrote -=>
ed> Eudora has a client certificate that it received during it's first
ed> attempt to send through sendmail and it is trusted.
Really? OK, though that's an odd way to handle things. You're sure
you're not micing up client a
Hi, I have a SSL application that crashes with SEGV signal during a call to
SSL_connect() (backtrace follows). This happens only once during weeks of
running so I wonder if there is any known corner issue regarding SSL_connect().
I am using RedHat Linux 7.1 with openssl version 0.9.6f.
Backtrace:
Thank you for your help.
It turned out that the library we were using that implemented the
OpenSSL calls was not properly handing the SSL_ERROR_SYSCALL when errno
was EAGAIN. After discovering that ERR_get_err returned 0, I began to
suspect that something I read about EAGAIN being equivalent to
E
In message <[EMAIL PROTECTED]> on
Mon, 18 Nov 2002 09:36:11 -0500, "STEWARD, Curtis (Jamestown)"
<[EMAIL PROTECTED]> said:
Curtis.Steward> Excuse me if I'm missing something obvious, but
Curtis.Steward> I'm looking for SSL/TLS authentication (not encapsulation)
Curtis.Steward> of a rsh or ssh se
On Mon, Nov 18, 2002 at 03:04:03PM +0100, Karl-Michael Werzowa wrote:
> Had some experiences with M$-certificate authorities.
> We provided a root cert to a M$-Certificate server, which led to some
> problems.
Now there's a surprise! ;-)
>
> Hey, Vadim, it may be a less than perfect idea to let
> Which file, which version, where did you download it?
I just downloaded 0.9.6g from the openssl.org site again.
The line I'm concerned about appears in:
\openssl-0.9.6g\crypto\pkcs7\verify.c
Line #193:
ASN1_UTCTIME_free(tm);
Again, I'm puzzled that this seems to destroy part of the PKCS7
st
On Mon, Nov 18, 2002, Richard Levitte - VMS Whacker wrote:
> In message <[EMAIL PROTECTED]> on Mon, 18 Nov 2002
>10:43:54 -0800, Ed Kasky <[EMAIL PROTECTED]> said:
>
> ed> 27781:error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:tls peer did
> ed> not respond with certificate list:s3_srvr.c
In message <[EMAIL PROTECTED]> on Mon, 18 Nov 2002
11:02:10 -0800, Ed Kasky <[EMAIL PROTECTED]> said:
ed> Eudora has a client certificate that it received during it's first
ed> attempt to send through sendmail and it is trusted.
Really? OK, though that's an odd way to handle things. You're sur
In message <01c28f42$badb8f80$[EMAIL PROTECTED]> on Mon, 18 Nov 2002 12:40:27
-0800, "Bob Steele" <[EMAIL PROTECTED]> said:
bobsteele> Is it good that the >'d line below
bobsteele> destroys part of the PKCS7 object it works with?
bobsteele>
bobsteele> I cribbed from this code, and tried
Is it good that the >'d line below
destroys part of the PKCS7 object it works with?
I cribbed from this code, and tried to use the
PKCS7 object afterward, only to find it wrecked,
tracking dozens of recursive calls, wondering
what went wrong.
- If this is wrong, please fix it.
- If it is not
In message <[EMAIL PROTECTED]> on Mon, 18 Nov
2002 13:00:33 -0600, "Tighe Schlottog" <[EMAIL PROTECTED]> said:
TSchlottog> bash-2.03# openssl ca -keyfile CA/CAkey.pem -extensions v3_ca -in
TSchlottog> CA/guardian.csr -out guardian.pem -outdir CA/certs
TSchlottog> Using configuration from /opt/ope
At 07:54 PM Monday, 11/18/2002, Richard Levitte - VMS Whacker wrote -=>
ed> 27781:error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:tls peer did
ed> not respond with certificate list:s3_srvr.c:1638:
The last two lines should say it all. You need a client certificate
in Eudora, or if possib
Hello all,
I'll talk you up to where I am and then where I am having the
problem. I am checkpoint FW1 4.1sp6 also. So, I went through all the
normal steps of getting the cert installed on the firewall and generating
the certificate request, which it does but there is an issue with cut and
p
In message <[EMAIL PROTECTED]> on Mon, 18 Nov 2002
10:43:54 -0800, Ed Kasky <[EMAIL PROTECTED]> said:
ed> From the maillog:
ed>
ed> Nov 17 20:52:14 yoda2 sendmail[27781]: gAI4qE9C027781: --- 250 HELP
ed> Nov 17 20:52:14 yoda2 sendmail[27781]: gAI4qE9C027781: <-- STARTTLS
ed> Nov 17 20:52:14 yod
I have been attacking this issue in comp.mail.sendmail and it was suggested
I post this on this list.
We can't seem to get Eudora 5.2 to talk nicely with
sendmail-8.12.5, openssl-0.9.6d (and cyrus-sasl-1.5.27 for
SMTP_AUTH) Mail sent from a local host through sendmail is encrypted and
author
On Mon, Nov 18, 2002 at 08:00:16AM -0800, Moffet, Scott wrote:
> err is being set to -1
> SSL_get_error is returning SSL_ERROR_SYSCALL
> errno is 11, EAGAIN
> ERR_get_error is returning 0
In fact, SSL_ERROR_SYSCALL is the "catchall" message that is
given when no other condition applies.
> err is
Title: Cert/RSA key enabled "SSH"
Excuse me if I'm missing something obvious, but
I'm looking for SSL/TLS authentication (not encapsulation)
of a rsh or ssh session. I want the user's cert or public
key used in the authentication. I understand that SSH uses
a different "type" of key with "ss
err is being set to -1
SSL_get_error is returning SSL_ERROR_SYSCALL
errno is 11, EAGAIN
ERR_get_error is returning 0
err is -1, what is 5, errno = 11, err_err = 0
Is this a problem with non-blocking sockets?
~~Scott
(And if this helps at all, the output of openssl s_server is:
.
This is the first time I used C-Kermit with openssl.
I've tried to make a connection to an https site.
I use C-Kermit 8.0.206 with openssl-0.9.6g on an AIX 4.3.3
I've used the following commands
set auth ssl debug on
set auth ssl verify-file /urs/local/ssl/certs/ca-cert.pem
http open /ssl https:
There is a man page in the 0.9.7 beta distributions on the command line i/f. That's
all I've seen.
-Bob
> -Original Message-
> From: Jirí Olša [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 18, 2002 5:21 AM
> To: [EMAIL PROTECTED]
> Subject: OCSP
>
> hello,
>
> i'm writing OCSP r
Hi, Jason (and other people interested in the secret world of
M$-"implementations")
Had some experiences with M$-certificate authorities.
We provided a root cert to a M$-Certificate server, which led to some
problems.
Hey, Vadim, it may be a less than perfect idea to let M$ do the support. In
my
In message <[EMAIL PROTECTED]> on Mon, 18 Nov
2002 11:23:42 +0100 (CET), Peter Löfkvist <[EMAIL PROTECTED]> said:
e97_pel> I've been looking over the documentation and the mailing lists, but did
e97_pel> not come to a clear conclusion. Does opessl support IPv6?
There's no build-in IPv6 support.
Hi,
the best way to understand how the OCSP APIs works is to read the ocsp.c
file. I've wrote my own responder with this file as a base.
Michiels Olivier
On Mon, 2002-11-18 at 11:20, Jiří Olša wrote:
> hello,
>
> i'm writing OCSP responder, and i cant find any documentation
> about OpenSSL-OCSP A
char passin[] = "12345";
- Original Message -
From: "ѦԴ" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 18, 2002 3:23 PM
Subject: what is the difference between -passout option and PEM pass phrase?
> I want to generate a rsa encrypted private key file using ope
> I want to generate a rsa encrypted private key file using openssl
> commands,and then use the privkey file to retrieve the private key in
> my c language program.
> I tried the cmd:
> 1)openssl genrsa ¨Cpassout stdin -out key.pem
the '-des' option (or any other cipher is missing) =>
30 matches
Mail list logo