Windows XP/2K, IPSec and Certificates

2003-11-06 Thread Paul R. Adams
FYI: I'm a relative novice when dealing with SSL encryption. So please bear with me if I ask pointless questions. Background Info: My current project is securing a wireless network. I activated the WEP encryption and setup the nodes but from all the documentation I've read WEP is not enough.

Re: crlDistributionPoints with DirName value?

2003-11-06 Thread Mike Acar
I'll answer several messages at once in this mail. Nils Larsch [EMAIL PROTECTED] wrote: Try: [EMAIL PROTECTED] [dist_point] dirName=dir_name [dir_name] C=FI O=SSH Communications Security Corp CN=SSH Test CA 2 No Liabilities this works for me (note: I'm using 0.9.8-dev).

SSL_CTX_set_verify() set callback to object-method?

2003-11-06 Thread KOverton
Perhaps this is a Windoze-specific problem, but I'm not able to set the callback method as an object-method. Is it impossible? -- kov

RE: SSL_CTX_set_verify() set callback to object-method?

2003-11-06 Thread dilkiel
Directly... yes, it is impossible. Indirectly, is possible. You'll need to create a C callback to pass to set_verifythat calls your object method with the object pointer. you'll need to create a c++analog of the set_verify that'll take the object pointer and method callback. Just par for

Client Side Certificate model

2003-11-06 Thread Babineau, Denis
Title: Client Side Certificate model Hi all I need to implement a client side certificate model for SSL, specifically, the client side (the server side is developped by another party of which I won't have access to until the end of the implementation). The Key exchange algo. used will be

Re: Client Side Certificate model

2003-11-06 Thread Goetz Babin-Ebell
Hello Denis, Babineau, Denis wrote: I need to implement a client side certificate model for SSL, specifically, the client side (the server side is developped by another party of which I won't have access to until the end of the implementation). The Key exchange algo. used will be RSA and the

Re: Decrypting SSL packets with openSSL

2003-11-06 Thread Rich Salz
I don't think it really works - I certainly never got it to work. Most likely becuase you don't have the keys. 1. ssldump has the keys. This means that ssldump must have the *private keys* of the server and, if they're used, of the client as well. In other words you are setting ssldump

STUNNEL and CRL

2003-11-06 Thread Takeo Shibata
Does anyone know if STUNNEL program support CRL in any way(PEM file format like Apache or more sophisticated way)? I check the www.stunnel.org It does not say "it does not support" But it ddoes not say "it supports" either. There is not option or stunnel.conf setting for

Re: Decrypting SSL packets with openSSL

2003-11-06 Thread Jason Haar
On Fri, 2003-11-07 at 14:26, Rich Salz wrote: I don't think it really works - I certainly never got it to work. Most likely becuase you don't have the keys. Bzzt - sorry - I'm not that stupid today ;-) If I do ssldump -Ad -i eth0 -k server-cert.pem host me and port 443, where