when running this
openssl s_client -connect 222.33.175.160:443 -state -debug > openlog2
this is the output:
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=US/ST=NewYork/L=YC/O=eee/OU=IT/CN=192.37.175.160/[EMAI
Thanks for the response.
how is stunnel used?
-Original Message-
From: Victor Duchovni <[EMAIL PROTECTED]>
Sent: Aug 10, 2005 10:18 PM
To: openssl-users@openssl.org
Subject: Re: openssl -connect works, https does not
On Wed, Aug 10, 2005 at 09:06:10PM -0400, [EMAIL PROTECTED] wrote:
> w
On Wed, Aug 10, 2005 at 09:06:10PM -0400, [EMAIL PROTECTED] wrote:
> when connecting to an ip address on port 443 the openssl -connect
> command works, but when browsing to the url with internet explorer,
> the https://ipaddress/index.html does not display.
>
Is the port 443 listener in fact a
when connecting to an ip address on port 443 the openssl -connect
command works, but when browsing to the url with internet explorer,
the https://ipaddress/index.html does not display.
any ideas?
tia
__
OpenSSL Project
Re: openssl-0.9.8-stable-SNAP-20050805 on WinCE5.0
OK, I downloaded wcecompat 1.1 and openssl-0.9.8-stable-SNAP-20050810
and rebuilt everything again. Things are much, much better now. Of the
items below, I think only #2 and #5 suggest a fix is needed in wcecompat and
openssl. The others
OK, I downloaded wcecompat 1.1 and openssl-0.9.8-stable-SNAP-20050810
and rebuilt everything again. Things are much, much better now. Of
the items below, I think only #2 and #5 suggest a fix is needed in
wcecompat and openssl. The others itmes are responses to previous
emails.
1. I fixed my
In message <[EMAIL PROTECTED]> on Wed, 10 Aug 2005 18:24:54 +0200 (CEST),
Johnny Gonzalez <[EMAIL PROTECTED]> said:
johnnygonzalezl> Hello Richard,
johnnygonzalezl>
johnnygonzalezl> I have just done it, a friend told me to add the
johnnygonzalezl> shared option to the config command, like this:
Thanks for the response.
Not sure if this post issue is similar - but once the connect works, https works
http://groups-beta.google.com/group/alt.apache.configuration/browse_thread/thread/e2ce8cc2db458885/3337e78d29ad78db?lnk=st&q=how+to+set+up+apache2+ssl.conf&rnum=2&hl=en#3337e78d29ad78db
Some
[EMAIL PROTECTED] wrote:
Thanks for the response.
The .key and .crt file have been moved to the defaut directories in the
ssl.conf files.
which are /usr/local/apache2/conf/ssl.crt and
/usr/local/apache2/conf/ssl.key
That's better.
$ openssl s_client -connect localhost:443 -state -debug
GET
TLS allows for the detection of a (post-handshake) replay attack
by detecting incorrect values of the sequence number in the MAC.
However, I can't figure out what action is taken when an attack *is*
detected. Is an alert sent to the peer? How is the recipient application
informed?
TIA
BigG
__
Thanks for the response.
The .key and .crt file have been moved to the defaut directories in the
ssl.conf files.
which are /usr/local/apache2/conf/ssl.crt and
/usr/local/apache2/conf/ssl.key
this document has instructions to manually connect to HTTPS
http://www.modssl.org/docs/2.8/ssl_faq.html#
[EMAIL PROTECTED] wrote:
Thanks for the response. Also this is a development server.
the how-to document placed the .crt and .key files
in the following directories.
cp mars-server.crt /etc/httpd/conf/ssl.crt
cp mars-server.key /etc/httpd/conf/ssl.key
cp my-ca.crt /etc/httpd/conf/ssl.crt
These
Thanks for the response. Also this is a development server.
the how-to document placed the .crt and .key files
in the following directories.
cp mars-server.crt /etc/httpd/conf/ssl.crt
cp mars-server.key /etc/httpd/conf/ssl.key
cp my-ca.crt /etc/httpd/conf/ssl.crt
These directories do not exist o
[EMAIL PROTECTED] wrote:
Is it possible to clarify some of the confusion with the configuration?
From what you wrote I don't really see what the issue is -
Any clarification would be appreciated.
The certificates were placed in a directory called CA.
How is this a problem?
Thank you.
What yo
Is the method of certificate/key creation as specified in thsi document:
http://www.vanemery.com/Linux/Apache/apache-SSL.html
correct?
-Original Message-
From: Jorey Bump <[EMAIL PROTECTED]>
Sent: Aug 10, 2005 2:45 PM
To: openssl-users@openssl.org
Subject: Re: apachectl startssl started,
Is it possible to clarify some of the confusion with the configuration?
>From what you wrote I don't really see what the issue is -
Any clarification would be appreciated.
The certificates were placed in a directory called CA.
How is this a problem?
Thank you.
-Original Message-
From:
On Wed, Aug 10, 2005, david kine wrote:
> Thanks for the response. The CRL files (multiple) are
> provided by an external application. I provide an API
> to reload the CRL files, and my plan is to update the
> SSL_CTX objects with the new CRL files.
>
> Can I use 0.9.6d, or should I update to 0
[EMAIL PROTECTED] wrote:
These lines are from ssl.conf
DocumentRoot "/opt/apache/CA"
This configuration is simply insane. Sorry, but you really need to
disable SSL and get up to speed on basic apache administration. Don't
change settings without understanding what they do. Any server
admin
These lines are from ssl.conf
DocumentRoot "/opt/apache/CA"
SSLCertificateFile /opt/apache/CA/192.33.175.160.crt
SSLCertificateKeyFile /opt/apache/CA/192.33.175.160.key
SSLCertificateChainFile /opt/apache/CA/my-ca.crt
SSLCACertificateFile /opt/apache/CA/my-ca.crt
SSLOptions +StdEnvVars
Hi,
> when typing https://ipaddress:443/index.html into a browser
> it cannot find the page and goes back to
>
> https://ipaddress
port 443 *IS* https. the browser sees the one and same.
alan
__
OpenSSL Project
[EMAIL PROTECTED] wrote:
if apachectl startssl works, any idea how come
trying to open https://ipaddres:443/index.html cannot display the page?
It's redundant. The standard port for https is already 443, and some
browsers will simply remove it from the URL. The fact that the page
won't displa
if apachectl startssl works, any idea how come
trying to open https://ipaddres:443/index.html cannot display the page?
the following log appears after trying
openssl s_client -connect IPAddress:443 -state -debug
No client certificate CA names sent
---
SSL handshake has read 2519 bytes and writt
Thanks for the response. The CRL files (multiple) are
provided by an external application. I provide an API
to reload the CRL files, and my plan is to update the
SSL_CTX objects with the new CRL files.
Can I use 0.9.6d, or should I update to 0.9.7g for
this application? My understanding is that
On 8/9/05, Steven Reddie <[EMAIL PROTECTED]> wrote:
> I wrote wcecompat solely for the OpenSSL port (but with a view to using it
> for other things), so I guess you could say I'm more of an OpenSSL-er than a
> Windows CE-er.
>
> Do you know if a similar change needs to be made for ARMV4T?
>
Sorr
Hello Richard,
I have just done it, a friend told me to add the
shared option to the config command, like this:
./config shared
And now the libraries have been installed in the
required directory (lib/engines/).
thanks a lot for your help,
Johnny
--- Johnny Gonzalez <[EMAIL PROTECTED]>
escrib
Hi,
I have a 'problem' that has been reported before, namely that only the
first 32k of my messages are being sent/read by my openSSL
client/server.
The original post is here:
http://marc.theaimsgroup.com/?l=openssl-users&m=101180918225646&w=2.
The solution given was to read the man pages for S
CRL days is probaly 30 in the .cnf file.
Jagannadha Bhattu Gosukonda wrote:
My openssl.cnf file has the following entry:
default_days = 365
But when I create a root CA and sign a certificate for a sample server
with it then the 'Not After' is set to exactly 30 days from 'Not
Before' date. I ha
My openssl.cnf file has the following entry:
default_days = 365
But when I create a root CA and sign a certificate for a sample server
with it then the 'Not After' is set to exactly 30 days from 'Not
Before' date. I have created the root CA and the server keys today
only.
Is there any place that
reverse that - accidently changed the wrong file -
changing the group to nobody stopped the error_log errors
Many Thanks!
What is next required to see https://ipaddress:443/index.html ?
using netstat -na |grep LISTEN
displays 443
when typing https://ipaddress:443/index.html into a browser
Hope you have created a group called nobody. You can try ltrace and
try to see what is going wrong.
JB
On 8/10/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Try:
>
> Group nobody
>
> Of course, you need to have the nobody group on your system (many
> already do). Another popular choice fo
Try:
Group nobody
Of course, you need to have the nobody group on your system (many
already do). Another popular choice for User/Group is apache (again, it
must be present, don't mess with this until you understand the
implications of creating a special user for Apache).
again, thanks very
> Thanks very much for your response. Any idea what the Group
> setting needs to
> be in httpd.conf?
>
> this is how it looks now
>
> User nobody
> Group #-1
>
> tia,
> dk
It depends what group you want apache to run under. If you have a
"nobody"
group, that's probably what you want.
[EMAIL PROTECTED] wrote:
also looking into (22)Invalid argument: setgid: unable to set group id to
Group 4294967295
This is your real problem. Check your Group setting in your apache
configuration. You probably just need to get your permissions and
ownerships correct.
Thanks very much for
4294967295 is -1. that means the previous API in the code returned -1
which was passed setgid. So instead of getting the group permissions
and ownerships correct, you may want to see the group name it self.
Probably that was wrong.
JB
On 8/10/05, Jorey Bump <[EMAIL PROTECTED]> wrote:
> [EMAIL PRO
> also looking into (22)Invalid argument: setgid: unable to set group id to
Group 4294967295
This is your real problem. Check your Group setting in your apache
configuration. You probably just need to get your permissions and
ownerships correct.
Thanks very much for your response. Any idea w
According to the available APIs:
1. There is no way you can get from SSL_CTX object directly.
2. To get certificate from SSL object:
You can get the certificate by calling SSL_get_certificate. To get the
peer certificate use SSL_get_peer_certificate.
3. To get private key of your application:
T
[EMAIL PROTECTED] wrote:
Trying to set up ssl for an intranet. There is no FQDN, just an IP address.
Is this possible?
Yes. The only important thing is that the hostname used by clients to
find your machine must match the Common Name in the certificate. So, if
your other machines use https:/
On Tue, Aug 09, 2005, david kine wrote:
> I am implemeting CRL support in an application on
> Solaris using OpenSSL 0.9.6d 9 May 2002.
>
> According to the information I have gathered, CRL
> support is not available in pre-0.9.7 OpenSSL
> releases.
>
> I have the opportunity to easily upgrade to
Trying to set up ssl for an intranet. There is no FQDN, just an IP address.
Is this possible?
I've create the certificate keys as X.X.X.X.key
instead of www.example.com.key
I'm able to run the startssl command (see below)
It asks for the pass phrase, and says it logs in, but the
error log (list
Trying to set up ssl for an intranet. There is no FQDN, just an IP address.
Is this possible?
I've create the certificate keys as X.X.X.X.key
instead of www.example.com.key
I'm able to run the startssl command (see below)
It asks for the pass phrase, and says it logs in, but the
error log (list
On Wed, Aug 10, 2005, Bhupendra K Joshi wrote:
> Hello,
>
> I have used RSA_private_encrypt instead of using RSA_sign and
> RSA_public_decrypt instead of using RSA_verify.
>
> For verifying I have compared the hash to complete the verification.
>
> Can there be a problem in this?
>
Hello Richard,
--- Richard Levitte - VMS Whacker
<[EMAIL PROTECTED]> escribió:
> In message
>
<[EMAIL PROTECTED]>
> on Wed, 10 Aug 2005 03:27:23 +0200 (CEST), Johnny
> Gonzalez <[EMAIL PROTECTED]> said:
>
> johnnygonzalezl> > Hmm? It should, in the engines/
> directory.
> johnnygonzalezl> Well
Hello,
I have used RSA_private_encrypt instead of using RSA_sign and RSA_public_decrypt instead of using RSA_verify.
For verifying I have compared the hash to complete the verification.
Can there be a problem in this?
What is the difference between RSA_private_encrypt and RSA_sign?
Hello Richard,
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Wed, 10 Aug 2005 03:27:23 +0200 (CEST), Johnny
Gonzalez <[EMAIL PROTECTED]> said:
johnnygonzalezl> > Hmm? It should, in the engines/ directory.
johnnygonzalezl> Well, I don't know if I did it wrong, but I d
biswatosh chakraborty writes:
Hi
I am using Solaris 9 on AMD machine and not able to do config of openssl.
It says platform not supported.
But I went to a site called blatwave.org and installed openssl package
successfully and am able to run openssl command from command prompt like:
The one
Hi
I am using Solaris 9 on AMD machine and not able to do config of openssl.
It says platform not supported.
But I went to a site called blatwave.org and installed openssl package
successfully and am able to run openssl command from command prompt like:
***
46 matches
Mail list logo
