Hello,
If a blocking application sets SSL_MODE_AUTO_RETRY, SSL_read() will
only return once data is available, or a real error occurs. This must
not change.
It is not set for s_client.
We are taking of these case.
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
Hello
Your proposition was to add further breakage. It is a mistake to issue a
blocking socket operation if you do not wish to block, end of story. This is
just a single example of one way this can break and it is impossible to fix
it completely without breaking proper blocking
Hello,
Is there any support for multiple primary domains and associated
customer certificates on the same ip and port (i.e. a multihomed SSL
server).
If you think of mechanism such server_name introduced in RFC 3546 6.1
(which may be used for this purpose) - not in this release.
Best regards,
I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
And the official OpenSSL release 0.9.7j with the following options
./Configure threads zlib shared no-rc5 no-idea no-krb5
fips --openssldir=/opt/openssl hpux-ia64-cc
I tried compling the
On Mon, Jun 12, 2006, Haridharan wrote:
I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
If you literally typed that command in then it is a violation of the security
policy and the result is not compliant.
If the config script chose
I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
If you literally typed that command in then it is a violation of the
security
policy and the result is not compliant.
If the config script chose those options when you did:
./config
I just noticed an insanely bad typo in my original message:
However, when CC=gcc fipsld is used, the following error results:
Should instead be
However, when CC=g++ fipsld is used, the following error results:
Sorry for any confusion. Any help would be very much appreciated.
- Marty
--
On Mon, Jun 12, 2006 at 11:42:03AM +0200, Marek Marcola wrote:
Hello,
Is there any support for multiple primary domains and associated
customer certificates on the same ip and port (i.e. a multihomed SSL
server).
If you think of mechanism such server_name introduced in RFC 3546 6.1
Hello list!
I am trying to connect to a server that has supplied me with a cert. The
cert in question is called debitech_CA.pem and when I supply the
following command;
$ openssl s_client -connect secure.incab.se:443/verify/server/click
-cert debitech/debitech_CA.pem
I get the following error;
No, you got the problem exactly right, and it is a bug that does need
to be addressed. (HMAC_SHA1_SIG is defined as a string with a nil
terminator. gcc doesn't throw the error, but g++ rightly does. I
think there's a command-line parameter to disable that particular
error check, but I'm not
Kyle Hamilton wrote:
No, you got the problem exactly right, and it is a bug that does need
to be addressed. (HMAC_SHA1_SIG is defined as a string with a nil
terminator. gcc doesn't throw the error, but g++ rightly does. I
think there's a command-line parameter to disable that particular
error
Kyle Hamilton wrote:
No, you got the problem exactly right, and it is a bug that
does need to be addressed. (HMAC_SHA1_SIG is defined as a
string with a nil terminator. gcc doesn't throw the error,
but g++ rightly does. I think there's a command-line
parameter to disable that particular
The server has supplied you with the certificate to its CA, which
includes the CA's public key. You're putting it in the option for
client authentication via certificate.
I believe the option is -cacert, but I'm not quite certain. (I don't
use s_client enough to know for sure.)
-Kyle H
On
Hi all,
I am getting the following error message on encrypted
packets. Can someone tell me what they mean and
what I can do to correct the problem. Google did not bring
me any meaningfull results.
The script is running on an AIX box.
openssl enc -d -a -iv 31464F4C4C455431 -des3
On Mon, Jun 12, 2006, Kyle Hamilton wrote:
The server has supplied you with the certificate to its CA, which
includes the CA's public key. You're putting it in the option for
client authentication via certificate.
I believe the option is -cacert, but I'm not quite certain. (I don't
use
Hello,
$ openssl s_client -connect secure.incab.se:443/verify/server/click
-cert debitech/debitech_CA.pem
I get the following error;
unable to load client certificate private key file
31977:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:644:Expecting: ANY PRIVATE KEY
Hello,
The script is running on an AIX box.
openssl enc -d -a -iv 31464F4C4C455431 -des3 -K
31323334466F6C6C657426265472696D6461746131323334 -in
directory_encrypt/CS4_35854292.enc
A.RETURN.PKT=bad decrypt 130746:error:0606506D:digital envelope
routines:EVP_Dec
ryptFinal:wrong final
We are in the process of migrating from box A (AIX 4.3.3.0 running
openssl 0.9.6g) to box B (AIX 5.3.0.0 running openssl 0.9.8). Both A and
B access the same file system which contains our CA files.
When I revoke a certificate from box A, the process works as expected.
When I revoke a
Hi,
I'm currently developping a Python application which is a standalone
xml-rpc server, so with no web server in front of it.
(more details on http://www.pykota.com/software/pykoticon if needed)
this application works perfectly fine, but now I'd like to encrypt
all traffic between the client
I am experiencing a SIGSEGV in BN_BLINDING_free because mt_blinding
appears to be 0x11 instead of a pointer to some memory.
We had an identical issue reported here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193633
which is somehow caused by the use of Zimbra binaries.
Thank
Hi,
I think box A be the owner of the certificate so when u revoke it in boxA it works fine.Box B may not be the owner(issuer) and when revoking the certificate , it is verified whether it is revoked by the
corresponding person who issued the certificate by checking CN field in the certificate,
21 matches
Mail list logo