Hi,
I am to use TLS for securing an application's data transfer. For
development purposes I have been using a
dummy set of certificates in PEM format.
The currently used "SSL_CTX_load_verify_locations" API requires
that the certificate be in PEM format.
However, in real time
Hi Victor,
> You should be able to cleanly shut-down SSL on both sides, and
> resume in a new process, provided the application protocol has
> a clean session termination phase.
> For example, implementing an application level "STOPTLS" verb that
> the initiator may request and the responder must
On Fri, Sep 11, 2009 at 11:14:18AM +1000, Andrew Sumner wrote:
> Hi David,
>
> Thanks, you've saved me from tons of frustration and wasted time chasing an
> unworkable solution. The proxy idea sounds very promising, I'll check it
> out.
You should be able to cleanly shut-down SSL on both sides
Hi David,
Thanks, you've saved me from tons of frustration and wasted time chasing an
unworkable solution. The proxy idea sounds very promising, I'll check it
out.
cheers
Andrew
Andrew Sumner wrote:
> Implementing openssl I've hit a wall.
> I need to initiate SSL on the connection in the
> listener, before the client sends the login packet as it
> obviously shouldn't be sent in the clear.
> There's no way to pass the SSL objects to the new process,
> so I've been trying
Hi,
I am seeing an issue with the OpenSSL 0.9.8k version, in which the client fails
PEAP-TLS session resumption when 'fast reconnect' is disabled on the IAS
server. The issue is not happening with earlier versions of OpenSSL.
Has anybody seen this issue?
The issue happens when the client i
I've got a situation where a listener on the server receives a connection
then the client sends a login packet. The server creates a new "worker"
process as the logged in user and passes it the socket ID. The worker
process takes over communication with the client (which is unaware of what's
happ
This is not an Apache support list. However, if you're getting "file does
not exist", then your entire configuration is in need of a lot of work.
-Kyle H
On Thu, Sep 10, 2009 at 5:39 AM, wrote:
>
>
>
> From: majord...@openssl.org To: dbrahman...@intelliquip.com Date: 09/10/2009
> 08:24 AM Sub
(OT)
* Mark wrote on Thu, Sep 10, 2009 at 15:54 +0100:
> > No offense, but that's what the mailing list is for.
> > Granted, a search might have yielded the answer as well...
> > but if anything, the question should make you feel good
> > because it's one mess you won't be cleaning up.
>
> No off
From:
majord...@openssl.org
To:
dbrahman...@intelliquip.com
Date:
09/10/2009 08:24 AM
Subject:
Welcome to openssl-users
Hi,
I have installed apache 2.2.13
(apache_2.2.13-win32-x86-openssl-0.9.8k.msi) and I am struggling to get
the https to work.
The app works in http mode but fails to load in
Hi,
You can have a look at PHPki (http://sourceforge.net/projects/phpki) :
it's has the advantage of publishing a CRL and certificates on a web
pages, plus enrollment and revocation pages. It's based on PHP and it
invokes the openssl utility with conf files created on the fly for each
operation.
I
Hello,
On Thu, Sep 10, 2009 at 08:34:56AM +0200, Einar Thorsrud wrote:
> > I do not find any possibility to add the label to the
> > RSA_public_encrypt() function, but it could perhaps be achieved
> > otherwise?
>
> Could the label perhaps be related to the *p parameter in
>
> int RSA_padding_a
Good initiative I'll give it a try ...
although I am looking for "intermediate" size PKI free software,
I am a bit confused with large scale software like openca or ejbca , too
complex :-(
I used to operate my pki with a perl-openssl package from
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=102
>
> No offense, but I disagree. This list is for questions specific to OpenSSL
> programming, not for questions like "should I do what the documentation says".
> Asking such a question shows a fundamental misunderstanding on correct
> programming
> techniques. Unfortunately this is all too comm
> On Thu, Sep 10, 2009 at 6:29 AM, Mark
> <2d3ww4...@sneakemail.com> wrote:
> >
> > I am always very concerned when I read questions like this. The
> > documentation says to implement the callbacks. Therefore you must
> > do so.
>
> No offense, but that's what the mailing list is for. Granted,
On Thu, Sep 10, 2009 at 6:29 AM, Mark <2d3ww4...@sneakemail.com> wrote:
>
> I am always very concerned when I read questions like this. The
> documentation says to implement the callbacks. Therefore you must
> do so.
No offense, but that's what the mailing list is for. Granted, a
search might h
> We are planning to make use of openssl crypto library in
> multithreaded environment.
>
> We found in the openssl website that "
> OpenSSL can safely be used in multi-threaded applications
> provided that at least two callback functions are set,
> locking_function and threadid_func." And fro
On Thu, Sep 10, 2009, deiva shanmugam wrote:
> Hi,
>
> Thanks for the response, steve.
>
> So, irrepective of creating the openssl object per thread or globally for
> all threads, callback functions should be implemented to make the
> application thread safe?
>
Yes: the error queue requires
On Thu, Sep 10, 2009, pankaj227 wrote:
>
> /Zi option needs to be added to CFLAGS. May be it can be considered as a
> default option for debug builds of Windows in future releases of OpenSSL
> since debugging normally requires stepping into the code.
>
It is in 1.0.0. Note that a debugging vers
/Zi option needs to be added to CFLAGS. May be it can be considered as a
default option for debug builds of Windows in future releases of OpenSSL
since debugging normally requires stepping into the code.
pankaj227 wrote:
>
> Hi,
>
> I want to use fipscanister.lib along with debugging informat
Hi,
Can any one tell when where can I see the implemenataion of SSL API "
SSL_shutdown "
Thanks in advance.
--
View this message in context:
http://www.nabble.com/Implementation-of-API-SSL_shutdown-tp25380103p25380103.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
Goetz Babin-Ebell wrote:
> I think you have terrible mixed up you requirements and your (broken)
> solution.
> As far as I understood, you want:
>
> 1) Only one entity may be able to generate data.
> 2) Only a fixed set of entities may be able to read
> ~ the generated data.
>
> The answer to 1)
22 matches
Mail list logo