Hi,
I have a chain of certificates C-B-A-RootCA. The TLS client only presents C
during the TLS handshake. RootCA has the Certificate Sign extension set but not
B and A.
The TLS server fails the TLS handshake because of the absence of the
Certificate Sign extension in B and A.
My first
On Fri, Oct 23, 2009 at 03:47:51PM +0100, Darryl Miles wrote:
I advocate that some users would find it useful to be able
to invoke
SSL_read() and SSL_write() from exactly two threads on the
same 'SSL *'
simultaneously. There is merit in this and as things
stands OpenSSL does
tried to run my decryption func with test vectors and got not proper result
-- CODE --
void aes256cbc_encrypt()
{
int i, outlen;
unsigned char *outbuf = (unsigned char*)malloc(1024);
unsigned char key[] =
Hello.
I am not searching bugs in my code. I have a certificate and a CRL.
And the functionality -issuer_checks is buggy. My cert and CRL have
exactky the same DN as issuer.
2009/10/28 David Schwartz dav...@webmaster.com:
Daniel Marschall wrote:
Any idea? This problem exists since 2003 and
On Wed, Oct 28, 2009 at 12:44:28AM -0700, himas wrote:
tried to run my decryption func with test vectors and got not proper result
-- CODE --
void aes256cbc_encrypt()
{
int i, outlen;
int i, outlen, tm;
unsigned char *outbuf = (unsigned char*)malloc(1024);
Parimal Das wrote:
Its the second case Darry,
Here the 'sleep' is Operating System Sleep mode induced by closing the
lid of laptop.
After opening the laptop, when the system wakes up,
My application is always hanging at the same place.
It is possible there is something specific OSX does in
On Tue, Oct 27, 2009, Mourad Cherfaoui wrote:
Hi, I have a chain of certificates C-B-A-RootCA. The TLS client only
presents C during the TLS handshake. RootCA has the Certificate Sign
extension set but not B and A. The TLS server fails the TLS handshake
because of the absence of the
In the manual page for SSL_CTX_set_tmp_dh function it is recommended to
always set temporary Diffie-Hellman parameters for the server SSL_CTX,
in case if client would negotiate some ciphersuite which uses ephemeral
DH key agreement.
Some application authors choose to not compile these parameter
On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
But for some setups, especially in OpenSSL 1.0, which supports EC
ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still needs to designate an ECDH
curve for ECDHE ciphers. Postfix code for
Thanks Steve,
Yes, the keyUsage is present but the sign bit is not set. As a background on
this, the user does not want his CA to set the sign bit for non-root
certificates.
I am not sure I understand why the client is broken? Did you mean that the sign
bit can be omitted if the client
On October 28, 2009 12:10:16 pm Mourad Cherfaoui (mcherfao) wrote:
Thanks Steve,
Yes, the keyUsage is present but the sign bit is not set. As a background
on this, the user does not want his CA to set the sign bit for non-root
certificates.
If the keyUsage is present and the certSign bit is
Hi,
My client uses sslv23_method() with SSL_OP_NO_SSLv2 in SSL_CTX_set_options.
Since I upgraded to v0.98k the handshake with one particular server fails
with error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure. With OpenSSL v0.98i and earlier no problem at all.
--
On Wed, Oct 28, 2009, Mourad Cherfaoui (mcherfao) wrote:
I am not sure I understand why the client is broken? Did you mean that the
sign bit can be omitted if the client sends the entire chain of certificates
(except maybe the root) AND the server has the certificates chain as well?
Thanks.
On 2009.10.28 at 11:05:22 -0400, Victor Duchovni wrote:
On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
But for some setups, especially in OpenSSL 1.0, which supports EC
ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still needs to
Hi,
I am using radius server for authinticating my ThinClient Laptop for
WirelessAP in TLS security mode.
But my radius server is saying unknown ca.
my radius tls config looks like:
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
But for some setups, especially in OpenSSL 1.0, which supports EC
ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still needs to designate an ECDH
curve for ECDHE ciphers. Postfix
Thanks much for the explanations on how this data is laid out.
My first attempts at using the key I generated on my hardware platform were
unsuccessful.
Stepping back, I thought I would use openssl to create a sect163k1 encrypted
SHA1 digest of my test file and then verify it. I have been able
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Are there any decent frontend out there for openssl similar to tinyca2 and xca?
lin
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
19 matches
Mail list logo
