reject client hello

2012-07-17 Thread Jijo
Hi All, I would like to reject if the client hello doesn't contain secure renegotiation info(RFC 5746). I could close the ssl connection after it established. As per the RFC 5746 section 4.3 server shall terminate the connection immediately upon failure to negotiate the use of secure renegotia

Re: Make issue with openssl-1.0.0f and openssl-1.0.0j

2012-07-17 Thread Zack Weinberg
On Tue, Jul 17, 2012 at 11:18 AM, Barone, Philip wrote: >> 2. Does the 11GB .a file contain multiple copies of each .o >> file, perhaps every version you ever compiled? (You can test >> this with the command $ ar -t libcrypto.a > > This does not appear to be the issue either > > Server1> ar -t lib

RE: Make issue with openssl-1.0.0f and openssl-1.0.0j

2012-07-17 Thread Barone, Philip
> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Jakob Bohm > Sent: Tuesday, July 17, 2012 1:03 PM > To: openssl-users@openssl.org > Subject: Re: Make issue with openssl-1.0.0f and openssl-1.0.0j > > On 7/17/2012 6:22 PM

Re: Make issue with openssl-1.0.0f and openssl-1.0.0j

2012-07-17 Thread Jakob Bohm
On 7/17/2012 6:22 PM, Barone, Philip wrote: Hi, I am having issues make’ing openssl-1.0.0j, f fails as well, on Solaris Patch level “5.10 Generic_147440-13 sparc”. It works fine at OS patch level “5.10 Generic_125100-10 sparc”. I am compiling this using “solaris64-sparcv9-cc” like I have alway

Make issue with openssl-1.0.0f and openssl-1.0.0j

2012-07-17 Thread Barone, Philip
Hi, I am having issues make'ing openssl-1.0.0j, f fails as well, on Solaris Patch level "5.10 Generic_147440-13 sparc". It works fine at OS patch level "5.10 Generic_125100-10 sparc". I am compiling this using "solaris64-sparcv9-cc" like I have always done. It fails trying to create libcrypto

Re: OpenSSL beginner...

2012-07-17 Thread Dominik Oepen
On 17/07/12 05:28, Funshine wrote: > > Hi ! I want to learn OpenSSL and I'm having trouble getting any meaningful > result from their example program. No matter the argument I seem to pass I > get 'Unknown message digest' error. What exactly is > EVP_get_digestbyname(const char*) expecting to see

Q: openssl dgst: unable to load key file error?

2012-07-17 Thread Li, David
Hi, I am trying to sign a file using dgst but not sure why I got this "unable to load key file". Here is the original command: openssl dgst -sha384 -out xyz.sig -sign $PWD/keys/my_private.pem xyz.to-be-signed The private key file my_private.pem DOES exist in the directory. The openssl versi

OpenSSL beginner...

2012-07-17 Thread Funshine
Hi ! I want to learn OpenSSL and I'm having trouble getting any meaningful result from their example program. No matter the argument I seem to pass I get 'Unknown message digest' error. What exactly is EVP_get_digestbyname(const char*) expecting to see that wont fail the md test ? I'm using OpenS