In order to validate a client cert at all, with or without CRL(s),
yes the server must request the client cert
and s_server does that only if you specify -verify or -Verify.
The client must also agree to provide the cert, which it might not;
if it does not and you use -verify the handshake
Hello OpenSSL gurus,
I found in my sendmail-8.14.7/Fedora-18-i386 queue undelivered mails,
log say 'TLS handshake failed', and when I captured traffic between
mine and destination mailserver, I got result as in attached text export
from wireshark.
And when I tried:
openssl s_client -starttls
Hello all,
I found a memory leak when using ssl_connect function. Bellow the valgrind
trace:
==12028== 37,600 (1,040 direct, 36,560 indirect) bytes in 10 blocks are
definitely lost in loss record 12 of 27
==12028==at 0x40053C0: malloc (vg_replace_malloc.c:149)
==12028==by
I would like to ask your advice on a matter...
I am writing an application that has wrapped HTTPS in another protocol.
I have extracted the SSL packet out of the enclosing packet (which has already
pulled the packet out of the socket).
Is there a good way to pass the packets to/from openssl
Ø Is there a good way to pass the packets to/from openssl instead of using a
FD for handshakes/etc?
BIO is the openssl IO abstraction; see SSL_set_bio, for example.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Well, I found out where it's defined. It's a MACRO definition (
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname ). I'm still investigating the leak
Regards
From: hicham55...@hotmail.com
To: openssl-users@openssl.org
Subject: Memory leak in ssl3_get_server_certificate
Date: Thu, 3 Apr 2014
This works fine:
http://opensslfoundation.org/
This raises a certificate warning (Firefox):
https://opensslfoundation.org/
opensslfoundation.org uses an invalid security certificate. The
certificate is not trusted because no issuer chain was provided. The
certificate is only valid for the
On 04/03/2014 11:19 AM, Thomas J. Hruska wrote:
This works fine:
http://opensslfoundation.org/
This raises a certificate warning (Firefox):
https://opensslfoundation.org/
opensslfoundation.org uses an invalid security certificate. The
certificate is not trusted because no issuer
We have built the following:
httpd-2.4.6
openssl-1.0.1.e
openssl-fips-2.05
for both Windows and Solaris so we can leverage SHA256.
For both environments I have Apache configured with the following:
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
On Windows, this works. I can use a Browser to hit the
On Thu, Apr 03, 2014 at 01:18:13PM +0200, Frantisek Hanzlik wrote:
Hello OpenSSL gurus,
I found in my sendmail-8.14.7/Fedora-18-i386 queue undelivered mails,
log say 'TLS handshake failed', and when I captured traffic between
mine and destination mailserver, I got result as in attached text
Hi,
I am writing a DLL plugin which works with a third party plugin. The DLL
uses open ssl. I was able to successfully connect to a ssl server from a
console application (.exe). But when I added the same code to my dll, it is
not working. Discussions point that i should include applink.c in my
Viktor Dukhovni wrote:
On Thu, Apr 03, 2014 at 01:18:13PM +0200, Frantisek Hanzlik wrote:
Hello OpenSSL gurus,
I found in my sendmail-8.14.7/Fedora-18-i386 queue undelivered mails,
log say 'TLS handshake failed', and when I captured traffic between
mine and destination mailserver, I got
1. Modify the uplink logic to hardcode your DLL, and make sure your users'
programs never call this modified openssl, probably by using a nonstandard
filename(s), and then stand ready to provide updates every few months.
2. Rewrite the uplink logic to figure out which DLL is providing the
13 matches
Mail list logo