Hi,
I am developing a server application that have to process SNI coming from
the connecting clients. I found here:
http://weblogs.mozillazine.org/gerv/archives/2007/08/virtual_hosting_ssl_and_sni.html
that there is a backport available for 0.9.8 version that should be
configured with
Victor Duchovni wrote:
The success of SSL_CTX_use_certificate seems to point to it being
a certificate. Which is it? Did the OP misreport what worked? Which
was it:
Sorry, i misstyped the 2nd function. Once again:
* i have binary private key 610 bytes long
fp =
Yes, this is bug, in any case when key type is not recognized (not
RSA/DSA/EC)
error with information of unknown public key will be printed.
This should be corrected.
EVP_PKEY_RSA instead of SSL_FILETYPE_ASN1 should be used.
Thnaks, now it works correctly.
--
Sergey
I need to load ASN1/DER private key. To do this i use
FILE *fp;
char in_buf[1000];
fp = fopen(../keys/prkey.der, r);
len = fread(in_buf, sizeof(char), 1000, fp);
fclose(fp);
if (!len)
return 0;
if (!SSL_CTX_use_PrivateKey_ASN1(SSL_FILETYPE_ASN1, ctx, (unsigned
char*)in_buf, len))
I need to create X509 structure from a pointer to the memory area where it is
stored
I have found
X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
but certificate there should be in DER format.
Does anybody know a way to create if from PEM certificate? All i found is
PEM_read_X509
I need it for a set of functions that would convert PEM certificates to DER
and vise versa. I found openssl command line tool:
x509 –in input.crt –inform PEM –out output.crt –outform DER
and traced it's code:
It is done by creating X509 object from a file and then converting it to the
requred
Hi,
My server application now reads server and root certificates from
files, like that:
SSL_CTX_use_certificate_chain_file(ctx, ser_cert);
SSL_CTX_use_PrivateKey_file(ctx, ser_key, SSL_FILETYPE_PEM);
SSL_CTX_load_verify_locations(ctx, rootcert, NULL);
But for security reasons it been decided
Hi,
My server application now reads server and root certificates from
files, like that:
SSL_CTX_use_certificate_chain_file(ctx, ser_cert);
SSL_CTX_use_PrivateKey_file(ctx, ser_key, SSL_FILETYPE_PEM);
SSL_CTX_load_verify_locations(ctx, rootcert, NULL);
But for security reasons it been decided
I am developing client/server app and client should be mobile, thus
connection can be easily lost. The problem is that i can't find a way
to detect this lose of connection with openssl.
For example, i send a request to the server from client and
immediately remove the cable from client laptop.
