Hi All
I have been using this API to dump in my statistics logs whether the
SSL session is reused or not in a windows openSSL based client.
Everything was good till i was using 9.7e. The session reuse works
fine and the logs were correctly showing session reused as 1 and
sniffer traces
Hi All
I have been using this API to dump in my statistics logs whether the
SSL session is reused or not in a windows openSSL based client.
Everything was good till i was using 9.7e. The session reuse works
fine and the logs were correctly showing session reused as 1 and
sniffer traces
Hi
there is install.w32 file that is used to build dlls on windows
platform. I am not aware of any workspace file for OpenSSL and also I
never needed one as well..
thanks and regards
Krishna
On 7/20/07, Abhishek Tripathi [EMAIL PROTECTED] wrote:
Hi Friends ,
Can any body tell
I am not sure but you can have some traces based on the return value
of the SSL calls. But if we think about the layered model, there can't
be any other way to know what u have written is actually encrypted or
not at layers below the SSL unless using some sniffers. At SSL layer,
you need to have
Alain
A certificate generated for CN*.example.com will work for
foo.example.com as well as foo.bar.example.com in IE. Please crosscheck this.
We have tested this longback with 9.7e
regards
Krishna
On 6/16/07, Alain Spineux [EMAIL PROTECTED] wrote:
Hello
I would like to create a individual
Hi all
I am working with a SSL client that connects to the various secure
webservers. Randomly it gives the SSL_ERROR_SSL when we try to get
reason of SSL_read failure using SSL_get_error. Further calls to get
more error from the stack using ERR_get_error_line_data indicates
error:14094419:SSL
Hi all
We are having a dynamic certificate+key generation utility which
generates cert+key as and when it gets requests from our component.
Now we have ported our component to 64-bit but don't want to port this
utility to 64-bit as we are not sure of stabiltiy of 64-bit openssl
dlls.
What I was
Hi all
I have a SSL server that uses Openssl 9.7e. It works fine initially
but few hundred connections, lots of SSL hanshake
failure occurs. The failure reason given is SSL_ERROR_SYSCALL. After
that I try to retrieve the more error details from the stack using
ERR_error_string_n or
Hi
I have a SSL server that uses Openssl 9.7e. It works fine initially
but after a bit load (like 200+ connection), lots of SSL hanshake
failure occurs. The failure reason given is SSL_ERROR_SSL and the
string received is
error:140730FF:lib(20):func(115):reason(255):.\ssl\s23_srvr.c:227
On
Thanks Marek for quick response that cleared all my doubts.
On 6/1/07, Marek Marcola [EMAIL PROTECTED] wrote:
Hello,
I have a SSL server that uses Openssl 9.7e. It works fine initially
but after a bit load (like 200+ connection), lots of SSL hanshake
failure occurs. The failure reason given
Hi
I am not sure about the kind of cert u are having problem with. Is
this some standard cert of some site (than pass on the URL) or if some
internal site, than please check that complete chain is present in the
IE CA list. Also, the CA cert should be installed in the Trusted root
certs lists in
Hi Sendil
I am not sure but I haven't seen any such limit of 5K in my usage of
the OpenSSL.. OpenSSL record size is around 16K i remember. Can
problem be with ur server of client code (not OpenSSL) where some
buffer size is hardcoded to 5K and than return values are nto
approapriately handled.
David
can't understand
Incorrect. The 'SSL_write' function is the function to send
unencrypted data over the SSL link. It has nothing to do with the
encrypted data the SSL engine wants to write to the socket.
When we do SSL_write the i/p is unencrypted data and this gets send
over the SSL
Hi
I haven't ever used BIO.. One more thing, after calling SSL_read we
need to call SSL_pending also to make nothing is buffered.. In case
SSL_pending returns non-zero than we can iteractively call the
SSL_read again until it returns SSL_WANT_read or Write..
Whatvever it returns, based on that
] On Behalf Of Krishna M Singh
Sent: Wednesday, August 16, 2006 4:29 AM
To: openssl-users@openssl.org
Subject: Re: How to change Common Name field in a self-signed
certificate at run time
U can have a set of APIs to generate the cert with some configurable
common name on the fly... Not sure whether u
Hi
I don't remember the internals of the SSL_CTX and SSL structures but t
we need to create SSL object once all the initialization of SSL_CTX is
completed...
m_ssl=SSL_new(m_ctx);
should come after all the calls to add cipher etc. that sets something
in the context are done else the m_ssl
Not sure whether it failed with bio.. But for non-blocking sockets u
must use the select call else it would be too complex to handle the
sockets.. Have u tried that..?
On 8/18/06, Frank Büttner [EMAIL PROTECTED] wrote:
Krishna M Singh schrieb:
Hi
I haven't ever used BIO.. One more thing
must knowing its purpose. If read call SSL_read
and depeodng on return goto sleep and set some flag to store last
error and perform SSL_read or SSL_write depending on that flag..
HTH
-Krishna
On 8/18/06, Frank Büttner [EMAIL PROTECTED] wrote:
Krishna M Singh schrieb:
Not sure whether it failed
U can have a set of APIs to generate the cert with some configurable
common name on the fly... Not sure whether u want to always use a
particular self-sign cert and modifiy CN of that particular cert or u
want to generate a self-signed cert with a configurable common name...
hth
-Krishna
On
)..
So we are calling SSL_Connect 2-3 times in Non blocking mode...
HTH
Krishna
On 8/13/06, Frank Büttner [EMAIL PROTECTED] wrote:
Krishna M Singh schrieb:
Hi
You need to call SSL_Connect (if client) or SSL_accept( if server) and
not the SSL_read.. SSL_Connection or ssl_accept internally performs
Hi
You need to call SSL_Connect (if client) or SSL_accept( if server) and
not the SSL_read.. SSL_Connection or ssl_accept internally performs
that..
If u do SSL_read before SSL handshake completion, the SSL connection
can't be established..
HTH
-Krishna
On 8/13/06, Frank Büttner [EMAIL
Hi
This is not an issue. U are using a non-blocking socket and thus u
need to have a select call and put this socket on readable list and
call SSL_read whenever this sockets becomes readable..
Other way round, make ur socket fd non-blocking (ioctl call) and than
it will return after the
Hi VKG
The problem statement confuses me but we had a problem to infinite
host on a single secure server between our client and server and we
chose N Contexts that are loaded with SSL certificate of the server
requested (we know that from our helper program) generated on runtime
and clients
Hi
The OpenSSL 9.8a has install.w64 file that gives details about how to
compile the same for 64 bit.. We are done with compilation and running
performance tests over the same.. In case anyone else has done this
exercise, please share the results and any issues with 64bit OpenSSL
(if any)..
Hi
I feel lots of people like us do use the OpenSSL CAs. One problem you
would face is to install the CA Cert in each and every client browser
else that would give pop-ups.. Apart from that, I feel this is as much
secure as any commercial CA..
-Krishna
On 7/18/06, Urjit Gokhale [EMAIL
Thanks David.. I have looked at the Linux site but teamgm.com server
appears to be a Lotus Domino and our OpenSSL client is running on
vxWorks.. Also check the MSS option being negotiated during the SSL
handshake,.. SYN has 1460 MSS and SYN/ACK also has the 1460 and thus
this doens't appear to be
Hi ,
We are having an application that has the functionality of the open
ssl client. We are facing a problem while accessing the following link
www.teamgm.com/icons/login.jpg. The problem is that when we do a
SSL_read for the GET response from the web server, we are able to read
only the first
Hi
We are using the multiple contexts (although not same as thread count
i.e. 10 Contexts for 3 threads).. Select call may be failing as the
default FD_SET_SIZE is 255 on most systems and thus in case u want to
handle 1000 sockets u need to increase the limit.. There is #def in
some Windows
Hi
We are having a unique requirements to add some User defined field in
the SSL certificat. We are splitting the SSL connections and thus want
to embed some Information using User defined field in the SSL
certificate..
i.e.
CustFingerPrint= FingerPrint
CustFingerPrint_default=10 11 11 00 13 01
Hi
This is quite interesting scenario I yesterday heard from a customer.
Some banks in Europe send the fingerprint of their certificate (i
guess this is MD5 or SHA digest hash of the certificate) over the
snail mail to their customer and customers are requested to match the
bank's secure server
Hi All
I am getting a crash at the following location in the OpenSSL at
SSL_CTX_Free - SSL_cert_free
This problem doesn't occurs on the first instance and code is running
over a vxWorks box for hours and than it crashes. Any idea whether any
problem related to this fixed in version after 0.9.7e
Hi All
the best thing to track openSSL memory leak (as per my little
understanding) is to have a debug file with Boundschecker and than
provide some traffic and shutdown ur app. In case of leak its caught
by the boundschecker.
Now use some memory allocator (like Buddy Alloc etc...) and than have
or is it
handled by the application itself?.
Any pointers will be of great help. thanks a lot for going thru my long mail.
thanks and regards
-Krishna
On 1/10/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Tue, Jan 10, 2006, Krishna M Singh wrote:
Also when we use SSLv2 only this works
in configure file is replace DL_ENDIAN by DB_ENDIAN,
-EL by -EB, include
these -mips2, -DCPU=MIPS32, -DMIPSLE
regards
vijay
Krishna M Singh [EMAIL PROTECTED] wrote:
Hi All
I am trying to compile OpenSSL over mips for big-endian. It compiles and
links well for ppc
vxworks box
Hi All
I am trying to compile OpenSSL over mips for big-endian. It compiles and links
well for ppc
vxworks box but for mips Bigendian it compiles well. But when we try to link
the mips OpenSSL
library with our SSL client, it shows following error
Hi All
I was trying to reduce the size of the openSsl library due to memory
constraints on our platform.
I tried to remove three patented ciphers idea, rc5 and mdc2. Any ideas what
more can be done to
reduce the final size of the library?.
thanks and regards
-Krish
Hi all
I'm working on implementing HTTPS support for a server that is expected to run
24x7.
I have a question related to the memory leaks. Do these automatically allocated
data structures
that are freed with ERR_remove_state() grow?
My system has threads that tend to live a very long time.
37 matches
Mail list logo