Hmm ok I get it.
So, to be able to get the fingerprint for the used certificates during a
TLS handshake is possible by using the SSL_set_verify callbacks in the
application or is the mentioned postfix useful for this purpose?
On Mon, Mar 15, 2021 at 12:23:54PM +0100, Robert Ionescu wrote:
> I already found the callbacks for the verification process and I am
> still trying to figure it out if it is possible to change them in a
> way that they will print some certificate information to determine
> which certificate was
I already found the callbacks for the verification process and I am still
trying to figure it out if it is possible to change them in a way that they
will print some certificate information to determine which certificate was
used?
On Fri, Mar 12, 2021 at 09:06:57AM +0100, Robert Ionescu wrote:
> With "wrong" certificate I meant "invalid certificate". So the idea
> was in a bigger environment with a lot of certificates, to make the
> invalid certificate debugging easier by getting more information from
> openssl to
On Thu, Mar 11, 2021 at 8:40 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users On Behalf Of
> Viktor
> > Dukhovni
> > Sent: Thursday, 11 March, 2021 10:39
> > To: openssl-users@openssl.org
> > Subject: Re: Client certificate a
> From: openssl-users On Behalf Of Viktor
> Dukhovni
> Sent: Thursday, 11 March, 2021 10:39
> To: openssl-users@openssl.org
> Subject: Re: Client certificate authentication
>
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am sear
If he's trying to muck with the library, he's probably struggling with a
precompiled binary he doesn't have the source code to.
-Kyle H
On Thu, Mar 11, 2021, 11:48 Viktor Dukhovni
wrote:
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am searching for the functions in
> On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
>
> I am searching for the functions in openssl used to verify the clients
> certificate when using mutual authentication.
The same code verifies peer certificate chains, whether client or server.
> My intention is to find a way to log a
Hi,
I am searching for the functions in openssl used to verify the clients
certificate when using mutual authentication.
My intention is to find a way to log a wrong user certificate directly
inside the openssl source.
Any help would be highly appreciated
I'm trying to set client certificate authentication.
It looks that I cant set even the simple demo...
With apache2.2 installed:
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart
Browse with firefox to (https)localhost - page retrieved after
security warning, ssl working
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
I am not 100% sure of the details, but I do recall a hang being a
symptom of using a
On Sat March 20 2010, Nuno Gonçalves wrote:
I'm trying to set client certificate authentication.
It looks that I cant set even the simple demo...
Look like your e-mail client isn't correct either, it
seems to be sending the same message every two hours.
Mike
With apache2.2 installed:
sudo
On Sat, Mar 20, 2010, Graham Leggett wrote:
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
I am not 100% sure of the details, but I
the http:// links. To see
if the list had that blocked due to spam.
I apologize for any inconvenience.
Regards,
Nuno
On Sat, Mar 20, 2010 at 18:13, Michael S. Zick open...@morethan.org wrote:
On Sat March 20 2010, Nuno Gonçalves wrote:
I'm trying to set client certificate authentication
Wasn't there a pb with a great number of CA names? There are 16K already?
The pb was in apache ad some of my three neurons seem to agree.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
/PS
__
OpenSSL Project
You are right.
Looks ubuntu packages didn't get that update up to now.
Thanks,
Nuno
2010/3/20 Peter Sylvester peter.sylves...@edelweb.fr:
Wasn't there a pb with a great number of CA names? There are 16K already?
The pb was in apache ad some of my three neurons seem to agree.
Hello list
I have been experimenting on client certificate authentication using openssl
s_server command
but i have a problem in this case:
i am running ssl server using the command:
openssl s_server -accept 443 -cert sslcert/cacert.pem -key
sslcert/private/cakey.pem -Verify 1 -CAfile ca
[EMAIL PROTECTED] wrote:
Is there a (reasonable) way to authenticate a client (browser)
certificate from a CGI without having to modify the web server
configuration.
What we are up against is that we produce a package that is supported
on a variety of platforms and web servers. We have been
Is there a (reasonable) way to authenticate a client (browser)
certificate from a CGI without having to modify the web server
configuration.
What we are up against is that we produce a package that is supported
on a variety of platforms and web servers. We have been informed the
to meet
Reposting this since it got lost in the churn.
I have a Perl script using that is failing mysteriously to connect with
an HTTPS site requiring client certificates for authentication. Here's
the command that allows me to connect to the site in question:
openssl s_client -connect hostname:443
I have a Perl script using that is failing mysteriously to connect with
an HTTPS site requiring client certificates for authentication. Here's
the command that allows me to connect to the site in question:
openssl s_client -connect hostname:443 -cert test.crt
-key test.key -CAfile
2.0.39 + ssl + ldap with client certificate
authentication
Hi Jose,
would you please outline how exactly one could use this patch?
What kind of LDAP lookup works best with X509_NAME_oneline()-style
names?
Should the LDAP tree be somewhat special?
thank you and sorry for off-topic,
Vadim
On Wed, Oct
with client certificate
authentication
Dear group,
Has anybody tried doing ldap client certificate authentication for an
apache
2.0.39 ssl server ?
Our environment is :
RedHat linux 7.1 kernel 2.4.x
apache 2.0.39 (inc. mod_ssl)
openssl-engine-0.9.6g
openldap (on a different redhat linux
On Wed, 2 Oct 2002, Sarath Chandra M wrote:
Dear Jose,
I had looked at the site u mentioned. But my problem is in applying the
patch (http://authzldap.othello.ch/modssl-patch.html) to mod_ssl
as said in the installation page of the same site.
If you could tell me how to apply this patch,
Title: Message
Dear group,Has anybody tried doing ldap client certificate
authentication for an apache2.0.39 ssl server ?Our environment is
:RedHat linux 7.1 kernel 2.4.xapache 2.0.39 (inc.
mod_ssl)openssl-engine-0.9.6gopenldap (on a different redhat linux
server)The apache website has
I get the following error on the client:
24611:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:s3_pkt.c:985:SSL alert number 51
24611:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
and on the server:
24610:error:0407006A:rsa
Benjamin Grosman [EMAIL PROTECTED]:
I am able to fetch the issue and subject details of the client certificate
from inside the server, but how do I know that someone hasn't simply
generated their own certificate with the same details?
If you initialize the verification settings with about
27 matches
Mail list logo