Is it possible to set the default engine in OpenSSL? I have Padlock
acceleration, but I can't get OpenSSL to use it without adding -evp
-engine padlock, and I can't get OpenSSH to use it at all
(using ./configure --enable-ssl-engine). Or is there something else I
should be looking at?
Thanks
I compiled and installed openssl v0.9.8d under Ubuntu, and whenever I
run anything which links with ssl, I get a version warning message. For
instance, with scp:
scp: /usr/lib/i686/cmov/libcrypto.so.0.9.8: no version information
available (required by scp)
Is this warning meaningful, and if
Try c_rehash in the certificate folder.
bye
2006/10/25, Alexis Lefort [EMAIL PROTECTED]:
Hi all,
I did a software that verifies the certificate of the server it connects
to, but when I specify the CA file with SSL_CTX_set_client_CA_list () the
certificate is accepted, and when I only
Thanks for your reply :)
This is what I already do, and there is only one certificate in the file.
regards
Vincenzo Sciarra a écrit :
Try c_rehash in the certificate folder.
bye
2006/10/25, Alexis Lefort [EMAIL PROTECTED]:
Hi all,
I did a software that verifies the certificate of the
There is no man page on SSL_CTX_set_verify_locations, do you mean
SSL_CTX_load_verify_locations?
what I do is :
SSL_CTX_set_client_CA_list (sslctx, SSL_load_client_CA_file (caList));
SSL_CTX_load_verify_locations (sslctx, caList, caPath);
Vincenzo Sciarra a crit:
The software must verify
On 2006.10.26 at 00:46:15 -0700, Mike Hamburg wrote:
Is it possible to set the default engine in OpenSSL? I have Padlock
acceleration, but I can't get OpenSSL to use it without adding -evp
-engine padlock, and I can't get OpenSSH to use it at all
(using ./configure --enable-ssl-engine). Or
Yes I'm sorry.
try this :
// SSL_CTX_set_client_CA_list (sslctx, SSL_load_client_CA_file (caList));
SSL_CTX_load_verify_locations (sslctx, /path/of/CA/cert/file, NULL);
2006/10/26, Alexis Lefort [EMAIL PROTECTED]:
There is no man page on SSL_CTX_set_verify_locations, do you mean
Yes, if I load the file it works, but I want it to work even if the file
is only in the directory.
I have just seen something else: I did by myself a software that does
the equivalent of c_rehash, but my software accept to rename the file
whereas c_rehash refuses to do so!
Why c_rehash can
hu ho, the way I rename the file was bad, I omitted the firsts
characters if they were 0.
I feel just a little bit stupid sorry and thanks for your help :)
Alexis Lefort a écrit :
Yes, if I load the file it works, but I want it to work even if the
file is only in the directory.
I have just
Rick Jones [EMAIL PROTECTED] writes:
IIRC, many PA2.0 HP 9000s will id themselves as only a 9000/800 - there
were enough different models of 800 over the years that just about all
the digits were taken,. Might be best to triple-check with the likes of
the model command and perhaps some
c_rehash only prepare a directory to be standard for cert verification.
2006/10/26, Alexis Lefort [EMAIL PROTECTED]:
Yes, if I load the file it works, but I want it to work even if the file
is only in the directory.
I have just seen something else: I did by myself a software that does
the
Hello all again ;)
c_rehash does symbolic links to files containing certificates, but it
does only one link per file. If there are more than one certificate in a
file it will lead to problems for openssl because only one certificate
is alowed in renamed files.
It was just a little note to
Hi,
The pkcs12 man page reads :
-keypbe [...] If a a cipher name (as output by the
list-cipher-algorithms command is specified then it is used with PKCS#5
v2.0 [...]
The 'list-cipher-algorithms' command is only available in the 0.9.9-dev
trunk version of openssl.
Does it mean also that
Using OpenLDAP and OpenSSL .98, I get:
ldap_create
ldap_url_parse_ext(ldaps://discovery.adtest.process.com)
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP discovery.adtest.process.com:636
On Thu, Oct 26, 2006, Jean-Marc Desperrier wrote:
Hi,
The pkcs12 man page reads :
-keypbe [...] If a a cipher name (as output by the
list-cipher-algorithms command is specified then it is used with PKCS#5
v2.0 [...]
The 'list-cipher-algorithms' command is only available in the
I have been using wireshark(0.99.3) to analyse ssl data flows to try to
track down an issue where our SSL server(0.9.7d based) somehow gets
corrupted and degrades over a period of time to the point where all ssl
handshakes result in fatal alerts of bad record mac. When analysing a
capture
Hello,
I have been using wireshark(0.99.3) to analyse ssl data flows to try to
track down an issue where our SSL server(0.9.7d based) somehow gets
corrupted and degrades over a period of time to the point where all ssl
handshakes result in fatal alerts of bad record mac. When analysing a
17 matches
Mail list logo