renegotiation in 0.9.7

2003-01-27 Thread Nigel Spowage
i'm currently trying to implement ssl renegotiation for an application which uses openssl in a non-blocking mode. when my app want to renegotiate i call the following functions : - SSL_renegotiate(ssl); result = SSL_do_handshake(ssl); /* result is okay at this point */ /* my app

Re: renegotiation in 0.9.7

2003-01-27 Thread Bodo Moeller
On Mon, Jan 27, 2003 at 10:33:44AM -, Nigel Spowage wrote: i'm currently trying to implement ssl renegotiation for an application which uses openssl in a non-blocking mode. SSL_renegotiate(ssl); result = SSL_do_handshake(ssl); /* result is okay at this point */ /* my app waits for a

RE: renegotiation in 0.9.7

2003-01-27 Thread Nigel Spowage
am i missing something ? is there something extra i need to do ? Yes, call SSL_renegotiate() to initiate a second handshake once the first one has finished. Otherwise SSL_do_handshake() does not think that there is something to do for it. okay, so the proper way to renegotiate a

enabling engines

2003-01-27 Thread Aleix Conchillo Flaque
hi, i've just started testing an ncipher hardware module using openssl. the openssl application seems to find the shared library (libnfhwcrhk.so), with just specifying -engine chil. but my code, doesn't want to find the library. i get this error: error:25066067:DSO support

Queries on SubjAltName

2003-01-27 Thread Sunitha Kumar
Any pointers on how to generate certificates using SubjAltName extension. thanks, __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED]

Re: Queries on SubjAltName

2003-01-27 Thread Dr. Stephen Henson
On Mon, Jan 27, 2003, Sunitha Kumar wrote: Any pointers on how to generate certificates using SubjAltName extension. As with all extensions doc/openssl.txt Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/

Re: Queries on SubjAltName

2003-01-27 Thread Kiyoshi WATANABE
Dear Steve Any pointers on how to generate certificates using SubjAltName extension. As with all extensions doc/openssl.txt Many people including me are asking the similar questions. Do you think that it is a good idea to mention about this document in openssl.cnf file as a comment?

RE: Does the Web server have to run SSL in order to do certificat es?

2003-01-27 Thread Mark Liu
Thanks a lot, but what about my 2nd question, which I repeat here: Iknow there is a big problem with this sample code, because this code does not specify to which servlet the PKCS#10 request should be submitted. I want tospecify it, but I have no clue where and how to do this. Please continue to

Client authentication

2003-01-27 Thread Chandrasekhar R S
I am to authenticate a client using his certificate. In my server program, I use SSL_CTX_set_verity(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0) to mandate that client cert should be present. If present, I use SSL_get_peer_certificate(ssl) to retrieve the client cert. In my client