SSL_renegotiation using non block sockets

2005-06-02 Thread gsundar
Hi, I am using Non Blocking sockets, and would like to know the behaviour wrt SSL_renegotiation. Once I make a call to do_handshake, as the FD is non blocking it will return immediately with a success, but from the application's point of view how will it come to know that the renegotiation in

valgrind errors

2005-06-02 Thread Alexis Lefort
Hello all, I develeopped a server which seems to work quite fine. When I use Valgrind to check for problems, it returns me thousands of problems wich seems to be caused by the OpenSSL librairie! follows some of the returns: ==23622== Syscall param write(buf) points to uninitialised byte(s)

RE: SSL_renegotiation using non block sockets

2005-06-02 Thread Pj
Hi I did the same thing yesterday myself but because I wanted to implement a timeout solution as well as quick shutdown of my COM object via object notification. You might be able to hack my work ... this is what I came up with... It takes a blocking socket, makes it un-blocking... negotiates

Re: valgrind errors

2005-06-02 Thread Nils Larsch
Alexis Lefort wrote: Hello all, I develeopped a server which seems to work quite fine. When I use Valgrind to check for problems, it returns me thousands of problems wich seems to be caused by the OpenSSL librairie! follows some of the returns: ==23622== Syscall param write(buf) points to

Re: Generate a CRL from an OCSP request

2005-06-02 Thread Julien VEHENT
Dr. Stephen Henson [EMAIL PROTECTED] a écrit : On Wed, Jun 01, 2005, Julien VEHENT wrote: Hi all, I'm having an OCSP Responder on my CA and i want to use it in order to generate CRL's on others servers. So the idea is: +-+ | CA |ocsp request(1)===+---+(3) |ocsp

Re: valgrind errors

2005-06-02 Thread Alexis Lefort
I have just tried the option -DPURIFY and unfortunately it does not help. I still have hundreds of Conditional jump... and Use of uninitialised value Any other suggestion would be greatly appreciated. :) Alexis Nils Larsch a écrit : Alexis Lefort wrote: Hello all, I develeopped a

RE: SSL_renegotiation using non block sockets

2005-06-02 Thread gsundar
Thanks pj, the code was real helpful. Just one minor clarification, once a call to SSL_renegotiate is made, should I check the protocol status by calling SSL_accept (mine is server) within the while loop you have? I have gone into an accept_pending state and calling SSL_accept until it returns

Read a Bignum from file

2005-06-02 Thread Angel Martinez Gonzalez
Hello: I wrote a BIGNUM into a file using the function: int BN_print_fp(FILE *fp, const BIGNUM *a); But, How I can read this bignum from this file?. I don´t know a openssl function to read a bignum from a file. Thanks.

RE: AIX-64-bit build

2005-06-02 Thread Gill, Prabhprit (Prabh)
FYI, 0.9.7g builds and executes fine on AIX, in 64-bit mode (aix64-cc). Thanks to Peter Waltenberg for all his help. Cheers, Prab. __ OpenSSL Project http://www.openssl.org User Support Mailing

FW: AIX-64-bit build

2005-06-02 Thread Gill, Prabhprit (Prabh)
Many thanks Paul Franz and Andy Polyakov for their input also. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gill, Prabhprit (Prabh) Sent: 02 June 2005 16:02 To: openssl-users@openssl.org Subject: RE: AIX-64-bit build FYI, 0.9.7g builds and executes

Re: Derving the root CA's cert from a given SSL cert

2005-06-02 Thread Joseph Oreste Bruni
No (with qualifications). If the server sends you the entire certificate chain, then yes you can retrieve the root certificate since it was sent to you. If the server only sends you it's certificate, then all you have is the server's pubic key digitally signed by the issuer. The issuer's

Re: Problem in compiling openssl 0.9.7g on Windows with MSVC workspace

2005-06-02 Thread Francois PIETTE
I have the exact same problem and can't fix it. Can someone give a step by step procedure to fix the problem ? Or maybe correct MSVC workspace exist somewhere ? btw: Compiling works OK when using the make file. It only fails as explained below when using MSVC workspace. -- [EMAIL PROTECTED]

openssl config file location

2005-06-02 Thread Kent Yoder
Hi, the page http://www.openssl.org/docs/crypto/OPENSSL_config.html claims that OPENSSL_CONFIG should be the environment variable to set for an alternate config file, however it appears that the code wants OPENSSL_CONF. Also, the OPENSSL_config.3 man page shows OPENSSL_CONFIG.. Others manpages

Re: openssl config file location

2005-06-02 Thread Dr. Stephen Henson
On Thu, Jun 02, 2005, Kent Yoder wrote: Hi, the page http://www.openssl.org/docs/crypto/OPENSSL_config.html claims that OPENSSL_CONFIG should be the environment variable to set for an alternate config file, however it appears that the code wants OPENSSL_CONF. Also, the OPENSSL_config.3

Re: SSL_renegotiation using non block sockets

2005-06-02 Thread Lokesh Kumar
HI, SSL_accept/SSL_connect is something that we use to establish an initial SSL connection and we use SSL-renegotiate/SSL_do_handshake based on timers we install for SSL for re-negotiating KEYs such that hacking the SSL connection is robust. Having said that.. I assume you already have an SSL

Re: Default CApath in Debian (OpenSSL 0.9.6c-2)

2005-06-02 Thread Lokesh Kumar
HI, Pls check man page of SSL_load_verify_locations(...) which can be used in writing the server or client program. -Lokesh. On 6/1/05, Vaclav Stepan [EMAIL PROTECTED] wrote: Hi, I ran in trouble with the following thing. There is a Debian woody, with OpenSSL 0.9.6c installed. I am trying

Re: timeout vs. SSL_ERROR_WANT_XXXX

2005-06-02 Thread Lokesh Kumar
HI, You may want to consider using SSL_CTX_set_mode(...) with SSL_MODE_AUTO_RETRY flag such that you would'nt recieve SSL_ERROR_WANT_XXX messages. Normally those messages come when the other side requests for re-negotiation. -Lokesh. On 5/31/05, opt [EMAIL PROTECTED] wrote: Hi everyone I

Re: Generate a CRL from an OCSP request

2005-06-02 Thread Jason Haar
Julien VEHENT wrote: I don't want to use HTTP just because web server are to much attacked. Moreover, OCSP is very interesting for the student that i am :) OK so if i use a boring script which request 100 serial in one line, what is the correct syntax to generate a CRL using the OpenSSL

Self CA Setup

2005-06-02 Thread Paul Nash
Hello, I am using the Win32OpenSSL-v0.9.7f.exe download running on Win Me. I am writing a web-based accounting system for a client who is a chartered accountant. He has been using my system for many years in-house. But city traffic being more of a problem he wants his staff to be able to work

Re: timeout vs. SSL_ERROR_WANT_XXXX

2005-06-02 Thread Gayathri Sundar
Hi, What I think is as its the application's responsibility to retry the same openssl operation whenever it receives a WANT_READ or WANT_WRITE, why cant we simply overwrite the buffer that is passed to say SSL_write with the next payload that needs to be sent when we hit that error code, in this

[Fwd: Re: SSL_renegotiation using non block sockets]

2005-06-02 Thread Gayathri Sundar
Original Message Subject: Re: SSL_renegotiation using non block sockets From:[EMAIL PROTECTED] Date:Thu, June 2, 2005 8:41 pm -- HI Lokesh., Thanks for the

Determining the root CA cert from an SSL cert

2005-06-02 Thread Davy Durham
Ok, so deriving/extracting the root CA's certificate from an SSL certificate is not possible. So, another question: Can openssl be given an SSL cert and a list of trusted root CAs' certs and it just output the root CA's cert that goes with (signed) that SSL cert? Or is it a matter of doing