Hi,
I am using Non Blocking sockets, and would like to
know the behaviour wrt SSL_renegotiation.
Once I make a call to do_handshake, as the FD is non
blocking it will return immediately with a success,
but from the application's point of view how will it come
to know that the renegotiation in
Hello all,
I develeopped a server which seems to work quite fine. When I use
Valgrind to check for problems, it returns me thousands of problems wich
seems to be caused by the OpenSSL librairie!
follows some of the returns:
==23622== Syscall param write(buf) points to uninitialised byte(s)
Hi I did the same thing yesterday myself but because I wanted to implement a
timeout solution as well as quick shutdown of my COM object via object
notification. You might be able to hack my work ... this is what I came up
with... It takes a blocking socket, makes it un-blocking... negotiates
Alexis Lefort wrote:
Hello all,
I develeopped a server which seems to work quite fine. When I use
Valgrind to check for problems, it returns me thousands of problems wich
seems to be caused by the OpenSSL librairie!
follows some of the returns:
==23622== Syscall param write(buf) points to
Dr. Stephen Henson [EMAIL PROTECTED] a écrit :
On Wed, Jun 01, 2005, Julien VEHENT wrote:
Hi all,
I'm having an OCSP Responder on my CA and i want to use it in order
to generate
CRL's on others servers.
So the idea is:
+-+
| CA |ocsp request(1)===+---+(3)
|ocsp
I have just tried the option -DPURIFY and unfortunately it does not
help. I still have hundreds of Conditional jump... and Use of
uninitialised value
Any other suggestion would be greatly appreciated. :)
Alexis
Nils Larsch a écrit :
Alexis Lefort wrote:
Hello all,
I develeopped a
Thanks pj, the code was real helpful.
Just one minor clarification, once a call to SSL_renegotiate is made,
should I check the protocol status by calling SSL_accept (mine is server)
within the while loop you have? I have gone into an accept_pending
state and calling SSL_accept until it returns
Hello:
I wrote a BIGNUM into a file using the function:
int BN_print_fp(FILE *fp, const BIGNUM *a);
But, How I can read this bignum from this file?. I don´t know a openssl
function to read a bignum from a file.
Thanks.
FYI, 0.9.7g builds and executes fine on AIX, in 64-bit mode (aix64-cc).
Thanks to Peter Waltenberg for all his help.
Cheers,
Prab.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Many thanks Paul Franz and Andy Polyakov for their input also.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gill, Prabhprit
(Prabh)
Sent: 02 June 2005 16:02
To: openssl-users@openssl.org
Subject: RE: AIX-64-bit build
FYI, 0.9.7g builds and executes
No (with qualifications). If the server sends you the entire
certificate chain, then yes you can retrieve the root certificate
since it was sent to you.
If the server only sends you it's certificate, then all you have is
the server's pubic key digitally signed by the issuer. The issuer's
I have the exact same problem and can't fix it.
Can someone give a step by step procedure to fix the problem ?
Or maybe correct MSVC workspace exist somewhere ?
btw: Compiling works OK when using the make file. It only fails as explained
below when using MSVC workspace.
--
[EMAIL PROTECTED]
Hi, the page
http://www.openssl.org/docs/crypto/OPENSSL_config.html
claims that OPENSSL_CONFIG should be the environment variable to set
for an alternate config file, however it appears that the code wants
OPENSSL_CONF. Also, the OPENSSL_config.3 man page shows
OPENSSL_CONFIG.. Others manpages
On Thu, Jun 02, 2005, Kent Yoder wrote:
Hi, the page
http://www.openssl.org/docs/crypto/OPENSSL_config.html
claims that OPENSSL_CONFIG should be the environment variable to set
for an alternate config file, however it appears that the code wants
OPENSSL_CONF. Also, the OPENSSL_config.3
HI,
SSL_accept/SSL_connect is something that we use to establish an
initial SSL connection and we use SSL-renegotiate/SSL_do_handshake
based on timers
we install for SSL for re-negotiating KEYs such that hacking the SSL
connection is robust.
Having said that.. I assume you already have an SSL
HI,
Pls check man page of SSL_load_verify_locations(...) which can be used
in writing the server or client program.
-Lokesh.
On 6/1/05, Vaclav Stepan [EMAIL PROTECTED] wrote:
Hi,
I ran in trouble with the following thing. There is a Debian woody,
with OpenSSL 0.9.6c installed. I am trying
HI,
You may want to consider using SSL_CTX_set_mode(...)
with SSL_MODE_AUTO_RETRY flag such that you would'nt recieve
SSL_ERROR_WANT_XXX messages.
Normally those messages come when the other side requests for re-negotiation.
-Lokesh.
On 5/31/05, opt [EMAIL PROTECTED] wrote:
Hi everyone
I
Julien VEHENT wrote:
I don't want to use HTTP just because web server are to much attacked.
Moreover,
OCSP is very interesting for the student that i am :)
OK so if i use a boring script which request 100 serial in one
line, what is
the correct syntax to generate a CRL using the OpenSSL
Hello,
I am using the Win32OpenSSL-v0.9.7f.exe download running on Win Me.
I am writing a web-based accounting system for a client who is a chartered
accountant. He has been using my system for many years in-house. But city
traffic being more of a problem he wants his staff to be able to work
Hi,
What I think is as its the application's responsibility to retry
the same openssl operation whenever it receives a WANT_READ or
WANT_WRITE, why cant we simply overwrite the buffer that is passed
to say SSL_write with the next payload that needs to be sent when we hit
that error code, in this
Original Message
Subject: Re: SSL_renegotiation using non block sockets
From:[EMAIL PROTECTED]
Date:Thu, June 2, 2005 8:41 pm
--
HI Lokesh.,
Thanks for the
Ok, so deriving/extracting the root CA's certificate from an SSL
certificate is not possible.
So, another question:
Can openssl be given an SSL cert and a list of trusted root CAs' certs
and it just output the root CA's cert that goes with (signed) that SSL
cert? Or is it a matter of doing
22 matches
Mail list logo