RE: SSL_connect and SSL_accept

2007-03-29 Thread David Schwartz
I am unable to think of a scenerio why ur case is possible unless some serious network congestion has developed and pkts were lost..i dont see how..but the experts might able to give u a better idea. You get a SYN, send a SYN ACK, other side sends an ACK, then the other side's Internet

RE: Key files in dat formats

2007-03-29 Thread David Schwartz
I have a SSL server application in which the certificate file is rsa.der and key file rsakey.dat. There is no standard key file format that uses a '.dat' extension that I know of. What is the *.dat format? How does it differ from pem and der formats? How do we generate one with OpenSSL? I

Re: Regarding ssl3_mac

2007-03-29 Thread jimmy
Gayathri Sundar wrote: Can someone give me inputs on the function ssl3_mac, especially where it is called s-method-ssl3_enc-mac(s,(p[wr-length]),1); I need to know what p[wr-length] is pointing to and why we do a digest update of 2 bytes from that. The code is taken from s3_pkt.c function

RE: SSL_connect and SSL_accept

2007-03-29 Thread Gayathri Sundar
Yes, I agree with you, but then why would the CLIENT get an ERROR? 2) The client calls SSL_connect(). The underlying socket is in blocking mode 3) SSL_connect() returns error. 4) The server does not notice this, and continues to wait in SSL_accept(). if SSL_connect indeed has returned with

Re: Regarding ssl3_mac

2007-03-29 Thread Gayathri Sundar
Thanks jimmy..I realised that much, the update is happening from ssl3_mac defined in s3_enc.c, some s2n of the length is called, followed by a digestupdate(md, 2)..in case of READ, md is an empty array..why do we copy the ssl record length into a temp var p and then do a s2n followed by an digest

Really confusing with SSL_write

2007-03-29 Thread Tommy W
Hi, I've been trying to figure out (plus testing) how to actually use SSL_write. I write alot of data and have an internal Send Queue in which I keep packets. I try to follow this reasoning: 1) try to write the entire chunk with SSL_write if it returns the same value as 'len' then it

Re: SSL_connect and SSL_accept

2007-03-29 Thread Gayathri Sundar
Urjit., 1st of all theoritically your are 100% correct, after all SSL runs in the SESSION layer, but it depends on the underlying transport connection, and if that has problems, SSL has problems. Now Am not sure why you expect the TCP connection to be A-OK and still get an SSL_connect failure. If

Re: SSL_connect and SSL_accept

2007-03-29 Thread jimmy
Urjit Gokhale wrote: I believe you are confusing tcp/ip connection establishment and SSL session establishment. ... and you should also remember that a reliable transport is a prerequisite for tls. The problem may occur when: 1) Server is waiting for first SSL handshake packet in

Re: SSL_connect and SSL_accept

2007-03-29 Thread Urjit Gokhale
Hmm... I am surprised to see how I have managed to confuse you. I thought my previous post was pretty clear. Anyway, I will try to explain again. The client and server have and existing tcp connection, which is healthy. There is no problem with the tcp connection throughout the scenario. The

Certificate verification

2007-03-29 Thread Marc St-Jacques
Hello. I am currently reading John Viega et al. (The Oreilly book) on the chapter that focuses of the on the creation of certificates. Basically, in the server2 / client2 example, the client won't accept the server's certificate. I hope that this will not be too Oreilly specific, but if you

Re: Cannot convert 'des_ks_struct ( *)[16]' to 'des_ks_struct *' ??

2007-03-29 Thread Marek Marcola
Hello, thanks for helping. i tried compiling the source code u gave me but it returns the same error, which is: [C++ Error] testDes.cpp(23): E2034 Cannot convert 'des_ks_struct ( *)[16]' to 'des_ks_struct *' [C++ Error] testDes.cpp(23): E2342 Type mismatch in parameter 'schedule' (wanted

error in SSLv3 flush data

2007-03-29 Thread Antonis Christofides
Hi, I have trouble getting openldap clients to connect to an openldap server; when the connection is opened, the server says error in SSLv3 flush data and the client hangs. This happens only for connections through the network (local connections work without problem), and whether it occurs or not

Installing new certificate replacing expired cert.

2007-03-29 Thread Bart Heller
First off I'm a complet noob here. I don't do open source and I'm not a programmer. I have been handed a job that goes something like this. A webserver has a certificate that has expired. Openssl was used to create the cert, and is used as a proxy of some sort to handle redirects. I have

SSL_get_verify_result

2007-03-29 Thread Maria de las Mercedes Iervasi
I need some help with SSL_get_verify_result errors. I use WindowsXP, Visual C++, OpenSll 0.9.8d this is my example program: #include stdio.h #include string.h int main(int argc, char *argv[])

API functions for DTLS?

2007-03-29 Thread Erik Leunissen
From http://www.openssl.org/news/news.html, I learned that support for DTLS was introduced in OpenSSL 0.9.8. I've been looking for the API functions that relate to DTLS, but could not find any in the documentation at http://www.openssl.org/docs/ssl/ssl.html - Did the added support for DTLS

Re: SSL_connect and SSL_accept

2007-03-29 Thread Gayathri Sundar
I am quite clear with your problem and am not confused. The only point I have been stressing from beginning is that SSL_connect due to WHATEVER error it returns a failure to the calling application, the peer WILL know for the simple fact that a socket send cannot fail unless the FD itself is not