I am unable to think of a scenerio why ur case is possible unless some
serious network congestion has developed and pkts were lost..i dont see
how..but the experts might able to give u a better idea.
You get a SYN, send a SYN ACK, other side sends an ACK, then the other
side's Internet
I have a SSL server application in which the certificate file is rsa.der
and key file rsakey.dat.
There is no standard key file format that uses a '.dat' extension that I
know of.
What is the *.dat format? How does it differ from pem and der formats?
How do we generate one with OpenSSL?
I
Gayathri Sundar wrote:
Can someone give me inputs on the function ssl3_mac, especially where it
is called s-method-ssl3_enc-mac(s,(p[wr-length]),1);
I need to know what p[wr-length] is pointing to and why we do a digest
update of 2 bytes from that.
The code is taken from s3_pkt.c function
Yes, I agree with you, but then why would the CLIENT get an ERROR?
2) The client calls SSL_connect(). The underlying socket is in blocking
mode
3) SSL_connect() returns error.
4) The server does not notice this, and continues to wait in SSL_accept().
if SSL_connect indeed has returned with
Thanks jimmy..I realised that much, the update is happening from ssl3_mac
defined in s3_enc.c, some s2n of the length is called, followed by a
digestupdate(md, 2)..in case of READ, md is an empty array..why do we copy
the ssl record length into a temp var p and then do a s2n followed by an
digest
Hi,
I've been trying to figure out (plus testing) how to actually use SSL_write.
I write alot of data and have an internal Send Queue in which I keep
packets.
I try to follow this reasoning:
1) try to write the entire chunk with SSL_write
if it returns the same value as 'len' then it
Urjit.,
1st of all theoritically your are 100% correct, after all SSL runs in the
SESSION layer, but it depends on the underlying transport connection, and
if that has problems, SSL has problems. Now Am not sure why you expect the
TCP connection to be A-OK and still get an SSL_connect failure. If
Urjit Gokhale wrote:
I believe you are confusing tcp/ip connection establishment and SSL session
establishment.
... and you should also remember that a reliable transport is a
prerequisite for tls.
The problem may occur when:
1) Server is waiting for first SSL handshake packet in
Hmm...
I am surprised to see how I have managed to confuse you. I thought my
previous post was pretty clear.
Anyway, I will try to explain again.
The client and server have and existing tcp connection, which is healthy.
There is no problem with the tcp connection throughout the scenario.
The
Hello.
I am currently reading John Viega et al. (The Oreilly book) on the chapter
that focuses of the on the creation of certificates. Basically, in the
server2 / client2 example, the client won't accept the server's certificate.
I hope that this will not be too Oreilly specific, but if you
Hello,
thanks for helping. i tried compiling the source code u gave me but it
returns the same error, which is:
[C++ Error] testDes.cpp(23): E2034 Cannot convert 'des_ks_struct
( *)[16]' to 'des_ks_struct *'
[C++ Error] testDes.cpp(23): E2342 Type mismatch in parameter
'schedule' (wanted
Hi, I have trouble getting openldap clients to connect to an openldap
server; when the connection is opened, the server says error in SSLv3
flush data and the client hangs. This happens only for connections
through the network (local connections work without problem), and
whether it occurs or not
First off I'm a complet noob here. I don't do open source and I'm not a
programmer.
I have been handed a job that goes something like this.
A webserver has a certificate that has expired. Openssl was used to create the
cert, and is used as a proxy of some sort to handle redirects. I have
I need some help with SSL_get_verify_result errors.
I use WindowsXP, Visual C++, OpenSll 0.9.8d
this is my example program:
#include stdio.h
#include string.h
int main(int argc, char *argv[])
From http://www.openssl.org/news/news.html, I learned that support for
DTLS was introduced in OpenSSL 0.9.8.
I've been looking for the API functions that relate to DTLS, but could
not find any in the documentation at
http://www.openssl.org/docs/ssl/ssl.html
- Did the added support for DTLS
I am quite clear with your problem and am not confused. The only point I
have been stressing from beginning is that SSL_connect due to WHATEVER
error it returns a failure to the calling application, the peer WILL know
for the simple fact that a socket send cannot fail unless the FD itself
is not
16 matches
Mail list logo