Re: length of certificate verify message

2007-11-20 Thread Marek Marcola
Hello, Server decrypts this packet with client certificate, calculates its own hash, compares this two hashes and accepts client authentication or not. It is not way how DSA/ECDSA signatures work. If we are talking about RSA, we can talk about decrypting. But in El-Gamal style algorithms

Re: length of certificate verify message

2007-11-20 Thread Victor B. Wagner
On 2007.11.20 at 11:48:47 +0100, Marek Marcola wrote: Server decrypts this packet with client certificate, calculates its own hash, compares this two hashes and accepts client authentication or not. It is not way how DSA/ECDSA signatures work. If we are talking about RSA, we can talk about

Re: length of certificate verify message

2007-11-20 Thread Marek Marcola
Hello, I notice that the length for a certificate verify message produced by s_client is always 0x80 bytes (indicated in the messgeLength field). However, according to RFC 4346, the CertificateVerify message should be either 36 or 20 bytes, depending on the signature algorithm. Can anyone

Re: SSL handshake pb

2007-11-20 Thread Marek Marcola
Hello, I try to connect a client to an SSL server in SSL 3.0 mode. I do not achieve to have the SSL connexion. When I look at the IP streams, I can see the Hello client message and the handshake phase during which I see the certificate sent by the server to the client ( during this phase, I

Apache 2.0.61 and OpenSSL 9.8g

2007-11-20 Thread David Cooper
Hello, I was asked to update some RHEL 4 boxes, for security patches. They are running RHEL 4.4 and I thought, Oh, very easy, I went to run up2date to grab what I needed just to find out there's not a current license for RHEL. So I decided to build from source. First of all my experience

Is 0.9.7m the final release for 0.9.7 train?

2007-11-20 Thread Bob Bell (rtbell)
Folks - Is the 0.9.7m release the final release of the .7 train? I am trying to determine when to change to a later train. Bob Bob Bell IPCBU Chief Security Architect Cisco Systems, Inc. 576 S. Brentwood Ln. Bountiful, UT 84010 801-294-3034 (v) 801-294-3023 (f) 801-971-4200 (c) [EMAIL

RE: Reposting: EVP_DecryptFinal_ex:bad decrypt

2007-11-20 Thread Pankaj Mathur
Thanks for the response Dr. Henson. I had found this code at http://books.google.com/books?id=dbocXYHcUAUCpg=PA232lpg=PA232dq=evp_decryptfinal_exsource=webots=y0dMb3Salhsig=lLAYthDUIzbaAxMi0bBxJzyOGUg#PPA232,M1 , Page 232. I just changed the variables. But it seems this book's code does not

Re: Apache 2.0.61 and OpenSSL 9.8g

2007-11-20 Thread Lasantha Marian
David, The bug you encountered more looks like the one that I too have experienced with Apache 2.2.6 (not 2.0.61) + OpenSSL 0.9.8g for which a resolution was available at http://issues.apache.org/bugzilla/show_bug.cgi?id=43334. By the way, this is more an Apache bug. Even after applying the