>My guess here is that the client isn't actually
>sending a certificate because it doesn't have one. Are you
>running s_client from the apps directory and/or giving it
>a path to a certificate. Otherwise it will just ignore the
>cert request. SSL_VERIFY_PEER alone doesn't REQUIRE
>a certificate,
On Wed, Aug 08, 2001 at 09:56:05AM -0700, Eric Rescorla wrote:
> Blowfish is an encryption algorithm. SSL is a communications
> security protocol that can use a number of encryption algorithms
> (including Blowfish in an experimental mode).
Hmmm... Is it possible to use Blowfish with the SSL supp
On Fri, Aug 03, 2001 at 05:34:09PM +1000, Alex Cosic wrote:
>> I have problem in understanding the command RAND_load_file(RANDOM,
>> 64*1024);
>> where RANDOM is "randomfile.pem". I do not know how to design that
>> particular file. Second, is it necessary that this file is changed on
each
>> t
Dr S N Henson <[EMAIL PROTECTED]> writes:
> Michael Shanzer wrote:
> >
> > Is there a select equivlant or is my work around good
> > enough (if SSL_read returns -1 check the return value
> > of SSL_get_error, and if it returns 2, try again...).
> >
>
> If you mean retry SSL_read then that will
As far as I know, it does pad one more block on already complete boundaries.
So it is behaving as expected.
Muni
-Original Message-
From: Shobhit Kanaujia [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 08, 2001 2:20 PM
To: '[EMAIL PROTECTED]'
Subject: DES
Hello everyone,
I am u
--- Eric Rescorla <[EMAIL PROTECTED]> wrote:
> You should be able to use 'openssl -pkcs12' to
> extract the
> keys.
IIS does not export it's keys into a PKCS#12 file. At
least I have not found a way to export them into a
PKCS #12 file. Not sure what the file format is.
Mike
_
Yes, that is how DES should behave. The decrypting end is unable to know if
the actual (plain) text ends on a 64 bit boundary. So, if the encrypting
end does not pad if the plain text's length is divisible by 8, then the
decrypting end will strip off a certain number of bytes, depending on what
Hi,
My openssl client ran on the machine with low speed CPU. And when it
conncted to a Netscape server needing client authentication, it loaded it's
certificate,and sended CertificateVerify,but it is so slow that it spent
more than forty seconds.Yet the server sended it a TCP FIN package.
Shobhit Kanaujia wrote:
>
> Hello everyone,
>
> I am using the command
> openssl enc -des ...
> for encryption.
> I am wondering whether there is any flaw in openssl or in my thinking,
> because I gave it exactly 128 bits to encrypt and it gives me 128+64 bits as
> the result. I thought
Christian Weber wrote:
>
> Dear folks,
>
> on the manpage for smime you can find under "BUGS":
>
> >The code currently will only write out the signer's certificate
> >to a file: if the signer has a separate encryption certificate
> >this must be manually extracted. There should be some heuristi
Michael Shanzer <[EMAIL PROTECTED]> writes:
> I am writting a simple application that needs to talk
> to a IIS web server using client authentication. I
> cannot seem to get client authentication to work. I
> have tried:
> 1) the cert in browser and it works OK.
> 2) turning off the required cl
on 8/8/01 7:51 AM, Ballou,Matt at [EMAIL PROTECTED] wrote:
> Does anyone know of a good OpenSSL Reference Book? I checked Oreilly site
> and found some basic Web Security Books.
I keep Eric Rescorla's book handy. I don't recall the title exactly, but
think it is just called "SSL & TLS". I purc
I am writting a simple application that needs to talk
to a IIS web server using client authentication. I
cannot seem to get client authentication to work. I
have tried:
1) the cert in browser and it works OK.
2) turning off the required client auth on IIS
and it still fails (SSL_read returns
Does anyone know of a good OpenSSL Reference Book? I checked Oreilly site
and found some basic Web Security Books.
Thanks in Advance
Matt
Matt Ballou (E-mail).vcf
Any idea why its getting hanged at
"writing new private key to 'keyCA.ss'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
On Tue, Aug 07, 2001 at 03:16:21PM -0700, Shaughnessy, Ian wrote:
> I'm working with someone else's code here, and I'm trying to figure out how
> to implement verification anywhere in a cert chain. For example:
>
> asd CA
> |
> lkjh CA
> |
> webserver
>
> I want to be able to verify aga
> How can i generate 40bit test certificate?
I think you're confused.
The certificate (RSA, basically) is typically 1024 although sometimes
512 or 2048 bits. It is used to exchange a session key for a
symmetric-key cipher that is used to do the bulk traffic encryption, and
*that* is usually 128
On Wed, Aug 08, 2001 at 10:58:54AM +0100, Garrard Cole wrote:
> At 18:52 07/08/01 +0200, you wrote:
> >On Tue, Aug 07, 2001 at 05:28:25PM +0100, Garrard Cole wrote:
> >> I include a code fragment below for the server accept function, which is
> >> based on some OpenSSL sample code.
> >>
> >> I do
Eric Rescorla <[EMAIL PROTECTED]> writes:
>"Larry Ellis" <[EMAIL PROTECTED]>
writes:>> I am trying to evaluate whether SSL (specifically openssl),
>>would be a suitable choice in securing my application.
>>I am having trouble finding the best combination of
>>algorithms and parameters t
Hi
I'm new to SSL programming, I'm trying to write a server, that
authenticates, by certificates. I tried modifying the source od the demo in
/demos/ssl/serv.cpp but it doesen't work - the openssl tool acting like a
client sends a certificate, but the server says, it did'n get any peer
certificat
Hi,
How can i generate 40bit test
certificate?
Thanks for reply.
At 18:52 07/08/01 +0200, you wrote:
>On Tue, Aug 07, 2001 at 05:28:25PM +0100, Garrard Cole wrote:
>> I have an SSL-enabled POP server using OpenSSL 0.9.4. running on Windows NT
>> using non-blocking socket i/o.
>
>0.9.4 is quite old, a lot of bugs have been fixed since the release of 0.9.4.
>Plea
Hi,
I want clarification about the Licence issues in using openssl product.
Apart from retaining copyright, is there any other major issues or problems
in using openssl product.
Thanks.
Prasanna
__
OpenSSL Project
Hi Daniel,
I think the serial number format is wrong.
So I invite you to start at the begining.
Check your index file, default install in /usr/local/ssl/index.
The index file is the database of your certified certificates.
Check your serial file, default install /usr/local/ssl/serial,
The seria
Sorry, should have given more details.
The OS is Red Hat Linux 7.0 GNU C compiler
The error message occurs when compiling /crypto/lhash.
The Exact error is
/tmp/ccwIpLH0.s:589:Error: immediate operand illegal with absolute jump
make[2] *** lhash.o]error 1
>From: Lutz Jaenicke <[EMAIL PRO
26 matches
Mail list logo
