Hi,
I need help from the openssl users. i appreciate
somebody's help in this regard.
I am very new to openssl progarmming.
I am facing a problem in writing a client program,
which talks to a server which does client
authentication.
can anybody send me a snippet of client code.
i am sending sn
Hello,
Pardon my ignorance. I am trying to understand OpenSSL. I wanted to find
out what the following mean, and how they get used? Where can I find
information for each of the following? What is CBC?
SSL_RSA_WITH_NULL_MD5 NULL-MD5
SSL_RSA_WITH_NULL_SHA NULL
Title: Message
Paul,
Well someone can't just give you binaries because you would need a build
specific to your compiler and the settings you want for your application. You
should probably ought to list your problem including platform , compiler and
settings.
Title: Message
Hi Andrew,
Nope I didn't. It is not a problem with the
source.
My problem is in C++ it acts a bit weird and I do
not know the real problem.
Regards,
Paul.
- Original Message -
From:
Andrew Finnell
To: '[EMAIL PROTECTED]'
Sent: Monday, March 25, 2002
Im sorry to repeat this question but my email server was down over the
weekend so if anyone replyed to me, it would have been unsucessful.
I am writing a globus based application where i want to create a proxy
from within my program. I get the following error when i call:
if (proxy_load_user_
"POP account for superquote.co.uk" <[EMAIL PROTECTED]> writes:
> Ha, I am sure you are correct, I'm trying to snoop so tunnelling is no good
> to me, hence I think in terms of the proxy masquerading as a secure server
> to the client and a secure client to the remote server.
It's quite possible to
Title: Message
Paul,
Did you post what the problem was during your
compile?
-Andrew T.
FinnellSoftware EngineereSecurity Inc(321)
394-2485
-Original Message-From: Paul E. Prak
[mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 20
Hi all,
Can I download the binaries for
win32 somewhere?
I tried almost everything to compile but could not
fix it.
Please help!!!
Regards,
Paul
Does anyone know of a good, complete implementation of the verify callback? The CB
that's passed to the SSL_CTX_set_verify() function.
The versions I've looked at, in the openssl source tree, don't seem all that complete.
My callback is experiencing the error, X509_V_ERR_SELF_SIGNED_CERT_IN_CHA
Hi Eric,
Ha, I am sure you are correct, I'm trying to snoop so tunnelling is no good
to me, hence I think in terms of the proxy masquerading as a secure server
to the client and a secure client to the remote server.
I guess I should keep quiet on the things where I only know a bit.
I could be
Hi,
You are correct, the author would very much like to see plain text, others
may enjoy to read encrypted data, but I grew out of it about the same age
that I realised that Beavis and Butthead are not actually the funniest thing
ever on TV ( Though I believe to this day that they may be contende
This was posted a few months before but i couldn't find an answer.
When executing:
./openssl rsa -in www.server.com.key -out www.server.com.key_new
where www.server.com.key is a copy of my private key, I am prompted
for a pass phase (which is what should happen). When I enter the
passphrase, ho
The path in httpd.conf may not be right. Maybe you can double check the
DocumentRoot directive? Not sure if you also have patched apache with
mod_ssl package?
--
WWW.XGFORCE.COM -
The Next Generation Server Clustering
and Clustered Enterprise Firewal
I tried short-cutting the initial handshake info from
my initial paragraph. You are, of course, correct
regarding decryption. However, it was my interpretation
that the use of the word snoop, given the original
author's intention, meant seeing clear text data.
To wit:
>To proxy an https the prox
Neff Robert A <[EMAIL PROTECTED]> writes:
> You cannot snoop a secure https transaction without somehow
> pretending to be the destination host. To do that requires
> the cert, which is public, and private key, which you will
> not have.
Sort of. You can certainly passively snoop an HTTP transac
Hello,
I have made a CA cert, but the default signature algorithm is MD5.
I need to put SHA1 as the signature algorithm, how can I do that?
Thanks,
Juan Angel
__
OpenSSL Project http://www.opens
You cannot snoop a secure https transaction without somehow
pretending to be the destination host. To do that requires
the cert, which is public, and private key, which you will
not have. The proxy acts as an SSL transport only, after
establishing the initial socket connection to the destination
"POP account for superquote.co.uk" <[EMAIL PROTECTED]> writes:
> To proxy an https the proxy MUST decrypt the message ( or it cannot
> understand the request ), so it MUST be the secure sever for the client ( or
> it will not have the key to decrypt ) and then the proxy MUST re-encrypt and
> then
Trying to change passwords on UNIX accounts stored in Win2K Active Directory... we
have extracted the Solaris 2.6 passwd binary and replaced 2.8 binary. However, still
get the following error:
# passwd dav
Permission denied
The following is logged in /var/adm/messages
Mar 25 20:09:18 sun6.CPQ
When I do my startssl, I see
> Apache/1.3.14 mod_ssl/2.7.1 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server [my server].Stanford.EDU:443 (RSA)
Apache:mod_ssl:Error: Private key no
Hi Simon,
I'm also trying to proxy ( and snoop ) a secure https transaction.
If I understand what you are doing, then it will not work. If I understand
correctly, you are sending a secure transaction via a proxy without having
sorted out the proxy.
The proxy will just receive a pile on encrypte
I found the answer the in mail archive.
Thanks,
Lei
-Original Message-
From: Shen, Lei
Sent: Monday, March 25, 2002 11:41 AM
To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: decryption failed or bad record mac
I was unable to use s_client to connect to shop.mywcs.com port 443.
H
On Fri, Mar 22, 2002 at 10:51:38AM -0700, Craig Davison wrote:
> If this won't be addressed here, what address can I mail doc problems like
> this to?
Bug reports should be mailed to [EMAIL PROTECTED]
Anyway, all members are also reading openssl-users, it is just a question
on who will jump up an
A number of things can cause delay if you
have a busy port 80. If you have set the service to listen at 80 rather than
443 perhaps it will be faster, but if you also have other things such as Apache
serving 100 virtual servers on that same port this could be rather slow.
My first ques
Hi folks,
URL
example:
https://www.myweb.com:80/xmlportal/XML.asp
If I specify port 80 in the URL the
SSL_Connect takes a long time to return the
response,
The server is using port 443 for SSL
connections but I want to able to check against port 80 in case it's
I was unable to use s_client to connect to shop.mywcs.com port 443.
However, https://shop.mywcs.com is working fine in IE.
Does anyone have an idea what this error message mean?
This site is a Japanese site, do I need to do anything for OPENSSL
to work with Japanese site?
Thanks,
Lei
Screen
Is anyone familiar with this message and it's ramifications?
I'm testing and made a successful ipsec session. Now I've made changes
to my policy on the server (Linux) side, and I get this message during
Main mode IKE negotiations.
Do I need to clear old SA's from the previous session? How do
I have a .asp page that you can hit and view the contents..can you place it
on your server and hit it with your certificate? I will attach it anyway.
-Original Message-
From: Brown, Craig [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 9:11 AM
To: [EMAIL PROTECTED]
Subject: Vie
At 10:10 25.03.2002 -0500, you wrote:
>I've created a cert that contains X509 extensions (I stored data in the
>subject-alt name field). I'm looking for a utility that can dump the cert
>(in ASCII) so that I can make sure all the expected values are there. Does
>such a utility exist (that will al
I've created a cert that contains X509 extensions (I stored data in the
subject-alt name field). I'm looking for a utility that can dump the cert
(in ASCII) so that I can make sure all the expected values are there. Does
such a utility exist (that will also dump extensions) or do I need to write
when i create a client certificate using a mozilla browser, a CGI script
generates an SPKAC file for use with `openssl ca -spkac infile`.
the DN then becomes of ASN.1 type T61STRING which is encoded illegally,
which the openssl documentation admits:
http://www.openssl.org/docs/apps/req.html";>
BU
Hi,
I am trying to write a simple
application to deal with PKCS12 import/export, when I read through the PKCS12
docs from RSA, I can't understand what are the differences between a keyBag
and pkcs8ShroudedKeyBag, does the keyBag type mean pkcs8 Private-key
information syntax, and the ot
Dear Mr. Schwartz and Mr. Woods,
Thank you both for your comments although it doesn't fully clear my concern.
I am currently consulting with the Department of Commerce of the American
Embassy in Japan, who said they will investigate the exportability for us.
Our software used in the newly develop
33 matches
Mail list logo
