Hi ,
I am very new to this area, I need some clarifcations regarding
openssl . Currently we have a Applet ( java ) and
C++ server ( Solaris ) communication for our applications, We are
intrested in making this communication secure
so we want to use JSSE and openssl, Can anyone suggest how to
John don't if this has aleady been answered but u might be missing
SSL_set_fd and SSL_set_accept_state(Function Name may not be correct but
is somewhere around this)
SSL_set_fd will be set with the sockfd which ur socketcall returned
a -1 by SSL_Accept generally means that the lower layer (socket
Eric Rescorla wrote:
>
> "Paul L. Allen" <[EMAIL PROTECTED]> writes:
> > Eric Rescorla wrote:
> > Hmmm... When I watch a demo client and server with client
> > authentication,
> > I see the client's cert going over the wire. I wonder why I don't see
> > it in the case of my real code? Would mi
If I want a server to accept either SSLv3 or TLS connections but not SSLv2
connections, do I use
TLSv1_server_method() or SSLv3_server_method() or is this not possible?
Thanks,
Tim
__
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quote
There's a good thread on webappsec list on securityfocus
at the moment on this topic. Synchronicity!
Matt
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[
Hi,
I installed openssl-0.9.6c on a Unixware 7.1 box and I
was playing with the demo programs saccept.c and
sclient.c in openssl-0.9.6c/demos/bio directory. I
compiled and started sclient on a Solaris 2.6 machine
and saccept on the unixware one. Both programs worked
fine.
However, I was playing
"Paul L. Allen" <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
> Hmmm... When I watch a demo client and server with client
> authentication,
> I see the client's cert going over the wire. I wonder why I don't see
> it in the case of my real code? Would mis-matching the BIO on the
> server s
I have been unable to generate a cert request acceptable to a domino CA.
Can anyone help with this ? I tried creating with "req" and feeding the "pem" files to "pkcs12" but I get error messages:
>openssl req -newkey rsa:1024 -out certr.pem
>openssl pkcs12 -export -inkey privkey.pem -in c
Eric Rescorla wrote:
>
> "Paul L. Allen" <[EMAIL PROTECTED]> writes:
> > Eric Rescorla wrote:
> > > > I've watched my Java client connecting to my OpenSSL server using
> > > > ssldump. I can see the server's cert going over to the client. The
> > > > client does not send its own cert over to th
"Paul L. Allen" <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
> > > I've watched my Java client connecting to my OpenSSL server using
> > > ssldump. I can see the server's cert going over to the client. The
> > > client does not send its own cert over to the server, and the server
> > > con
Hi -
I was running through the man pages for the openssl command line. There are
three examples for openssl passwd at
http://www.openssl.org/docs/apps/passwd.html
The first and last (crypto & apr1) match what I get when I run the
examples. But the second one doesn't return the result given in
Eric Rescorla wrote:
>
> "Paul L. Allen" <[EMAIL PROTECTED]> writes:
> > JSSE stores keys and certificates in its own private format managed
> > by a thing called "keytool". In the JSSE documentation, no mention
> > is ever made of a CA. Keys and certs are always generated as needed
> > by keyt
On Mon, Aug 26, 2002, Fiel Cabral wrote:
> When the dsa command is used to generate an encrypted
> dsa private key, it outputs a PEM encoded file.
>
> Does the PEM encoded file simply contain the Base 64
> encoding of the ciphertext (which can be decrypted
> immediately) or does it contain an AS
On Mon, Aug 26, 2002, Michael Shmulevich wrote:
> Hello,
>
> I am sorry for troubling you with a (quite standard) question, but I cannot
> figure out my problem alone, and man page doesn't relly help me to solve a
> problem.
>
> I try to transfer an application in a secure way with PKCS#7 attac
> I was unclear - I meant as a general technique it doesn't
True.
> though unless
> you are guaranteed to answer the same at all points in the future, I
> don't see how the timestamp helps.
OCSP includes a "generatedAt" timestamp, so the future doesn't matter. :)
/r$
___
Rich Salz wrote:
>>>Or use the trick we created for Identrus: make the nonce be the hash of
>>>the document that made you first do the OCSP query.
>>
>>That doesn't prevent a replay attack, in general, of course.
>
>
> If the document isn't public, then it's as good as arbitrary random bytes.
When the dsa command is used to generate an encrypted
dsa private key, it outputs a PEM encoded file.
Does the PEM encoded file simply contain the Base 64
encoding of the ciphertext (which can be decrypted
immediately) or does it contain an ASN.1 structure
that has the ciphertext inside (and thus
Im sure this has been asked but Im wondering If im On solaris 8 with
openssl-0.9.6e for use with openssh-3.4p1.
Do I need to upgrade to openssl-0.9.6g?
What is the main reason/bugs for going from openssl-0.9.6e to openssl-0.9.6g?
If anyone could give me some insight that would be great. Thanks
I'm trying to access a secured page via ssl with a client side certificate
and receive the "verify error:num=19:self signed certificate in certificate
chain" message when I try to validate the certificate from the client using
a standard openssl s_client command. (I've provided the syntax used and
Looks
like the source code might have been corrupted during download to your
machine. Did you check the md5 against the original .GZ ? That
just doesn't look normal.
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Sent: August 24, 2002 1:03
PMTo: [E
Hi,
I statically link with both libcrypto and libssl, and I got this strange
linker warning that I haven't gotten before:
ssleay32.lib(ADVAPI32.dll) : warning LNK4006: __imp__WriteRaw@12 already
defined in libeay32.lib(ADVAPI32.dll); second definition ignored
Looking at the libs (and in the ma
> > Or use the trick we created for Identrus: make the nonce be the hash of
> > the document that made you first do the OCSP query.
>
> That doesn't prevent a replay attack, in general, of course.
If the document isn't public, then it's as good as arbitrary random bytes.
If the document *is* p
22 matches
Mail list logo
