Re: pass phrase passed to PEM code

2003-02-18 Thread Charles Cranston
It's not THAT hard to modify your $MANPATH variable to include the nonstandard man page areas. This is some code I use in my .cshrc file on Solaris: = # there is always a way set path=( \ ${HOME}/bin \ ${HOME}/src/script \ /bin \ /usr/bin \ /usr/local/bin \ /usr/sbin \ /opt/SUNWspro/bin \ /

RE: Multithreaded; how to abort during read?

2003-02-18 Thread Steven Reddie
The only way I know of to solve this problem is to use non-blocking sockets, create a second socket pair to deliver the terminate message, and select() on the SSL socket and the terminate socket. When thread#2 wants to terminate thread#1 it sends a message down the terminate socket which causes th

Multithreaded; how to abort during read?

2003-02-18 Thread Jem
In my test program (on win32, using OpenSSL 0.9.7 DLLs) I have two threads running: Thread #1 is busy doing a SSL_read() Thread #2 wants to abort the SSL connection When I make Thread #2 do "SSL_shutdown", the program crashes. Is there a 'gentle' way to do this, perhaps by having Thread #2 set

Re: pass phrase passed to PEM code

2003-02-18 Thread Rodney Thayer
At 07:35 PM 2/15/2003 +0100, Dr. Stephen Henson wrote: This is mentioned in detail, with examples, in the pem(3) manual page. In Linux the man pages are installed in /usr/local/ssl/man. In other words they're not put in a place that 'man' can find them. Should I file a bug? I consider it a bu

minor problem in bn_mul.c

2003-02-18 Thread Rodney Thayer
The prototype for bn_mul_recursive is never defined in bn_lcl.h. It's there but there is an "#if 0" around it. The function bn_mul_recursive is always compiled in, because it's got an "#ifdef BN_RECURSION" around it, and BN_RECURSION is always defined in bn.h. I think the prototype should be put

Re: r.e. OpenSSL and MacOS (pre-OS X)

2003-02-18 Thread Rodney Thayer
Here's what I've found with OpenSSL 0.9.7 and OS X 10.2.3. There's a Metrowerks Code Warrior project (MCP file) in the 'MacOS' subdirectory. It's REALLY old. It predates OS X and it predates 0.9.7. With some fiddling it might build 0.9.7 libraries and tools. ___

Re: Kerberos/PKINIT compliant subjectAltName?

2003-02-18 Thread Dr. Stephen Henson
On Tue, Feb 18, 2003, Thomas Anders wrote: > Dr. Stephen Henson wrote: > >subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:principal_seq > > > >also I've now added GeneralString to the mini ASN1 compiler. > > Once the proper subjectAltName is constructed, is/will there be > a way to get sth. more

Re: Kerberos/PKINIT compliant subjectAltName?

2003-02-18 Thread Thomas Anders
Dr. Stephen Henson wrote: subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:principal_seq also I've now added GeneralString to the mini ASN1 compiler. Once the proper subjectAltName is constructed, is/will there be a way to get sth. more meaningful than X509v3 Subject Alternative Name:

Re: no-err option

2003-02-18 Thread Richard Levitte - VMS Whacker
In message <[EMAIL PROTECTED]> on Wed, 5 Feb 2003 17:44:56 +0100, Bodo Moeller <[EMAIL PROTECTED]> said: moeller> On Tue, Feb 04, 2003 at 10:42:00AM +0100, Martin Witzel wrote: moeller> moeller> >> Do you think that there is a strong reason for keeping (and repairing) moeller> >> no-err? moeller

Re: [Fwd: stunnel 4.04 crashes running on Win2K Prof]

2003-02-18 Thread Michal Trojnara
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrey, You've discovered a serious bug in the OpenSSL 0.9.7 library. Disassembling the library revealed that you GPF appeared in the "middle of list" sestion of the SSL_SESSION_list_remove() function located in the ssl_sess.c source file. I guess

Re: redirecting input to s_client

2003-02-18 Thread Vadim Fedukovich
On Mon, Feb 17, 2003 at 02:26:13PM +, Himanshu Soni wrote: > Hi > > Is there a way to redirect the GET/POST request from a file to the openssl > s_client app? something like: > > cat get.txt | openssl s_client -connect server:443 -cert crtfile -key keyfile maybe (cat something; sleep 10) |