Company certs were set to expire soon, so I hop on $Commercial_CA's website to
renew. We've changed from Stronghold 2 to Apache
1.3.27+mod_ssl-2.8+openssl-0.9.6i in the last year (but the old cert/key pair
has worked fine), so I couldn't renew. I have to build a new csr and key so I
do a:
fo
OK I've found the problem. I can kluge my way around it, as it is something
to do with the wierd stuff that I am doing, rather than any fault in OSSL.
Thanks for everybodies input. At least it showed up a bug in the docs that
has been corrected.
thanks again
Steve
-Original Message-
From
> Thanks for that. OK I'll just have to set to work with printf's ( and
> returns, as currently it crashes so badly I don't get the printf's). This
Try "setbuf(stdout, NULL)" in main. printfs might be getting lost due
to standard i/o buffering.
--
Rich Salz Chief Security Archite
Thanks for the clarification. I read that and said to myself,
"well how the h*%l is that supposed to work, LOL."
Regards,
Fred Crable
-Original Message-
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 9:00 AM
To: [EMAIL PROTECTED]
Subject: Re: Problem with X5
On Thu, Jun 26, 2003 at 08:47:49AM -0500, Fred Crable wrote:
> It looks like a verification failure, whatever that means! Sounds like
> an infinite loop from the man pages. Try fflush() on your stdio to
> catch those printf()'s :)
>
> Quote from: http://www.hmug.org/man/3/SSL_CTX_set_verify.html
It looks like a verification failure, whatever that means! Sounds like
an infinite loop from the man pages. Try fflush() on your stdio to
catch those printf()'s :)
Quote from: http://www.hmug.org/man/3/SSL_CTX_set_verify.html
The return value of verify_callback controls the strategy
Lutz,
Thanks for that. OK I'll just have to set to work with printf's ( and
returns, as currently it crashes so badly I don't get the printf's). This
could take a while, but probably quicker than setting up an on-target
debuggerer. It's probably something deeply occult.
thanks again
Steve
-
On Thu, Jun 26, 2003 at 01:07:22PM +0100, steve thornton wrote:
> I'm using OSSL 0.9.7b ported for an ARM based platform (I'm currently doing
> the port myself, and it is operational), which uses non-blocking sockets
> (custom version).
I am using OpenSSL 0.9.7b on an ARM based platform myself (Xs
Hi Lutz,
I'm using OSSL 0.9.7b ported for an ARM based platform (I'm currently doing
the port myself, and it is operational), which uses non-blocking sockets
(custom version).
If I run the code below, but with return ok; rather than return 1; everthing
works just dandy. But if I try to override th
On Thu, Jun 26, 2003 at 12:07:19PM +0100, steve thornton wrote:
> OK, I haven't found the problem. It does appear to be an OpenSSL bug.
>
> I use
>
> SSL_CTX_set_verify ( ctx, SSL_VERIFY_PEER, verifyCallbackProc );
>
> and
>
> int verifyCallbackProc ( int ok, X509_STORE_CTX *store )
> {
>
>
OK, I haven't found the problem. It does appear to be an OpenSSL bug.
I use
SSL_CTX_set_verify ( ctx, SSL_VERIFY_PEER, verifyCallbackProc );
and
int verifyCallbackProc ( int ok, X509_STORE_CTX *store )
{
return 1;
}
this causes the verification code to hang in the middle of the handshake.
C
> Hello!
> I try to install rpm package but i need libcrypto.so.2 and libssl.so.2.
> I install openssl (last version) but i get the same errors.
> Can U tell me what i need to do?
> My workstation is a suse linux 7.3.
Talk to whoever gave you the RPM you're trying to install. RPMs general
I think I've found the problem (in my code) but will take a while to make
sure.
As far as "horrible crash" goes - it freezes in mid handshake (as the verify
callback explodes), and causes the real-time embedded kernel to lock up all
its signal queues, causing the whole (very complex) system to gra
On Thu, Jun 26, 2003 at 10:07:08AM +0100, steve thornton wrote:
> Actually, I take that back, it does get called whether the chain passes or
> fails. However, it still crashes horribly when ok is altered. Any clues?
Hmm. I don't use the function directly but indirectly via the SSL layer.
See the P
Actually, I take that back, it does get called whether the chain passes or
fails. However, it still crashes horribly when ok is altered. Any clues?
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of steve thornton
Sent: 26 June 2003 09:53
To: [EMAIL PROTE
On Thu, Jun 26, 2003 at 09:52:57AM +0100, steve thornton wrote:
> I've been trying to use X509_set_verify() and an associated callback
> function to allow me to override the standard verification if necessary.
> According to the O'Reilly OpenSSL book, this function gets called on every
> connection
Hi folks,
I've been trying to use X509_set_verify() and an associated callback
function to allow me to override the standard verification if necessary.
According to the O'Reilly OpenSSL book, this function gets called on every
connection, and allows the callback to alter the ok value, thus allowin
Hello!
I try to install rpm package but i need libcrypto.so.2 and libssl.so.2.
I install openssl (last version) but i get the same errors.
Can U tell me what i need to do?
My workstation is a suse linux 7.3.
Thank U!
Darius
__
Ope
Hi,
I have written this patch to be used with a hardware Crypto PKCS#11
accelerator
which can store keys. It is used in my company in TrustWay SSL accelerator
and,
TrustWay Apache-SSL accelerator with the Bull PCI CC2000 HSM.
Our HSM doesn't require C_Login. I believe that call to C_Login is mandat
Nils Larsch wrote:
... (Note: the current OpenSSL EC PKCS#8 format is incorrect,
I'm currently testing a patch to fix it, so please don't use the
current PKCS#8 format).
The pkcs8 ec private key format should be fixed now.
Nils
20 matches
Mail list logo
