David Schwartz wrote:
How about having each side send something like
HMAC[shared_secret](Finished messages)? I used something similar to
this with good results in the SRP Telnet specification. An MITM will
cause the Finished messages to be different, and since he won't know the
shared secret, he
> How about having each side send something like
> HMAC[shared_secret](Finished messages)? I used something similar to
> this with good results in the SRP Telnet specification. An MITM will
> cause the Finished messages to be different, and since he won't know the
> shared secret, he can't "rewr
> On Mon, May 17, 2004, David Schwartz wrote:
> Replacing the other sides public keys is prevented by correctly
> verifying the
> certificate chains of each side, so additional MITM proection is normally
> unnecessary.
That doesn't check what I want to check. I specifically need to confi
On Mon, May 17, 2004, Joseph Bruni wrote:
> Where might I find the documentation for X509_REQ_print_ex()? I've searched the man
> pages, the web site, and the source in ./crypto/asn1/t_req.c is uncommented.
>
> I really only need info on the nmflags and cflags parameters -- the others I can
> f
Hi,
I am having an issue with the SSL Certificates. I am using
OPENSSL on Redhat linux 7.3 and Windows xp clients. I installed Apache
Webserver with Openssl support. When the client tries to access the link then
SSL Certificate pops up ,asking the client to install it. So if I visit thi
Where might I find the documentation for X509_REQ_print_ex()? I've searched the man
pages, the web site, and the source in ./crypto/asn1/t_req.c is uncommented.
I really only need info on the nmflags and cflags parameters -- the others I can
figure out.
__
Thanks a lot Dr Henson !
Now all works fine
ZainosDo You Yahoo!?
Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por
$100 al mes.
On Mon, May 17, 2004, David Schwartz wrote:
>
>
>
> The situation I have is that I have two entities that have a shared secret
> and each has an end of an SSL connection. I need to verify that the two ends
> are ends of the *same* SSL connection. (In other words, prove that there is
> no
On Mon, May 17, 2004, Carlos Roberto Zainos H wrote:
> Hi all !
>
> I'm writing an application that needs write out a RSA private key password based
> encryption in DER format but I'm getting error from functions used for, follows my
> code and error codes:
>
> ERR_load_crypto_strings ();
>
I saw a thread about this before, but I had a follow up question.
I'm wanting to use SSL simply to garbage-ify the data between my server
application and the client. I'd like to use only 128 bit encryption
(CPU limitations). But I cannot generate a certificate with a key this
small.
Do I need
David,
How about having each side send something like
HMAC[shared_secret](Finished messages)? I used something similar to
this with good results in the SRP Telnet specification. An MITM will
cause the Finished messages to be different, and since he won't know the
shared secret, he can't "rewr
Hi all !
I'm writing an application that needs write out a RSA private key password based encryption in DER format but I'm getting error from functions used for, follows my code and error codes:
ERR_load_crypto_strings (); out = BIO_new(BIO_s_file());
rsa = RSA_generate_key (bits, e_value, i_
> On Sun, May 16, 2004, David Schwartz wrote:
> > Is there any SSL function to retrieve the other side's
> > public key? I see
> > SSL_get_peer_certificate, but no way to get the public key.
> From the certificate call X509_get_pubkey(cert).
My thanks to both of you. It occured to m
On Mon, May 17, 2004, Himanshu Soni wrote:
> For some versions of MSIE, I think ClearAuthenticationCache would work.
> I have not tested this myself but here is a link to article that talks about
> it:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebteam/h
> tml/webteam1104
Title: Re: How to log out from an SSL V3 session?
For some versions of MSIE, I think ClearAuthenticationCache would work.
I have not tested this myself but here is a link to article that talks about it:
http://msdn.microsoft.com/library/default.asp?url="">
Thanx
Himanshu Soni
-Or
On Mon, May 17, 2004, [EMAIL PROTECTED] wrote:
> I already posted this question in [EMAIL PROTECTED] , got no answer so
> far. What mailing-list is the most suited to deal with SSL issues, mostly
> apache-ssl points? httpd.apache.org does adress some of the issues, mod_ssl
> mailing list seems n
Hi!
I have just uploaded version 0.9.28 of prngd. It does fix a hang in an
endless loop under certain conditions. I have never seen this myself on
HP-UX but I have received some reports, more or less all from Solaris 8
users, one of which finally lead to the correct analysis.
Problem: after callin
On Mon, May 17, 2004, Anssi Porttikivi wrote:
> ...and everything works now. A good thing is I created my first keypair,
> certificate, encrypted message and signed message and decrypted and
> verified them ok. Bad thing is it took all day. With half a dozen
> different PGP implementations I never
On Mon, May 17, 2004 at 11:23:51AM -0400, Charles B Cranston wrote:
> The web does not use continuous connections. Typically for a
> web app you do a POST request, passing in data items and getting
> back the next in the process, but the SSL connection is
> closed at that point, and another, diff
The web does not use continuous connections. Typically for a
web app you do a POST request, passing in data items and getting
back the next in the process, but the SSL connection is
closed at that point, and another, different, connection is
opened the next time you push a button or otherwise int
Could you be a little bit more precise on how i can do such a trick?
Can the client send a signal to the server to make it force a new handshake?
Nicolas.
Message d'origine
De: Baber Amin [mailto:[EMAIL PROTECTED]
Date: lun. 17/05/2004 17:01
À:
I already posted this question in [EMAIL PROTECTED] , got no answer so far.
What mailing-list is the most suited to deal with SSL issues, mostly apache-ssl
points?
httpd.apache.org does adress some of the issues, mod_ssl mailing list seems not to be
very popular, thought openssl was dealing with
...and everything works now. A good thing is I created my first keypair,
certificate, encrypted message and signed message and decrypted and
verified them ok. Bad thing is it took all day. With half a dozen
different PGP implementations I never spent more than an hour or two to
make them do the bas
Forget this message: found it. Forgot that your data should be less
"in value" as the modulo, just as the errormessage says :o)
-Oorspronkelijk bericht-
Van: Heusden van, FJJ (Folkert)
Verzonden: maandag 17 mei 2004 15:06
Aan: '[EMAIL PROTECTED]'
Onderwerp: reading keys and then crypting
Dr. Stephen Henson [mailto:[EMAIL PROTECTED]:
>> I ./config all-right, but trying to make
>> ftp://ftp.openssl.org/snapshot/openssl-SNAP-20040517.tar.gz results
in
>> million linking errors. Isn't the snapshot self-sufficient?
>
>You should use the *stable* snap
Hi,
I'm trying to crypt with a secret+public key I load from a file.
So what I do is:
- i read in the binary representation of n and d, I then convert
those with BN_bin2bn to pRsakeypair -> n and d.
- after that, I set the exponent e:
BN_zero(pRsakeypair -> e)
BN_set_word(pRsakeypair -> e, 6
l smime -encrypt -in message cacert.pem
> >> Segmentation fault
> >
> >Read the archives: this has been mentioned many times recently.
>
> I ./config all-right, but trying to make
> ftp://ftp.openssl.org/snapshot/openssl-SNAP-20040517.tar.gz results in
> million linking errors. I
That did the trick. Thanks a lot!
On Fri, 2004-05-14 at 12:52, Olaf Gellert wrote:
> Aaron Smith wrote:
> > We have been using OpenSSL to generate certificates for various
> > applications here with a home grown CA (created using openssl ca). We
> > recently started upgrading our servers fro
: this has been mentioned many times recently.
I ./config all-right, but trying to make
ftp://ftp.openssl.org/snapshot/openssl-SNAP-20040517.tar.gz results in
million linking errors. Isn't the snapshot self-sufficient? Does it need
some other development packages? Here is the critical place
Thank you, I missed that!
BIOs don't need any special settings to support non blocking I/O: if the
underlying transport signals a call should be retried the BIO takes
appropriate action.
In other words you just have to set the underlying transport (socket normally)
to a non blocking mode.
Steve.
__
For SSL_accept, you need to make the underlying socket non-blocking, rather
than a non-blocking BIO. You can make a socket non-blocking with the 'fcntl'
system call (check the manpages). You may also be interested in the excellent
sockets tutorial 'Beej's Guide to Network Programming' located at
31 matches
Mail list logo
