I think you can try s_client program, in apps directory.
Using it, you can write "ssl on" after SSL negotiation and see what happens.
If it works, you can use it to build your program. It has all you need.
__
OpenSSL Project
More than likely, the problem stems from my novice understanding as to
how BIOs work, however I have a very puzzling problem. I'm currently
writing a client/server application, client written in C for speed (will
be invoked several times a second), and server is written in Java. I
want the client t
I don't know if this will help but here are some stats
from our humble little server.
Hardware:
2 3gig xeon cpu's
2 gig ram
70 gig hardware raid 1
Linux AS 3
We can generate 1 certificate(1024 bits key length) at
.02 seconds per certificate. It would probably be
faster if we didn't create the p
On Thu, Apr 28, 2005, John Hoel wrote:
> I have been doing that all along. That's what is so exasperating - following
> insructions doesn't seem to help. (arghh! head banging). That's the 2nd
> function argument. 3rd argument is NULL (not using CAdir).
>
> The file passed to SSL_CTX_use_certifi
I have been doing that all along. That's what is so exasperating - following
insructions doesn't seem to help. (arghh! head banging). That's the 2nd
function argument. 3rd argument is NULL (not using CAdir).
The file passed to SSL_CTX_use_certificate_chain_file() is client.pem.
BTW - I tried t
On Thu, Apr 28, 2005, John Hoel wrote:
> To include it in the trusted store, I think I will need to hash it and the
> 'root.pem' file as well. I haven't been able to find anything describing how
> this is done. Can you refer me to something?
>
You just keep root.pem as it is and pass it in the C
Okay, my certs are looking okay now (if i want to believe "openssl verify").
But still no chance to get in. Now it says after "GET /demo/index.html
HTTP/1.0":
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1
/C=DE/ST=test/L=
To include it in the trusted store, I think I will need to hash it and the
'root.pem' file as well. I haven't been able to find anything describing how
this is done. Can you refer me to something?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen
On Thu, Apr 28, 2005, Sven Löschner wrote:
> Okay, first I changed the ns-entries with keyusage, then i put them in both.
> None of these works:
>
> Server:
>
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> Netscape Cert Type:
> SSL
Okay, first I changed the ns-entries with keyusage, then i put them in both.
None of these works:
Server:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
X509v3 Key Usage:
Certificate Sig
Also I'm surprised to see V3 cert with no KeyUsage section ...
It would also would be more normal to use Extended Key Usage to say it is
good for SSL Server etc. rather than use the old NetScape Cert Type ...
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Beh
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
Netscape Comment:
OpenSSL Generated Certificate
is why it is failing. The server certificate needs:
X509v3 extensions:
> If you can post the output of:
>
> openssl x509 -in cert.pem -text -noout
Okay, this comes out with the server.pem (I shortend the Algorithm-Tables
with "...":
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: md5WithRSAEncryption
On Thu, Apr 28, 2005, Sven Löschner wrote:
> > could you verify this with
> > openssl verify -CAfile cacert.pem -purpose sslserver server.pem and while
> you at it:
> > openssl verify -CAfile cacert.pem -purpose sslclient user.pem
>
>
> I guess i should look at my Server-Cert, because with "open
> could you verify this with
> openssl verify -CAfile cacert.pem -purpose sslserver server.pem and while
you at it:
> openssl verify -CAfile cacert.pem -purpose sslclient user.pem
I guess i should look at my Server-Cert, because with "openssl verify
-CAfile cacert.pem -purpose sslserver server.pe
Sven Löschner wrote:
What result do you get by an
openssl s_client -connect test.net:443 \
-CAfile cacert.pem -verify 5 \
-cert user.pem -key user.key \
-reconnect -showcerts -state -bugs
?
with a input
GET /demo/index.html HTTP/1.0
I get:
SSL_connect:SSL renegotiate
On Thu, Apr 28, 2005, Alex Heatley wrote:
> Dr. Stephen Henson wrote:
>
> >Yes I can reproduce your problem. I've applied a fix to OpenSSL and it will
> >appear in the next stable snapshot and 0.9.7h onwards.
> >
> >Thanks for the report.
>
> Many thanks. We are quite keen to get the patch, what
Hi Rush,
Your solution has been very helpful.
> (2) does the correct thing. It statically links against your version of
> libssl.a. It also acts just like it found the library because of a -lssl
> on the linker command line. (Only the functions that are required are
> pulled into your executable,
Hi,
I need to set app data to an RSA object encapsulated in an EVP_PKEY, so
I did the following:
void set_app_data(EVP_PKEY *pkey)
{
...
rsa = EVP_PKEY_get1_RSA(pkey);
RSA_set_app_data(rsa, app_data);
RSA_free(rsa);
...
}
We shouldn't access pkey->pkey.rs
> What result do you get by an
> openssl s_client -connect test.net:443 \
> -CAfile cacert.pem -verify 5 \
> -cert user.pem -key user.key \
> -reconnect -showcerts -state -bugs
>
> ?
>
> with a input
> GET /demo/index.html HTTP/1.0
I get:
SSL_connect:SSL rene
20 matches
Mail list logo
