Davy Durham wrote:
Hello Davy,
Can openssl be given an SSL cert and a list of trusted root CAs' certs
and it just output the root CA's cert that goes with (signed) that SSL
cert?
This is not implemented in the openssl command.
With some own programming it would be possible.
Or is it a matte
Ok, so deriving/extracting the root CA's certificate from an SSL
certificate is not possible.
So, another question:
Can openssl be given an SSL cert and a list of trusted root CAs' certs
and it just output the root CA's cert that goes with (signed) that SSL
cert? Or is it a matter of doing a
Original Message
Subject: Re: SSL_renegotiation using non block sockets
From:[EMAIL PROTECTED]
Date:Thu, June 2, 2005 8:41 pm
--
HI Lokesh.,
Thanks for the res
Hi,
What I think is as its the application's responsibility to retry
the "same" openssl operation whenever it receives a WANT_READ or
WANT_WRITE, why cant we simply overwrite the buffer that is passed
to say SSL_write with the next payload that needs to be sent when we hit
that error code, in this
Hello,
I am using the Win32OpenSSL-v0.9.7f.exe download running on Win Me.
I am writing a web-based accounting system for a client who is a chartered
accountant. He has been using my system for many years in-house. But city
traffic being more of a problem he wants his staff to be able to work fro
Julien VEHENT wrote:
I don't want to use HTTP just because web server are to much attacked.
Moreover,
OCSP is very interesting for the student that i am :)
OK so if i use a "boring script" which request 100 serial in one
line, what is
the correct syntax to generate a CRL using the OpenSSL
HI,
You may want to consider using SSL_CTX_set_mode(...)
with SSL_MODE_AUTO_RETRY flag such that you would'nt recieve
SSL_ERROR_WANT_XXX messages.
Normally those messages come when the other side requests for re-negotiation.
-Lokesh.
On 5/31/05, opt <[EMAIL PROTECTED]> wrote:
> Hi everyone
>
HI,
Pls check man page of SSL_load_verify_locations(...) which can be used
in writing the server or client program.
-Lokesh.
On 6/1/05, Vaclav Stepan <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I ran in trouble with the following thing. There is a Debian woody,
> with OpenSSL 0.9.6c installed. I am t
HI,
SSL_accept/SSL_connect is something that we use to establish an
initial SSL connection and we use SSL-renegotiate/SSL_do_handshake
based on timers
we install for SSL for re-negotiating KEYs such that hacking the SSL
connection is robust.
Having said that.. I assume you already have an SSL con
On Thu, Jun 02, 2005, Kent Yoder wrote:
> Hi, the page
>
> http://www.openssl.org/docs/crypto/OPENSSL_config.html
>
> claims that OPENSSL_CONFIG should be the environment variable to set
> for an alternate config file, however it appears that the code wants
> OPENSSL_CONF. Also, the OPENSSL_con
Hi, the page
http://www.openssl.org/docs/crypto/OPENSSL_config.html
claims that OPENSSL_CONFIG should be the environment variable to set
for an alternate config file, however it appears that the code wants
OPENSSL_CONF. Also, the OPENSSL_config.3 man page shows
OPENSSL_CONFIG.. Others manpages
I have the exact same problem and can't fix it.
Can someone give a step by step procedure to fix the problem ?
Or maybe correct MSVC workspace exist somewhere ?
btw: Compiling works OK when using the make file. It only fails as explained
below when using MSVC workspace.
--
[EMAIL PROTECTED]
Th
No (with qualifications). If the server sends you the entire
certificate chain, then yes you can retrieve the root certificate
since it was sent to you.
If the server only sends you it's certificate, then all you have is
the server's pubic key digitally signed by the issuer. The issuer's
Many thanks Paul Franz and Andy Polyakov for their input also.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gill, Prabhprit
(Prabh)
Sent: 02 June 2005 16:02
To: openssl-users@openssl.org
Subject: RE: AIX-64-bit build
FYI, 0.9.7g builds and executes f
FYI, 0.9.7g builds and executes fine on AIX, in 64-bit mode (aix64-cc).
Thanks to Peter Waltenberg for all his help.
Cheers,
Prab.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Li
Hello:
I wrote a BIGNUM into a file using the function:
int BN_print_fp(FILE *fp, const BIGNUM *a);
But, How I can read this bignum from this file?. I don´t know a openssl
function to read a bignum from a file.
Thanks.
___
Thanks pj, the code was real helpful.
Just one minor clarification, once a call to SSL_renegotiate is made,
should I check the protocol status by calling SSL_accept (mine is server)
within the while loop you have? I have gone into an "accept_pending"
state and calling SSL_accept until it returns w
I have just tried the option -DPURIFY and unfortunately it does not
help. I still have hundreds of " Conditional jump..." and "Use of
uninitialised value...".
Any other suggestion would be greatly appreciated. :)
Alexis
Nils Larsch a écrit :
Alexis Lefort wrote:
Hello all,
I develeopped
"Dr. Stephen Henson" <[EMAIL PROTECTED]> a écrit :
On Wed, Jun 01, 2005, Julien VEHENT wrote:
Hi all,
I'm having an OCSP Responder on my CA and i want to use it in order
to generate
CRL's on others servers.
So the idea is:
+-+
| CA &|>(3)>
|ocsp
Alexis Lefort wrote:
Hello all,
I develeopped a server which seems to work quite fine. When I use
Valgrind to check for problems, it returns me thousands of problems wich
seems to be caused by the OpenSSL librairie!
follows some of the returns:
==23622== Syscall param write(buf) points to unin
Hi I did the same thing yesterday myself but because I wanted to implement a
timeout solution as well as quick shutdown of my COM object via object
notification. You might be able to hack my work ... this is what I came up
with... It takes a blocking socket, makes it un-blocking... negotiates with
Hello all,
I develeopped a server which seems to work quite fine. When I use
Valgrind to check for problems, it returns me thousands of problems wich
seems to be caused by the OpenSSL librairie!
follows some of the returns:
==23622== Syscall param write(buf) points to uninitialised byte(s)
==23
22 matches
Mail list logo
