On Thu, Nov 10, 2005, david kine wrote:
> Okay, I solved this problem in a very unexpected way.
>
> First of all, I was using s_server incorrectly. I
> neglected to add -CAfile. Doing so caused my
> application to get the error "23: certificate revoked"
> as expected.
>
> However, accessing se
Okay, I solved this problem in a very unexpected way.
First of all, I was using s_server incorrectly. I
neglected to add -CAfile. Doing so caused my
application to get the error "23: certificate revoked"
as expected.
However, accessing servers which were NOT revoked
still produced the error "3:
On Thu, Nov 10, 2005, Steffen Fiksdal wrote:
>
>
> I have tried to get this error on my other linux box, a uniprocessor non
> SMP Linux kernel, without luck.
>
> So I experience the error in a few occations on the SMP kernel, but not on
> the uniprocessor non SMP Linux kernel.
>
> When I mut
On Thu, Nov 10, 2005, david kine wrote:
> I tried your suggestion to set only
> X509_V_FLAG_CRL_CHECK, but unfortunately it did not
> help. Attempting to connect to ANY secure server
> still causes the same "unable to get certificate CRL"
> error.
>
> I know that the CRL is loaded successfully,
Title: krb5.h referenced when "no-krb5" specified on >config<
Trouble installing openldap with openssl.
"krb5.h" is referenced from ssl.h even when
"no-krb5" specified on call to >config<.
ssl.h contains:
#include
kssl.h contains:
#include <<--- this file missing
I insta
I tried your suggestion to set only
X509_V_FLAG_CRL_CHECK, but unfortunately it did not
help. Attempting to connect to ANY secure server
still causes the same "unable to get certificate CRL"
error.
I know that the CRL is loaded successfully, because I
can later extract it from the SSL_CTX and pri
Hi Warrick,
For sendmail verify TLS: openssl s_client -starttls
smtp -showcerts -connect MTA.FQDN:25
~R.Gordey
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Warrick FitzGerald
Sent: Wednesday, November 09, 2005
8:38 PM
To: openssl-users@openssl.org
Joe Orton, from the mod_ssl list, submitted this perl script.
His original post:
http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
Works Great!
#!/usr/bin/perl -w
#
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
# Run as ./mkcabundle.pl > ca-bundle.crt
#
my $c
On Thu, Nov 10, 2005, Steffen Fiksdal wrote:
On Thu, Nov 10, 2005, Steffen Fiksdal wrote:
I have investigated some more on this issue.
I have traced the problem down to the MONT_HELPER call int the
RSA_eay_public_decrypt function in file rsa_eay.c.
If I mutex this call everything works fi
Title: Why is it necessary to specify "--no-krb5" when installing?
I am trying to install openssl for use with openldap.
My install lines for openssl are as follows: version is 0.9.8a
./config shared --prefix=/usr/local --openssldir=/usr/local/openssl
make clean; make; m
I have forgotten one thing, the call to SSL_connect() returns "-1", and
SSL_get_error() returns SSL_ERROR_SYSCALL.
The error string is empty and errno is NULL.
Alexis Lefort wrote:
Hi list,
When my client (0.9.8a) tries to connect (SSL_connect) to an "openssl
s_server"(0.9.7g) (openssl
On 2005.11.09 at 20:50:39 -0500, Victor Duchovni wrote:
> On Wed, Nov 09, 2005 at 08:38:02PM -0500, Warrick FitzGerald wrote:
>
> > Hi Guys,
> >
> > I'm trying to test a connection to a TLS enabled SMTP server. Is it
> > possible to use use OpenSSL to setup the TLS sessison and then interact
> >
Hi list,
When my client (0.9.8a) tries to connect (SSL_connect) to an "openssl
s_server"(0.9.7g) (openssl s_server -cert server_cert.pem -key
server_priv_key.pem), the server crashes:
gethostbyname failure
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotia
On Thu, Nov 10, 2005, Steffen Fiksdal wrote:
>
> >On Thu, Nov 10, 2005, Steffen Fiksdal wrote:
> >
> >>
> >>I have investigated some more on this issue.
> >>I have traced the problem down to the MONT_HELPER call int the
> >>RSA_eay_public_decrypt function in file rsa_eay.c.
> >>If I mutex this ca
On Thu, Nov 10, 2005, Steffen Fiksdal wrote:
I have investigated some more on this issue.
I have traced the problem down to the MONT_HELPER call int the
RSA_eay_public_decrypt function in file rsa_eay.c.
If I mutex this call everything works fine, if I don't the verifications
failes in a few
On Thu, Nov 10, 2005, Steffen Fiksdal wrote:
>
> I have investigated some more on this issue.
> I have traced the problem down to the MONT_HELPER call int the
> RSA_eay_public_decrypt function in file rsa_eay.c.
> If I mutex this call everything works fine, if I don't the verifications
> failes
On Wed, Nov 09, 2005 at 03:27:18PM +, Katie Lucas wrote:
> When I read the requests subject, I get a non-null pointer. Which
> crashes any of the X509 name functions I pass it to..
*sigh*
Ok, we have found this. Apparently, we have multiple versions of
openssl in various places on this machi
On Wed, Nov 09, 2005, Steffen Fiksdal wrote:
I am investigating, and will come back when I find out what happens.
OK, I'd suggest placing a couple of calls in the rsa_pk1.c file which dumps
out the public key and the block it is attempting to decrypt.
Then see if the public/key and/or th
Warrick FitzGerald wrote:
> Is there somewhere that you can download a package of all currently
> "trusted" CA's. I know this is a very broad question, as who defines who
> the trusted ones are.
>
> I was just thinking that since vendors like $MS have a list of standard
> trusted CA's, that the Op
19 matches
Mail list logo
