> > Real-world servers already do this. It's kind of redundant
> > for OpenSSL to
> > do this as well because almost all applications also support non-SSL
> > connections. A renegotiation callback might not be a bad idea though, so
> > that applications can better track the load clients are pl
On 5/12/06, Parind Shah <[EMAIL PROTECTED]> wrote:
That works Chris.
Obviously I'm missing a step, can you please tell me what did you do to
build the static version of 64 bit binaries? I want to be able to build
them and not keep bothering you.
Thanks again,
Parind.
-Original Message
That makes sense. Thank you Steve."Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: On Fri, May 12, 2006, John Pattern wrote:> Two questions:> > 1. Why OCSP_cert_to_id requires two certificates? Basically it should > require only the certificate to be checked to construct an OCSP > request, right?>
On Fri, May 12, 2006, John Pattern wrote:
> Two questions:
>
> 1. Why OCSP_cert_to_id requires two certificates? Basically it should
> require only the certificate to be checked to construct an OCSP
> request, right?
>
The certificate identifier needs the issuerNameHash, issuerKeyHash
Hi,I want to use openssl on a Montavista linux for a embedded ARM 9. Is it possible?I'm
using CentOS 4 to compile for the Montavista using a cross-compiler
supplied by Montavista, but I can't setup the make file to do this. The Configure offers no options for arm-linux. How do I compile it?Thanks,E
The following is from RFC 2560: 2.1 Request An OCSP request contains the following data: -- protocol version -- service request -- target certificate identifier -- optional extensions which MAY be processed by the OCSP Responder Upon receipt of a request, an OCSP Responder determines
Hi,I want to use openssl on a Montavista linux for a embedded ARM 9. Is it possible?I'm
using CentOS 4 to compile for the Montavista using a cross-compiler
supplied by Montavista, but I can't setup the make file to do this. The Configure offers no options for arm-linux. How do I compile it?Thanks,E
OpenSSL version 0.9.8b:
---
[EMAIL PROTECTED]() + 0x11
[EMAIL PROTECTED]() + 0x238
[EMAIL PROTECTED]() + 0x1ee
[EMAIL PROTECTED]() + 0x48
MyApp.exe!_RAND_poll() + 0x467
---
Tried calling RAND_poll() early, when there is still only one thread, but
that didn't seem to help.
Hello,
> I want to use openssl only client and server certificate files.
> and don't encrypt in SSL_read and SSL_write...(like plaintext)
>
> then, i set "NULL", "NULL-MD5", "NULL-SHA" in client and server
> program(SSL_set_cipher_list). but ssl handshake error occur at
> SSL_connect and SSL_accep
Hello,
> > You can, for example, test this with command:
> >
> > "while true; do echo R; done | openssl s_client -connect ssl_host:443"
> >
> > Maybe there should be added something like "renegotiation_rate" ?
>
> Real-world servers already do this. It's kind of redundant for OpenSSL
> to
>
On Sat, May 13, 2006 at 04:25:15AM +0900, nisato wrote:
> I want to use openssl only client and server certificate files.
> and don't encrypt in SSL_read and SSL_write...(like plaintext)
>
> then, i set "NULL", "NULL-MD5", "NULL-SHA" in client and server
> program(SSL_set_cipher_list). but ssl ha
I want to use openssl only client and server certificate files.
and don't encrypt in SSL_read and SSL_write...(like plaintext)
then, i set "NULL", "NULL-MD5", "NULL-SHA" in client and server
program(SSL_set_cipher_list). but ssl handshake error occur at
SSL_connect and SSL_accept.(in this test cas
> You can, for example, test this with command:
>
> "while true; do echo R; done | openssl s_client -connect ssl_host:443"
>
> Maybe there should be added something like "renegotiation_rate" ?
Real-world servers already do this. It's kind of redundant for OpenSSL
to
do this as well becau
On Mon, Mar 13, 2006 at 09:27:49PM +0100, Goetz Babin-Ebell wrote:
> [EMAIL PROTECTED] schrieb:
> > Pretty much confirm what I thought. The OPENSSL API is so rich and I
> > havn't touch it (web server) in a while, I figured it wouldn't hurt to ask.
>
> An alternative would be one host certificat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lee Colclough schrieb:
> Hi,
Hello Lee,
> I have created a client/server app that talks via SOAP using SSL.
>
> Generating the certificates is fine provided the commonName is just for
> the machine on which a particular server is running. I would l
Hello,
When testing renegotiation I noticed that client at any time
(in most cases) may start renegotiation process - that is ok :-)
In renegotiation, most time-consuming part for server is
decrypting client pre-shared-key with its RSA private key
(very slow and time-consuming comparing to RSA pub
That works Chris.
Obviously I'm missing a step, can you please tell me what did you do to
build the static version of 64 bit binaries? I want to be able to build
them and not keep bothering you.
Thanks again,
Parind.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> 1. Why OCSP_cert_to_id requires two certificates? Basically it should
> require only the certificate to be checked to construct an OCSP
> request, right?
Perhaps you should read the OCSP RFC.
/r$
--
SOA Appliances
Application Integration Middleware
Two questions: 1. Why OCSP_cert_to_id requires two certificates? Basically it should require only the certificate to be checked to construct an OCSP request, right? 2. When OCSP_basic_verify returns 0 does that mean a success or failure? Any comments are appreciated. Thanks.John Pattern
Hi,
I have created a client/server app that talks via SOAP using
SSL.
Generating the certificates is fine provided the commonName
is just for the machine on which a particular server is running. I would like
to generate a certificate that works for all copies of my server applicati
Hi,
You can find products by seach engine using the phrase below.
"This product includes software developed by the OpenSSL Project for use
in the OpenSSL Toolkit."
BEA WebLogic does not use OpenSSL because it uses BSAFE CRYPTO-J.
Best regards,
Yoshiki FUKUBA
> -Original Message-
> Fr
Hello,
>
>
> openssl x509 -modulus -noout -in mycert.crt -out mymod.txt
>
> to output the modulus to the specified "out" file just like all other
> x509 commands with -out specified. It does not. Anybody know how to
> get the modulus sent to a file?
>
> openssl x509 -modulus -noout -in myc
I know Oracle's OTM (Oracle Transportation Management) product includes
OpenSSL for https.
Paul Franz
Bo Xie wrote:
Hi,
Where can I find information about "what commercial product has used
openSSL"(e.g., Microsoft, BEA, IBM, Oracle)? Thank you!
Best Regards,
Xie, Bo
_
A "simple basic question" about usable text in a pass phrase used to
protect my private key.
Well, it's not really openssl specific, but I imagine that the community
here should have an answer.
Imagine I'm using softwares "unicode aware", and then I'm used to use
greek, cyrilic and arabic characte
Hi, I've wrote a
pair of SSL client/server program on my PC.It's part of my graduate
work.But now I must test the programs to prove they fit the initial
demands, like security aspect for example.Can anybody tell me what kind of
tools or programs can do this? My programs are running on win2000.
25 matches
Mail list logo
