Hi there,
and hello world! -- I've been using OpenSSL for a long time
through Apache and SSH (client/server)... But I would now like to
program with it. I would like to use it in my own projects, however,
I've been looking through the archive and the website and was
unsuccessful at finding a
On Mon, May 22, 2006 at 08:47:50PM +0200, Marek Marcola wrote:
> > In my case I don't know who the special clients are, until they send
> > their credentials. Only the clients know in advance that they are special.
> >
> > Is it possible for a client to unilaterally provide credentials without
>
Best regards,
> So where's the documentation?
Look at apps/s_server.c and apps/s_client.c for an example.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.
Hello,
> In my case I don't know who the special clients are, until they send
> their credentials. Only the clients know in advance that they are special.
>
> Is it possible for a client to unilaterally provide credentials without
> the server explicitly requesting them? If that were possible, I
So where's the documentation?
I don't find any mention in openssl(1), ssl(3) or crypto(3).
Thanks,
Hank Cohen
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
> Sent: Monday, May 22, 2006 10:01 AM
> To: openssl-users@openssl.org
> Sub
I see that the padding bug work-around incompatibility issue with zlib
is slated to be fixed in 0.9.8c. At that point I see no critical reason
to not enable "zlib" support in our internal 0.9.8c build.
RFC 3749 says:
However, combining compression with encryption can sometimes reveal
infor
On Mon, May 22, 2006 at 07:43:15PM +0200, Marek Marcola wrote:
> When server sends CertificateRequest to client, client may ignore
> this or respond with full client authentication.
>
> Some other application use different way in authentication clients.
> When client connects, there is no need to
Hello,
> > You may control requesting from client his certificate
> > with SSL_CTX_set_verify()/SSL_set_verify() with flags
> > SSL_VERIFY_PEER and SSL_VERIFY_FAIL_IF_NO_PEER_CERT.
> > For example you may request from client certificate
> > (SSL_VERIFY_PEER) but not drop connection if none
> > is
Hello,
> Is there any effort underway to implement Datagram TLS (DTLS) in
> OpenSSL?
It is implemented.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
Is there any effort underway to implement Datagram TLS (DTLS) in
OpenSSL?
DTLS is RFC 4347.
Thanks,
Hank Cohen
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On Mon, May 22, 2006 at 05:26:23PM +0200, Marek Marcola wrote:
> Hello,
> > Would this also happen when the client's private key does not match
> > the certificate?
> Yes, of course.
> If client sends to server "incompatible" certificate (public key)
> than RSA decryption will succeed (I mean RSA
Hello,
> If client sends to server "incompatible" certificate (public key)
> than RSA decryption will succeed (I mean RSA_public_decrypt())
> but result will have no sense.
My mistake, I should write:
I mean in RSA_public_decrypt(), BN_mod_exp_mont() will succeed
(real RSA decryption) but removing
Hello,
> Would this also happen when the client's private key does not match
> the certificate?
Yes, of course.
If client sends to server "incompatible" certificate (public key)
than RSA decryption will succeed (I mean RSA_public_decrypt())
but result will have no sense.
Good point :-)
With OpenSS
On Mon, May 22, 2006 at 01:55:48PM +0200, Marek Marcola wrote:
> > May 21 22:56:34 hqvsbh1 postfix-edmz/smtpd[923]:
> > warning: TLS library problem: 923:error:0407006A:
> > rsa routines:RSA_padding_check_PKCS1_type_1:
> > block type is not 01:rsa_pk1.c:100:
> > May
Those referenced statements are for specific platforms which do NOT use
openSSL for SSL operation with IBM products.
Harakiri wrote:
--- "Steven A. Bade" <[EMAIL PROTECTED]> wrote:
the IBM 4758 card.
The engine code you refer to was not done by IBM as
far as I know, I
believe it w
Hi ,I was looking for a client which can support my https server which uses ECDSA. I have looked into http://dev.experimentalstuff.com:8082/mozilla/index.html
but the link to download the binaries are down. If anyone can provide me a browser with that cipher suite supported so that a handshake wit
Hello,
> Anyone have any insight into these? Server (my side) is OpenSSL 0.9.8i.
> My server requests client certificates. The client is likely also
> Postfix, and thus probably also uses OpenSSL, no idea what version the
> client is using. The error is not intermittent, every connection from
> thi
17 matches
Mail list logo
