I am trying to use openssl to send mail to machines using Apple's
Mail. I'm running the following commands:
openssl smime -encrypt -in test.txt -from [EMAIL PROTECTED] -to
[EMAIL PROTECTED] -subject "Test" -des3 -out test.msg my-crt.pem
I can decrypt the message with:
openssl smime -decrypt
> > calling SSL_write
> > after SSL_write: write 6 bytes, 0
> > select returned 1 fd, read: 1, write 0
> > calling SSL_read
> > SSL_connect:SSL renegotiate ciphers
> > SSL_connect:SSLv3 write client hello A
> > SSL_connect:error in SSLv3 read server hello A
> > after SSL_read: 9 bytes, 0
> Interest
> > I always call SSL_pending() before going into select(), as far as I
> > understand that should be sufficient. Anyways, the server is not hanging
> > in select(), it is definitely inside SSL_read().
>
> Is your socket non-blocking?
No, socket is blocking. When I run s_client in non-blo
Hello,
> I think there is a bug in the library... I've added some debug printouts
> to s_client and here is what I get:
>
> calling SSL_write
> after SSL_write: write 6 bytes, 0
> select returned 1 fd, read: 1, write 0
> calling SSL_read
> SSL_connect:SSL renegotiate ciphers
> SSL_connect:SSLv3
> I always call SSL_pending() before going into select(), as far as I
> understand that should be sufficient. Anyways, the server is not hanging
> in select(), it is definitely inside SSL_read().
Is your socket non-blocking?
DS
_
> > I always call SSL_pending() before going into select(), as far as I
> > understand that should be sufficient. Anyways, the server is not hanging
> > in select(), it is definitely inside SSL_read().
> Ok, just checking :-)
I think there is a bug in the library... I've added some debug printo
Hello,
Something strange ...
>SSL_connect:before/connect initialization
>write to 0809F258 [080CB018] (50 bytes => 50 (0x32))
> - 16 03 01 00 2d 01 00 00-29 03 01 44 89 53 50 73 -...)..D.SPs
>0010 - f1 a1 eb 84 f0 48 1c 70-a2 2b b6 70 9d 5a 0f 9e .H.p.+.p.Z..
>0020 - fe ed 04 e7 b5 c9
Title: 코리아 메일 - 대한민국 대표메일의 자부심
Hello,Here is the output with -tls1 and -cipher AES128-SHACONNECTED(0003)SSL_connect:before/connect initializationwrite to 0809F258 [080CB018] (50 bytes => 50 (0x32)) - 16 03 01 00 2d 01 00 00-29 03 01 44 89 53 50 73
Title: 코리아 메일 - 대한민국 대표메일의 자부심
Hello,Here is the output with -tls1 and -cipher AES128-SHACONNECTED(0003)SSL_connect:before/connect initializationwrite to 0809F258 [080CB018] (50 bytes => 50 (0x32)) - 16 03 01 00 2d 01 00 00-29 03 01 44 89 53 50 73
Hello,
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client key exchange A
..
..
> ---
> No client certif
Here is the stuff prior to the snip.
openssl s_client -connect 192.168.1.5:636 -state -CAfile
/etc/ldap/tls/cacert.pem -cert /etc/ldap/tls/servercert.pem -key
/etc/ldap/tls/serverkey.pem
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
S
Hello,
SSL2 client_hello looks good:
01 - client_hello
03 01 - tls1 version proposition
00 63 - length of ciphers (99 - ok)
00 00 - length of session id
00 20 - length of client random (32 bytes)
00 00 39 - ciphers
00 00 38
00 00 35
00 00 16
00 00 13
00 00 0a
07 00 c0
00 00 33
00 00 32
00 00 2f
Hello,
> I think I'm always handling WANT_* returns.
>
> I always call SSL_pending() before going into select(), as far as I
> understand that should be sufficient. Anyways, the server is not hanging
> in select(), it is definitely inside SSL_read().
Ok, just checking :-)
Best regards,
--
M
> > Would appreciate any advice on how to procede with debugging this.
> As usual my suggestion is to add "-msg -debug" options to get more
> information from openssl s_client.
I get a bunch of binary data displayed but it seems to stop on the same
line:
SSL_connect:SSLv3 read finished A
I'm now
Hello,
I am trying to build a C++ application using OpenSSL-fips-1.0. The
application compiles and runs fine (sans FIPS_mode_set()) when simply
compiled using g++.
However, when "CC=gcc fipsld" is used, the following error results:
/usr/local/ssl/bin/../lib/fips_premain.c:66: error: initial
Hello,
>And here is openssl s_client result with "-msg -state -debug"
Try to add "-tls1" option and send result logs.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Projec
Title: 코리아 메일 - 대한민국 대표메일의 자부심
Hello,Thank you for the comments.I got the same failures as before withSSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);and/orSSL_CTX_set_cipher_list(ctx,"AES128-SHA");And here is openssl s_client result with "-msg -state -debug"=CONNECTED(0003)
Hello,
> Would appreciate any advice on how to procede with debugging this.
As usual my suggestion is to add "-msg -debug" options to get more
information from openssl s_client.
On server you may check auto-retry option:
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
this may help if not corr
I have a custom server and openssl s_client -state -ssl3 connecting to it.
The server uses blocking TCP sockets, no BIO.
It all seems to be working fine. Now I'm trying to change the server to
force renegotiations. The server uses select to determine when to start
reading. When it is about to
On 9 Jun 2006 Dr. Stephen Henson wrote:
> > - If not, is there some documentation on the minimum information
> > needed in the config file to create a CSR, so that I can create a
> > basic one rather than replicating every field in the default file?
>
> http://www.openssl.org/docs/ap
On 9 Jun 2006 Richard Salz wrote:
> > - Am I correct that the only way to do this is to put the various
> > values into openssl.cfg? Or is there a way to pass them on the
> > command line?
>
> You can use the ENV:: construct to read them from the environment.
Thanks. Good to know b
Thank you very much! -DavidVictor Duchovni <[EMAIL PROTECTED]> wrote: On Fri, Jun 09, 2006 at 12:25:52AM +0200, Goetz Babin-Ebell wrote:> -BEGIN PGP SIGNED MESSAGE-> Hash: SHA1> > david kine schrieb:> Hello David,> > > One more question: how do I, using the CA.pl script, generate a> >
> - Am I correct that the only way to do this is to put the various
> values into openssl.cfg? Or is there a way to pass them on the
> command line?
You can use the ENV:: construct to read them from the environment.
> - If I have to use the config file, is there any way to speci
You can write a callback function to
perform specific checks you need and
use SSL_CTX_set_verify() to set up
the callback mechanism.
Hope this helps,
Padma
--- GUIRY Aroun <[EMAIL PROTECTED]> wrote:
> Hi all
>
> I am doing a https client in C language. And I would
> like to know if
> there
Hello,
You may try to disable ssl2 handshake with:
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
Try setting (for test):
SSL_CTX_set_cipher_list(ctx,"AES128-SHA");
If this will fail too send output of "openssl s_client"
connecting to your server with parameters "-msg -state -debug".
>I'm attaching a shar file file of the scripts I've used a couple of
times.
It would help to acdtually do the attachment...
/r$
--
SOA Appliances
Application Integration Middleware
scripts.shar
Description: Binary data
Title: 코리아 메일 - 대한민국 대표메일의 자부심
Hi,I have jsse server and openssl client, but I can't connect my client to server due to handshake failure.Server support TLSv1 and ADH-AES128-SHA, so I use SSLv23_method and SSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA").Here is java side log
Hello,
> i see...
> snip
> LS trace: SSL_accept:SSLv3 flush data
> connection_read(12): unable to get TLS client DN, error=49 id=0
> snip-
Can you send ~20 lines before first -snip- ?
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
___
On Fri, Jun 09, 2006 at 07:18:30AM -0500, [Yatta] wrote:
> snip
> LS trace: SSL_accept:SSLv3 flush data
> connection_read(12): unable to get TLS client DN, error=49 id=0
> snip-
>
> Why is that???
>
> ---
> No client certificate CA names sent
The server is not asking for client
On Fri, Jun 09, 2006, [EMAIL PROTECTED] wrote:
>
> - If not, is there some documentation on the minimum information
> needed in the config file to create a CSR, so that I can create a
> basic one rather than replicating every field in the default file?
>
Yes:
http://www.openssl.or
I've been struggling with this for sometime please point me in
the right direction.
I'm trying to add SSL to my LDAP.. I;ve created the certs and signed them.
i run ldapsearch with -Z and - ZZ i get a response.
When i look run slapd in debug mode:
/usr/sbin/slapd -h 'ldap://minime.enigmatic.
OpenSSL 0.9.8a on Windows (test system).
OpenSSL 0.9.7c or greater on Linux (production system).
I need to generate a CSR without prompting the user (I am getting the
info from an HTML form). A couple of questions on this:
- Am I correct that the only way to do this is to put the various
Hi,
The 1095 bits specify the key length . For bublic key cryptography we need two keys for encryption and decryption(public and private),these keys are generated by the following procedure
Generate two large random primes, p and q, of approximately equal size such that their product n = pq is
Hi,
The 1095 bits specify the key length . For bublic key cryptography we need two keys for encryption and decryption(public and private),these keys are generated by the following procedure
Generate two large random primes, p and q, of approximately equal size such that their product n = pq is
34 matches
Mail list logo
