I've compiled Apache 2.0.59 with OpenSSL 0.9.9[dev].
The server can run well with RSA cert but when I tried to run it with ECC cert,
the server refused to start.
Log files are showing:
[Fri Nov 03 14:52:20 2006] [info] Init: Initializing OpenSSL library
[Fri Nov 03 14:52:20 2006] [info] Init: See
I am a newbie to openssl, and dont know what your problem actually is!But if you want to use locks this may help:include the pthread.h, ofcourse you already do that.create a mutex:pthread_mutex_t mut;initialize it:pthread_mutex_init(&mut, NULL);From now on, you can create critical sections using lo
> This helps. Thanks. Also, checking if the certificate is issued/signed
> by a certificate authority that I trust is done during the call to
> SSL_connect/accept right? At least it seems to be.
SSL_get_verify_result will let you know if the certificate is well-formed,
properly signed, and iss
Then what is the right API to do signature verification ?
thanks,
-wenwu
On 11/2/06, Olaf Gellert <[EMAIL PROTECTED]> wrote:
Krishna Prasad wrote:
> You can check for the Authority Key Identifier and in that the certificate
> serial number of the issuer.
No, that's not enough. Authority Key Id
Hello,
> Prabbu/Marek/Chong
> I have a SSL server application. It creates threads for each client
> connection.
> My server call accept(). After the sock = accept() return, I put SSL on
> sock, spin-off a thread for that client. All socks share the same 'ctx'
> in the server. How do I lock SSL ob
Prabbu/Marek/Chong
I have a SSL server application. It creates threads for each client
connection.
My server call accept(). After the sock = accept() return, I put SSL on
sock, spin-off a thread for that client. All socks share the same 'ctx'
in the server. How do I lock SSL object 'ctx' properly
This helps. Thanks. Also, checking if the certificate is issued/signed
by a certificate authority that I trust is done during the call to
SSL_connect/accept right? At least it seems to be.
I guess I should check the Apache configuration to see how they do it.
I basically want to model my server
Marek/Chong,
Thanks for your reply.
As Marek poited out the issue was in the way mutithreading was achieved in
server. The locking of SSL context objects 'ctx' was not done properly. The
issue is solved now.
Chong ,
I tried using sslv23_server_method but it didn't help .
- Original Mess
Dear list,I used the "ecdhtest.c" file as starting point to write a small test application to do ECDH key exchange over a network. In order to encode the peer's public keys in a TCP message I used the i2d_EC_PUBKEY_bio functions to write the
public keys to memory BIOs, and from the BIOs to the TCP
Krishna Prasad wrote:
> You can check for the Authority Key Identifier and in that the certificate
> serial number of the issuer.
No, that's not enough. Authority Key Identifier
is only to FIND the issuer certificate. After
you found one or more certificates matching
the Authority Key Identifier,
Hi,
Edward Chan wrote:
> I want to verify that whoever the client is claiming to be, is actually
> allowed to connect. However, I don't know where to find this
> information in the cert. Are there standard fields where this
> information can be found. For example, in the book, "Network Security
I will do so, thank you :)
Alexis
Dr. Stephen Henson a écrit :
Don't post in HTML.
Easiest option is to call d2i_PKCS12() and friends and see if you get an
error.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
12 matches
Mail list logo
