David Schwartz wrote:
David Schwartz wrote:
/* This is just one of the tests I have tried */
FD_ZERO(&rfds);
FD_SET(acceptSock, &rfds);
FD_ZERO(&wfds);
FD_SET(acceptSock, &wfds);
FD_ZERO(&rfds);
FD_SET(acceptSock, &efds);
do
On Thu, Sep 13, 2007, Loukas Stoumbos wrote:
> Thank you for you help, Dr Stephen Henson. I have another question for
> everyone though. Windows doesn't necessarily seem to work with file
> descriptors. How should I treat them if Windows doesn't have it? What is
> returned instead on a windows mac
Thanks, for the inputs.
But theres a problem considering SHA1 isn't correct the cert could be sha256.
is there a way the X509 has a fn that would return the cert thumbprint.
and even before that is the cert thumbprint same as public key hash ?
From: [EMAIL PROTECTED]
To: openssl-users@openssl
Here is some code to help you get started with creating a finger print.
X509 *tempCert;
EVP_MD *tempDigest;
unsigned char tempFingerprint[EVP_MAX_MD_SIZE];
unsigned int tempFingerprintLen;
tempCert = SSL_get_peer_certifi
Thank you for you help, Dr Stephen Henson. I have another question for
everyone though. Windows doesn't necessarily seem to work with file
descriptors. How should I treat them if Windows doesn't have it? What is
returned instead on a windows machine?
-Original Message-
From: [EMAIL PROTECT
On Thu, Sep 13, 2007, Loukas Stoumbos wrote:
>
>
> I appreciate the reply but perhaps someone can provide some insight. Looking
> at the man page it says this.
>
> BIO_set_nbio() sets the non blocking I/O flag to n. If n is zero then
> blocking I/O is set. If n is 1 then non blocking I/O is set
On Thu, Sep 13, 2007, k b wrote:
>
> Hi,
> i'm interested in getting the certificate thumbprint, how do i get it from a
> x509 structure ?
>
> is the thumbprint the public key hash.
> if so is there an easier way to getting it, other than first getting the
> public key and then hashing it.
>
Richard Hartmann wrote:
> On 13/09/2007, Rodney Thayer <[EMAIL PROTECTED]> wrote:
>
>
>> Why XMLRPC instead of any of the existing online enrollment protocols?
>
> Well, the main reason is that, like it or not, XMLRPC is developing into
> a kind of lingua franca when it comes to interoperability
Hi,
i'm interested in getting the certificate thumbprint, how do i get it from a
x509 structure ?
is the thumbprint the public key hash.
if so is there an easier way to getting it, other than first getting the public
key and then hashing it.
thanks any info would be appreciated !
Kunal
_
Darryl Miles wrote:
Florian Schnabel wrote:
spider:/opt/openssl-0.9.8e-etch/apps# gcc -DMONOLITH -I.. -I../include
-DOPENSSL_THREADS -D_REENTRANT \
> -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall \
> -DMD32_REG_T=int -DMD5_ASM -c -o s_server.o s_server.s
s_server.s: Assemb
On 13/09/2007, Rodney Thayer <[EMAIL PROTECTED]> wrote:
> Why XMLRPC instead of any of the existing online enrollment protocols?
Well, the main reason is that, like it or not, XMLRPC is developing into
a kind of lingua franca when it comes to interoperability. The easy
availablity of TLS for thi
Thanks Merek. I have compiled a somewhat working version of it. Hope to
complete by tomorrow
Thanks for Matrix SSL
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
> Thanks Merek. Will start working on this. Any docs that might have
> implementations of t
> David Schwartz wrote:
> >>/* This is just one of the tests I have tried */
> >> FD_ZERO(&rfds);
> >> FD_SET(acceptSock, &rfds);
> >> FD_ZERO(&wfds);
> >> FD_SET(acceptSock, &wfds);
> >> FD_ZERO(&rfds);
> >> FD_SET(acceptSock, &efds);
> >>
On Thu, Sep 13, 2007 at 02:45:38PM -0400, Jim Marshall wrote:
> >You are telling select *how-many* bits of the bitmask to use, not the
> >highest numbered fd.
I should have said, "one tells select()" not "you are telling select",
sorry. The n+1 usage is correct, because this is the number of bits
Victor Duchovni wrote:
On Thu, Sep 13, 2007 at 02:09:20PM -0400, Jim Marshall wrote:
Pardon my ignorance, but why do you need to specify acceptSock+1? I
tried this and it fixed the problem, but I don't understand why.
This is described in the select() manpage.
So it is:
"nfds is the highes
I appreciate the reply but perhaps someone can provide some insight. Looking
at the man page it says this.
BIO_set_nbio() sets the non blocking I/O flag to n. If n is zero then
blocking I/O is set. If n is 1 then non blocking I/O is set. Blocking I/O is
the default. The call to BIO_set_nbio() sh
On Thu, Sep 13, 2007 at 02:09:20PM -0400, Jim Marshall wrote:
> >>Pardon my ignorance, but why do you need to specify acceptSock+1? I
> >>tried this and it fixed the problem, but I don't understand why.
> >
> >This is described in the select() manpage.
> >
> So it is:
> "nfds is the highest-num
Victor Duchovni wrote:
On Thu, Sep 13, 2007 at 01:08:06PM -0400, Jim Marshall wrote:
Victor Duchovni wrote:
On Wed, Sep 12, 2007 at 11:48:42PM -0700, David Schwartz wrote:
/* This is just one of the tests I have tried */
FD_ZERO(&rfds);
FD_SET(acceptSock, &rfds);
On Thu, Sep 13, 2007 at 10:26:29AM -0700, Rodney Thayer wrote:
> Victor Duchovni wrote:
>
> >> do implementations do the dns reverse lookup thing
> >
> > No, obtaining the correct peer name to check in certificates is the
> > responsibility of the application, not the library.
>
> not correct
Hello,
> I am looking for a way to convert this segment of code. It’s probably
> not right but here is the question. How would I retrieve the socket
> pointer from OpenSSL. Does OpenSSL even provide this? Also what does
> OpenSSL provide as a return from function SSL_get_fd when using
> Windows?
>
Richard Hartmann wrote:
> Hi all,
>
> I am looking for existing implementation of a CA that supports external
> APIs. Ideally, it should be able to speak XMLRPC or, at least, offer
> an API.
Why XMLRPC instead of any of the existing online enrollment protocols?
Not that I am trying to defend the
Victor Duchovni wrote:
>> do implementations do the dns reverse lookup thing
>
> No, obtaining the correct peer name to check in certificates is the
> responsibility of the application, not the library.
not correct. "openssl s_client" is part of openssl, and it doesn't
offer sample code to do
On Thu, Sep 13, 2007 at 01:08:06PM -0400, Jim Marshall wrote:
> Victor Duchovni wrote:
> >On Wed, Sep 12, 2007 at 11:48:42PM -0700, David Schwartz wrote:
> >
> >>> /* This is just one of the tests I have tried */
> >>> FD_ZERO(&rfds);
> >>> FD_SET(acceptSock, &rfds);
> >>>
Steve Thompson wrote:
On Thu, 13 Sep 2007, Victor Duchovni wrote:
On Wed, Sep 12, 2007 at 11:48:42PM -0700, David Schwartz wrote:
/* This is just one of the tests I have tried */
FD_ZERO(&rfds);
FD_SET(acceptSock, &rfds);
FD_ZERO(&wfds);
FD_SET(accept
Victor Duchovni wrote:
On Wed, Sep 12, 2007 at 11:48:42PM -0700, David Schwartz wrote:
/* This is just one of the tests I have tried */
FD_ZERO(&rfds);
FD_SET(acceptSock, &rfds);
FD_ZERO(&wfds);
FD_SET(acceptSock, &wfds);
FD_ZERO(&rfds);
David Schwartz wrote:
/* This is just one of the tests I have tried */
FD_ZERO(&rfds);
FD_SET(acceptSock, &rfds);
FD_ZERO(&wfds);
FD_SET(acceptSock, &wfds);
FD_ZERO(&rfds);
FD_SET(acceptSock, &efds);
do {
/*
I am looking for a way to convert this segment of code. It's probably not
right but here is the question. How would I retrieve the socket pointer from
OpenSSL. Does OpenSSL even provide this? Also what does OpenSSL provide as a
return from function SSL_get_fd when using Windows?
void setBlockin
Hello,
> Thanks Merek. Will start working on this. Any docs that might have
> implementations of this in some code snippet forms, because i am not
> so well versed with MD5/Crypto libraries ?
If you want to look at very clear and well commented implementation
of SSL you may look at MatrixSSL
Best
Dr. Stephen Henson wrote:
Ah sorry been a while since I've done this kind of stuff. Try making an
initial call to BIO_do_accept() outside the main loop. The first call should
set up the accept BIO and the second one check for an incoming connection.
No worries! I appreciate any help. I've been
Thanks Merek. Will start working on this. Any docs that might have
implementations of this in some code snippet forms, because i am not so well
versed with MD5/Crypto libraries ?
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
> I have been
Hi,
certificate chain verification is always done until a self-signed
CA certificate (root CA certificate), even if intermediate sub-CA
certificates are locally known (which equals trusted) - but why?
Is there some cryptographic requirement for this?
(I understood that a root-CA certificate mus
Hi all,
I am looking for existing implementation of a CA that supports external
APIs. Ideally, it should be able to speak XMLRPC or, at least, offer
an API.
Thanks,
Richard
__
OpenSSL Project http
On Wed, Sep 12, 2007 at 09:45:07PM -0700, Rodney Thayer wrote:
> > Anyway, it certainly does if you setup the connection, and then wrap
> > OpenSSL around an existing network connection. Not sure which release
> > is need for support for making V6 connections from OpenSSL itself.
> >
>
> the iss
On Thu, 13 Sep 2007, Victor Duchovni wrote:
On Wed, Sep 12, 2007 at 11:48:42PM -0700, David Schwartz wrote:
/* This is just one of the tests I have tried */
FD_ZERO(&rfds);
FD_SET(acceptSock, &rfds);
FD_ZERO(&wfds);
FD_SET(acceptSock, &wfds);
Hello,
> I have been able to complete handshake till
> client_finished message. However, i am a little confused in
> client_finished message. Here is what i understand:
>
> client finished message as given in RFC draft, is:
>
>
>
> enum { client(0x434C4E54), server(0x53525652) } Se
On Thu, Sep 13, 2007 at 05:51:32AM -0700, mallika wrote:
>
> I am using openssl for creating root certificate and intermediate ca
> certificates.In 802.1x EAP-TLS authentication client certificate is
> certified by intermediate CA.but while authentication in freeradius 1.0.2 it
> is saying that
On Wed, Sep 12, 2007 at 11:48:42PM -0700, David Schwartz wrote:
>
> > /* This is just one of the tests I have tried */
> > FD_ZERO(&rfds);
> > FD_SET(acceptSock, &rfds);
> > FD_ZERO(&wfds);
> > FD_SET(acceptSock, &wfds);
> > FD_ZERO(&rfds);
> >
Hi All,
I have been able to complete handshake till client_finished
message. However, i am a little confused in client_finished message. Here is
what i understand:
client finished message as given in RFC draft, is:
enum { client(0x434C4E54), server(0x53525652) } Sender;
st
Hello Steve,
Thank you for the clarification. It addresses my problem.
Thanks and Regards
Vijay
On 9/12/07, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
>
> On Wed, Sep 12, 2007, Vijayekkumaran M wrote:
>
> > Hello All,
> >
> > This is the first time I am posting to this forum.
> >
> > If I am
I am using openssl for creating root certificate and intermediate ca
certificates.In 802.1x EAP-TLS authentication client certificate is
certified by intermediate CA.but while authentication in freeradius 1.0.2 it
is saying that error 24 , unkown CA.is there any ways to send all the
certificates
On Wed, Sep 12, 2007, Jim Marshall wrote:
> Hi Steve,
> Thanks again for your help. What you suggested is very similar to what
> I was doing orginally (although I was using errno and not
> BIO_should_retry). When the code is setup as you describe (see code
> below) what happens is that the fir
file is available at http://enlightning.de/misc/s_server.s for download
Florian
Darryl Miles wrote:
> Florian Schnabel wrote:
>> spider:/opt/openssl-0.9.8e-etch/apps# gcc -DMONOLITH -I.. -I../include
>> -DOPENSSL_THREADS -D_REENTRANT \
>> > -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO
42 matches
Mail list logo
