Hi,
With reference to openssl's README, it supports TLS v1; does it mean
that it supports TLS 1.0 (RFC 2246) and TLS 1.1 (RFC 4346) ?
Best Regards,
Manish Jain
__
OpenSSL Project http://www.openssl
Hi,
Which SSL API will be used to load PKCS certificate in SSL_CTX?
OR (in other words)
What is the alternative for SSL_CTX_use_certificate_file() in case of
PKCS12?
Best Regards,
Manish Jain
__
OpenSSL Project
On Wed, Sep 26, 2007 at 04:28:15PM -0700, David Schwartz wrote:
>
> Victor Duchovni wrote:
>
> > Use a self-signed cert and and a trusted source of peer<->cert or cert
> > fingerprint mappings. The public CA is just one mapping function.
>
> Well then you're going to have to argue with yourself
Hello,
> Now you *are* saying that if you just use something to validate the
> certificate, you are safe.
>
> You and I are in violent agreement, you just don't see it. You also suggest
> setting up an SSL connection that provides everything except MITM detection.
> You then take something from th
Hello,
> My SSL application recently began throwing the following error
> whenever I try to connect:
>
> SSL error (-1, 1, 336130329) (error:1408F119:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record mac)
>
> The strange thing is that the same application, running on a
> differ
Hello,
> Hi, I'm developing a client-server architecture to encrypt/decrypt
> data which works like this: the client asks the server for the key
> using a ssl connection, the server transmits the key to the client that
> then encrypts/decrypts the data.
>
> I'd like to know if there is a way to c
Hello,
> Indeed when I call the ASN1_item_verify(), in the asn1/a_verify.c function
> the following error occurs:
>
> 14250:error:0D0C50A1:lib(13):func(197):reason(161):a_verify.c:141:
>
> I tried to trace the problem, and I found that it resides in the
> following piece of code:
>
> i=
Hello,
Small update on the problem.. fixed it! :) Thanks to the people who
helped me...
Anyhow, now I have a signature verification problem. Indeed when I try
to verify the signature after reloading it, it fails saying that it
does not find the digest algorithm.
Indeed when I call the ASN1_item
Hi, I'm developing a client-server architecture to encrypt/decrypt
data which works like this: the client asks the server for the key
using a ssl connection, the server transmits the key to the client that
then encrypts/decrypts the data.
I'd like to know if there is a way to convert a RSA* key o
Victor Duchovni wrote:
> Use a self-signed cert and and a trusted source of peer<->cert or cert
> fingerprint mappings. The public CA is just one mapping function.
Well then you're going to have to argue with yourself since you said not to
do this two posts ago:
>>>Actually not the certificate,
On Wed, Sep 26, 2007 at 03:58:08PM -0700, David Schwartz wrote:
> I am not enough of an expert to comment for sure on this, but it seems that
> there would be no harm in using the certificate for this purpose. A MITM
> cannot create an SSL session that uses the same certificate as the real
> serve
> On Wed, Sep 26, 2007 at 11:03:21AM +0200, Steffen DETTMER wrote:
>
> > > > So your point is that some property from the original
> > > > certificate (lets say some hash or so) could be included in
> > > > the extra authentication to detect a MITM (or whatever faked)
> > > > certificate? In that
Hi,
With reference to openssl's README, it supports TLS v1; does it mean
that it supports TLS 1.0 (RFC 2246) and TLS 1.1 (RFC 4346) ?
Best Regards,
Manish Jain
__
OpenSSL Project http://www.openssl
On Wed, Sep 26, 2007 at 11:03:21AM +0200, Steffen DETTMER wrote:
> > > So your point is that some property from the original
> > > certificate (lets say some hash or so) could be included in
> > > the extra authentication to detect a MITM (or whatever faked)
> > > certificate? In that case, SSL w
Dr. Stephen Henson wrote:
Well it looks like you aren't using a debug version of OpenSSL. That would
give a more meaningful backtrace.
:( Right.. I should at this point...
When you get that print out the ASN1_ITEM structure in some of the frames:
that should tell you exactly which field is ca
Hi All-
My SSL application recently began throwing the following error
whenever I try to connect:
SSL error (-1, 1, 336130329) (error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac)
The strange thing is that the same application, running on a
different machine
Hi!
perhaps the benchmark differences come from the different CPU types
(I've got an Esther CPU with 1.2GHz). Here is the content of the /
proc/cpuinfo of Linux:
processor : 0
vendor_id : CentaurHauls
cpu family : 6
model : 10
model name : VIA Esther processor
* David Schwartz wrote on Tue, Sep 25, 2007 at 14:47 -0700:
[...]
> > I'm not sure if I understand "...including these...". If, for
> > instance, each side (and only them) share a secret 3DES key and
> > use it for some challenge-response-authentication inside a SSL
> > tunnel then I would assume
On Wed, Sep 26, 2007, Massimiliano Pala wrote:
> Anyhow when I want to write it to a BIO (i2d_PRPQ_RESP_bio), I get
> a segmentation fault:
>
> ==
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1284179056 (LWP 21851)]
> 0x4186f6d5 in memcpy () from /lib/lib
Hi all,
I am trying to sign an ASN1 object. Basically the object is very similar to
an OCSP request - it is the PRQP response message (new proposal at IETF for
PKI Discovery Query Protocol).
The basic structure is reported here:
/* PRQPResponse ::= SEQUENCE {
* respData
4) Handshake "headers" are omitted in the signature computation in
both CertificateVerify and Finished messages.
(RFC 4347 does not clearly state what is to be included. However,
according to the TLS v1.1 (RFC 4346), it shall be the complete handshake
message, starting from Handshake.msg_type. H
21 matches
Mail list logo
