hi all,
i am using the latest openssl 0.9.8k. the -verify option works fine
with ssl3 , but handshake fails if i use -ssl2 .
Below are the details ..
./openssl s_server -verify 0 -debug
./openssl s_client -ssl3 -debug [ works fine .]
> ./openssl s_client -ssl2
CONNECTED(00
On Thu, Apr 02, 2009 at 05:20:30PM -0400, Srinivas Jonnalagadda wrote:
> Hi,
>
> I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz
> machine. when i installed i used the /usr/local/ssl as prefix and i did not
> use shared threads option. I was able to install successfully
On Thu, Apr 02, 2009, Randy Turner wrote:
>
> Hello list,
>
> Are the ASN.1 functions in OpenSSL "generic" enough to be used for other
> purposes besides reading/writing certificates?
>
Yes.
> I was curious if the ASN.1 code could encode/decode both BER and DER,
> generically, even if the sour
Hello list,
Are the ASN.1 functions in OpenSSL "generic" enough to be used for
other purposes besides reading/writing certificates?
I was curious if the ASN.1 code could encode/decode both BER and DER,
generically, even if the source of the data is NOT associated with
certificates. For
the generated fips_premain_dso (as a part of openssl fips 1.2 build on
powerpc ) hanging is that the generated code is always jump to the same
function address :-
bash-3.00# gdb fips/fips_premain_dso
(gdb) r eee
Starting program: /ssl/openssl-fips-1.2/fips/fips_premain_dso eee <-- hangs
here now
On Thu, Apr 02, 2009, Shanku Roy wrote:
>
> http://openssl.org/news/secadv_20090325.txt
>
> Hello,
> Our project here is using OpenSSL version 0.9.8g
>
> It invokes X509_print_fp() openssl function to print a cert; can
> that result in calling of fuction ASN1_STRING_print_ex() that
Hi,
I have openssl 0.9.8b installed with apache http server 2.0.55 on sloariz
machine. when i installed i used the /usr/local/ssl as prefix and i did not use
shared threads option. I was able to install successfully. On the same machine
i installed openssl 0.9.8i in /usr/local/openssl098i direc
http://openssl.org/news/secadv_20090325.txt
Hello,
Our project here is using OpenSSL version 0.9.8g
It invokes X509_print_fp() openssl function to print a cert; can
that result in calling of fuction ASN1_STRING_print_ex() that is mentioned in
the "ASN1 printing crash" of above secur
On Thursday 02 April 2009 11:24:56 Dr. Stephen Henson wrote:
> On Thu, Apr 02, 2009, Geoff Thorpe wrote:
> > On Wednesday 01 April 2009 16:34:35 Rene Hollan wrote:
> > > This is an April Fools' joke, right?
> >
> > It's April 2, so I can reply now.
> >
> > Z80. Java. Casiotone. Doesn't the question
> Actually, I do that. And I think I understand what SSL_pending does : it
> returns the number of decrypted bytes remaining in the SSL buffer.
> Implied: at least 1 SSL_read has been done before ! Am I wrong ?
You are wrong in theory. Any SSL operation can churn the SSL state machine and
decr
On Thu, Apr 02, 2009, Geoff Thorpe wrote:
> On Wednesday 01 April 2009 16:34:35 Rene Hollan wrote:
> > This is an April Fools' joke, right?
>
> It's April 2, so I can reply now.
>
> Z80. Java. Casiotone. Doesn't the question sort of answer itself?
>
Personally I think mentioning Windows gave i
On Wednesday 01 April 2009 16:34:35 Rene Hollan wrote:
> This is an April Fools' joke, right?
It's April 2, so I can reply now.
Z80. Java. Casiotone. Doesn't the question sort of answer itself?
Cheers,
Geoff
> -Original Message-
> From: owner-openssl-us...@openssl.org on behalf of Geoff
On Thu April 2 2009, Victor Duchovni wrote:
> On Thu, Apr 02, 2009 at 01:01:00PM +0200, Dr. Stephen Henson wrote:
>
> > It was decided that we should no longer combine feature and bugfix releases
> > and to do that we revised the versioning scheme. The 0.9.x was a legacy from
> > the SSLeay days s
I was initially working on SHA 128 algorithms & #include was
what was needed.Now, I need to work on SHA 256, but does not
seem to work. I've also tried sha2.h & sha256.h to no avail. I've checked
the source code & the SHA 256 APIs are defined in the same header file as
SHA 128, ie openssl/sha.h
I am also a bit of newbie here but I do think that the problem you
having could be due to the previous version of gcc somewhere in you
linux box and that is still called in your makefile. Perhaps you have to
double check your env variables? Or removing old gcc?
61-2-9013-4203
y...@ali.com.au
On Thu, Apr 02, 2009 at 01:01:00PM +0200, Dr. Stephen Henson wrote:
> It was decided that we should no longer combine feature and bugfix releases
> and to do that we revised the versioning scheme. The 0.9.x was a legacy from
> the SSLeay days so we wanted a clean break and went for 1.0.0 in what w
Please call SSL_set_verify with SSL_VERIFY_PEER mode in client application.
Best regards,
Tom
在2009-04-02,AnneB 写道:
>
>Hello,
>
>I have a server application that generates certificate and key files and
>loads them. How can I programatically, at client side, verify the server's
>certificate w
On Thu April 2 2009, Yves Rutschle wrote:
> On Thu, Apr 02, 2009 at 08:01:48AM -0500, Michael S. Zick wrote:
> > I realize that progress in the security field is slow - but will this
> > new release support rfc1149?
> > http://tools.ietf.org/html/rfc1149
>
> That's a hardware layer, below IP. SSL
Hi, All,
How is the relationship between SSL_get_error() and errno? For example, when
SSL_read() return SSL_ERROR_WANT_READ, the errno is EWOULDBLOCK or EAGAIN?
Thanks in advance.
Best regards,
Tom
On Thu, Apr 02, 2009 at 08:01:48AM -0500, Michael S. Zick wrote:
> I realize that progress in the security field is slow - but will this
> new release support rfc1149?
> http://tools.ietf.org/html/rfc1149
That's a hardware layer, below IP. SSL is well above that,
over TCP. If your operating system
Thank you David, thank you all for the clarification.
Combining 'select' with blocking operations almost never works right. This is
the most difficult conceivable situation and you should not willingly choose it
I've been a bit confused. All my sockets are in non blocking mode.
Actually what I
On Wed April 1 2009, Geoff Thorpe wrote:
> On Wednesday 01 April 2009 09:05:05 Thomas J. Hruska wrote:
> > The problem is that I was under the distinct impression 0.9.9 was the
> > next release and 1.0.0 was a pipe dream a few years down the road (at
> > least).
>
> The choice of a 1.0 release is
On Thu, 2009-04-02 at 13:01 +0200, Dr. Stephen Henson wrote:
> Under this scheme
>
> 1. Bug fix releases will change the letter.
>E.g. 1.0.0 -> 1.0.0a
>
> 2. Feature releases will change the last (minor) number.
>E.g. 1.0.0 -> 1.0.1
>
> 3. Major development will change the second (m
Hello,
I have a server application that generates certificate and key files and
loads them. How can I programatically, at client side, verify the server's
certificate when I make a connection?
Thanks,
Anne
--
View this message in context:
http://www.nabble.com/Verify-certificates-tp22846723p2
* Dr. Stephen Henson wrote on Thu, Apr 02, 2009 at 13:01 +0200:
[...]
> Under this scheme
>
> 1. Bug fix releases will change the letter.
>E.g. 1.0.0 -> 1.0.0a
>
> 2. Feature releases will change the last (minor) number.
>E.g. 1.0.0 -> 1.0.1
>
> 3. Major development will change the
On Wed, Apr 01, 2009, Kenneth Goldman wrote:
> Assuming it's not a joke, what's the meaning of a 1.0 as opposed to
> 0.9.something.
>
> My hope is that you'll say the API is frozen and that there's a commitment
> not to break backward compatibility in future releases.
>
Here's an outline of the
i2d_X509 and its friends (i2d meaning 'internal2der') are what you're
looking for. The companion functions, d2i_*, parse a DER structure
into the internal format.
-Kyle H
On Wed, Apr 1, 2009 at 1:58 PM, Clairvoyant1332 wrote:
>
> >From the C interface, is there a preferred / generalized way to
Hello,
I am trying to install OpenSSL-0.9.8k. I currently have OpenSSL-0.9.8.602.
Do I need to remove my older version before I install the new version?
Also, I ran a ./config --prefix=/usr/opt/OpenSSL, which came back with NO
error. Then when I ran make it gives me the following error:
cc: unr
>From the C interface, is there a preferred / generalized way to take a public
key or certificate and put it in a binary form suitable for network
transmission? There's a whole set of functions for reading and writing keys
in PEM format, but nothing for binary. I could, for example, pull from an
I solved te problem by calling ERR_remove_state(0) for every thread which
uses a SSL connection.
--
View this message in context:
http://www.nabble.com/Memory-Leaks-on-every-connection-tp22805904p22832875.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
_
fhd...@unm.edu wrote:
Hello,
Is there any reason why one needs to protect CSR (e.g. encrypting it)
from public view?
Can't think of one myself...
I was under impression that is the key that needs
to be protected not the CSR?
That's correct.
Thank you,
Farid
you're welcome.
lh..
Com
Assuming it's not a joke, what's the meaning of a 1.0 as opposed to
0.9.something.
My hope is that you'll say the API is frozen and that there's a commitment
not to break backward compatibility in future releases.
--
Ken Goldman kg...@watson.ibm.com
914-784-7646 (863-7646)
32 matches
Mail list logo
