Are there any decent frontend out there for openssl similar to tinyca2 and xca?
lin
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@open
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Thanks much for the explanations on how this data is laid out.
My first attempts at using the key I generated on my hardware platform were
unsuccessful.
Stepping back, I thought I would use openssl to create a sect163k1 encrypted
SHA1 digest of my test file and then verify it. I have been able t
On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
> > > But for some setups, especially in OpenSSL 1.0, which supports EC
> > > ciphersuites, dh parameters are not neccessary.
> >
> > This is not entirely accurately, one still needs to designate an ECDH
> > curve for ECDHE ciphers
Hi,
I am using radius server for authinticating my ThinClient Laptop for
WirelessAP in TLS security mode.
But my radius server is saying unknown ca.
my radius tls config looks like:
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_
On 2009.10.28 at 11:05:22 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
>
> > But for some setups, especially in OpenSSL 1.0, which supports EC
> > ciphersuites, dh parameters are not neccessary.
>
> This is not entirely accurately, one still n
On Wed, Oct 28, 2009, Mourad Cherfaoui (mcherfao) wrote:
>
> I am not sure I understand why the client is broken? Did you mean that the
> sign bit can be omitted if the client sends the entire chain of certificates
> (except maybe the root) AND the server has the certificates chain as well?
> Tha
Hi,
My client uses sslv23_method() with SSL_OP_NO_SSLv2 in SSL_CTX_set_options.
Since I upgraded to v0.98k the handshake with one particular server fails
with error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure. With OpenSSL v0.98i and earlier no problem at all.
--
On October 28, 2009 12:10:16 pm Mourad Cherfaoui (mcherfao) wrote:
> Thanks Steve,
>
> Yes, the keyUsage is present but the sign bit is not set. As a background
> on this, the user does not want his CA to set the sign bit for non-root
> certificates.
>
If the keyUsage is present and the certSign bi
Thanks Steve,
Yes, the keyUsage is present but the sign bit is not set. As a background on
this, the user does not want his CA to set the sign bit for non-root
certificates.
I am not sure I understand why the client is broken? Did you mean that the sign
bit can be omitted if the client sends
On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
> But for some setups, especially in OpenSSL 1.0, which supports EC
> ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still needs to designate an ECDH
curve for ECDHE ciphers. Postfix code for t
In the manual page for SSL_CTX_set_tmp_dh function it is recommended to
always set temporary Diffie-Hellman parameters for the server SSL_CTX,
in case if client would negotiate some ciphersuite which uses ephemeral
DH key agreement.
Some application authors choose to not compile these parameter
On Tue, Oct 27, 2009, Mourad Cherfaoui wrote:
>
> Hi, I have a chain of certificates C->B->A->RootCA. The TLS client only
> presents C during the TLS handshake. RootCA has the Certificate Sign
> extension set but not B and A. The TLS server fails the TLS handshake
> because of the absence of
Parimal Das wrote:
Its the second case Darry,
Here the 'sleep' is Operating System Sleep mode induced by closing the
lid of laptop.
After opening the laptop, when the system wakes up,
My application is always hanging at the same place.
It is possible there is something specific OSX does in r
On Wed, Oct 28, 2009 at 12:44:28AM -0700, himas wrote:
>
> tried to run my decryption func with test vectors and got not proper result
>
> -- CODE --
> void aes256cbc_encrypt()
> {
> int i, outlen;
int i, outlen, tm;
> unsigned char *outbuf = (unsigned char*)malloc(1024);
Hello.
I am not searching bugs in my code. I have a certificate and a CRL.
And the functionality -issuer_checks is buggy. My cert and CRL have
exactky the same DN as issuer.
2009/10/28 David Schwartz :
> Daniel Marschall wrote:
>
>> Any idea? This problem exists since 2003 and noone found an answ
tried to run my decryption func with test vectors and got not proper result
-- CODE --
void aes256cbc_encrypt()
{
int i, outlen;
unsigned char *outbuf = (unsigned char*)malloc(1024);
unsigned char key[] =
"00
> On Fri, Oct 23, 2009 at 03:47:51PM +0100, Darryl Miles wrote:
>
> > I advocate that some users would find it useful to be able
> to invoke
> > SSL_read() and SSL_write() from exactly two threads on the
> same 'SSL *'
> > simultaneously. There is merit in this and as things
> stands OpenSSL
Hi,
I have a chain of certificates C->B->A->RootCA. The TLS client only presents C
during the TLS handshake. RootCA has the Certificate Sign extension set but not
B and A.
The TLS server fails the TLS handshake because of the absence of the
Certificate Sign extension in B and A.
My first
19 matches
Mail list logo
