Hi
The c-client library/API does its own socket I/O for non-SSL sessions, but
in SSL the socket I/O is delegated to OpenSSL.
When c-client does its own socket I/O, it sets a timeout (normally 15
seconds) on a select() call prior to doing any read() or write() calls.
Thus, c-client never does a re
Ger Hobbelt wrote:
It is presumed that every SSL_write() requires a flush (at TCP level this
mechanism is called a "Push"). This basically means the data needs to flush
to the reading API at the far end on exactly the byte boundary (or more)
data than you sent. This mean you have a guarantee to
> From: owner-openssl-us...@openssl.org On Behalf Of Josue Andrade Gomes
> Sent: Thursday, 29 October, 2009 14:23
> Shortly: HP Insight Manager (a management tool) crashes my server SSL
> application.
> Operating system: Windows 2003 Server
> OpenSSL version: 0.9.8k
> Post-mortem debugger points t
On Mon, Oct 26, 2009, Adam Rosenstein wrote:
> You are correct, I made a paste error in the mail. The certs were correct
> at the time I tested however (my test script just regenerates things each
> time and I pasted an old ee with a new root ca).
>
> I just tried openssl-SNAP-20091026.tar.gz an
Thanks for the tip. No, I don't call CRYPTO_malloc_init. But I don't
think it is necessary. I'm pretty sure
that I'm not mixing compiler options.
Also, if this was the case it was crashing all the time, right?
SSL connections work fine with any client except this HP Insight Manager thing.
Of cours
>> There is one added complication in that the protocol is a datagram
>> protocol at a
>> higher level (although it uses TCP). I am concerned that the whole
>> protocol could
>> block if there is not enough data to encrypt a whole outgoing message
>> but the peer cannot
>> continue until it gets t
If a certificate does not have the standard keyUsage: signature, then that
certificate cannot sign any message, at all. No email, no client signature of
TLS authentication parameters, nothing.
-Kyle H
On Wed, Oct 28, 2009 at 9:10 AM, Mourad Cherfaoui (mcherfao)
wrote:
Thanks Steve,
Yes, t
CRYPTO_malloc is an internally-used function, to allocate memory. In any
event, though, do you do an earlier CRYPTO_malloc_init?
http://openssl.org/support/faq.html#PROG2
-Kyle H
On Thu, Oct 29, 2009 at 11:23 AM, Josue Andrade Gomes
wrote:
Hi,
Shortly: HP Insight Manager (a management too
Hi,
Shortly: HP Insight Manager (a management tool) crashes my server SSL
application.
Operating system: Windows 2003 Server
OpenSSL version: 0.9.8k
Post-mortem debugger points the crash ocurring in a call to
CRYPTO_malloc() inside SSLv3_client_method()
(wich is weird since I never call this funct
Radius needs to be set up to trust that CA. That isn't an openssl
question, that's a radius question.
-Kyle H
On Wed, Oct 28, 2009 at 6:25 AM, ashokgda wrote:
>
> Hi,
>
> I am using radius server for authinticating my ThinClient Laptop for
> WirelessAP in TLS security mode.
> But my radius serv
Jeff,
Thanks for the suggestion. Unfortunately, I can't use a prebuilt Win32 binary
because I'm literally building on an MS-DOS host for an MS-DOS target using
DJGPP. No Visual Studio here!
No worries though, I managed to get OpenSSL to compile with a bit of fiddling.
I'm providing my notes
Hi There,
I am completely new to open SSl and have hit a snag that I could use some
help with.
I am trying generate a CA and a signed self certificate for a netgear FXV538
VPN.
Using the following 3 commands listed in the instructions for the firewall
adding the approriate path names
1.openssl g
Mark wrote:
There is one added complication in that the protocol is a datagram
protocol at a
higher level (although it uses TCP). I am concerned that the whole
protocol could
block if there is not enough data to encrypt a whole outgoing message
but the peer cannot
continue until it gets the mess
google: TCP OPTION KEEPALIVE
http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/
You would be best with an application level timeout,
which would send an application enquiry (heartbeat)
from the laptop to the server.
Waking up from sleeping, the application would send the next heartbeat.
(any
On Thu, Oct 29, 2009, Joe Orton wrote:
> On Wed, Oct 28, 2009 at 06:51:02PM +0100, Dr. Stephen Henson wrote:
> > On Wed, Oct 28, 2009, Mourad Cherfaoui (mcherfao) wrote:
> > > I am not sure I understand why the client is broken? Did you mean that the
> > > sign bit can be omitted if the client sen
Hi David,
> > There is one added complication in that the protocol is a datagram
> > protocol at a
> > higher level (although it uses TCP). I am concerned that the whole
> > protocol could
> > block if there is not enough data to encrypt a whole
> outgoing message
> > but the peer cannot
> > co
On Thu, Oct 29, 2009 at 11:33:13AM +0300, Victor B. Wagner wrote:
> > Yes, of course, in a strictly technical sense. From a user perspective,
> > however, both are the same sort of thing, something one needs to configure
> > to enable kEDH or kEECDH ciphers. When neither set of parameters is
> > p
Mark Williams wrote:
> There is one added complication in that the protocol is a datagram
> protocol at a
> higher level (although it uses TCP). I am concerned that the whole
> protocol could
> block if there is not enough data to encrypt a whole outgoing message
> but the peer cannot
> continue
Parimal Das wrote:
> Please suggest.
> 1. What i should include in this code to correct this hang?
It depends on what your code should do in this case. Do you want to wait a
limited amount of time for the other side to reply? Or do you want to wait
possibly forever? Your current code specifical
> Mark Williams wrote:
>
> > > 2) Let the two threads read and write to your own two
> > > independent queues and
> > > service the application side of the SSL connection with your
> > > own code to and from the read and write queues.
>
> > Won't I still need to combine the reading and writing to
On Wed, Oct 28, 2009 at 06:51:02PM +0100, Dr. Stephen Henson wrote:
> On Wed, Oct 28, 2009, Mourad Cherfaoui (mcherfao) wrote:
> > I am not sure I understand why the client is broken? Did you mean that the
> > sign bit can be omitted if the client sends the entire chain of certificates
> > (except
Hello,
Here is my test code. I am downloading a file with https connection.
This is compiled as $g++ -lssl -lcrypto sslShow.cpp. on OS X 10.5.8
Using default OS X libs (libcrypto 0.9.7 and libssl 0.9.7)
When it has downloaded some 2MB data, I closed my laptop lid (OSX induced
sleep)
After 5 mi
Mark Williams wrote:
> > 2) Let the two threads read and write to your own two
> > independent queues and
> > service the application side of the SSL connection with your
> > own code to and from the read and write queues.
> Won't I still need to combine the reading and writing to the SSL object
Hi Doug,
> After extracting the private key from the testkey.pem file and putting it into
> the vendor's tool file format, the vendor tool generated digest ends up
> looking
> like:
> E39C9EEB4A60BFAF93235B376E9E54883C127BC40300
> F4760E34AC2ECB484B2DFF06E87113C9F1F9F99F0200
Ah! Now I see
> Mark Williams wrote:
>
> > I can think of one. In the near future I will need to add
> SSL support
> > to a
> > legacy application which uses two threads to read/write from/to a
> > socket.
> > If SSL supported this it would make my life much easier. As the
> > situation
> > stands I am not s
Daniel Marschall:
> Hello.
>
> I am not searching bugs in my code. I have a certificate and a CRL.
> And the functionality -issuer_checks is buggy. My cert and CRL have
> exactky the same DN as issuer.
What is the bug then? All you've reported so far is:
1) When you compare using exact string
Mark Williams wrote:
> I can think of one. In the near future I will need to add SSL support
> to a
> legacy application which uses two threads to read/write from/to a
> socket.
> If SSL supported this it would make my life much easier. As the
> situation
> stands I am not sure how to tackle th
Parimal Das wrote:
> Its the second case Darry,
> Here the 'sleep' is Operating System Sleep mode induced by closing the lid
of laptop.
> After opening the laptop, when the system wakes up,
> My application is always hanging at the same place.
Bug is in your code. It is doing what you asked it
Hi Mourad,
-Original Message-
> From: On Behalf Of Mourad Cherfaoui
> Sent: Wednesday, October 28, 2009 6:23 AM
> To: openssl-users@openssl.org
> Subject: TLS trust of a chain of certificates up to a root CA. Certificate
> Sign extenstion not set
> I have a chain of certificates C->B->A->
On 2009.10.28 at 14:56:54 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
>
> > > > But for some setups, especially in OpenSSL 1.0, which supports EC
> > > > ciphersuites, dh parameters are not neccessary.
> > >
> > > This is not entirely accurat
Hi all,
I'm trying to compile OpenSSL 0.9.8k in MS-DOS 7.1 with DJGPP and I
keep getting errors stating that various utilities cannot be found
under the "djgppbin" directory. All of my environment variables are
correctly set and ./Configure runs fine, but this strange error keeps
coming up. Perh
31 matches
Mail list logo
