How exactly are you trying to do this? I don't understand at all your
problem! Are you writting code to handle the handshake?
whath kind of data are you trying to attach? can't be an application layer
flag?
2010/1/15 Josselin Jacquard
> Hi,
>
> I'm wondering if there is a way to pass on external
Hi Kyle:
While your EKU is correct, I'm not sure that your KU values are correct.
We've generated successful UCC certs here with the following profile:
[ usr_ucc_ext ]
basicConstraints= CA:FALSE
keyUsage= critical, keyEncipherment,
digitalSignature
extended
If the certificates issued by such a CA are only used to authenticate
users of (for example) a web forum, the CA can be run by the web forum
operator -- you trust her to keep her forum relatively secure, but you
don't trust her with your bank account password...
In that case, the relying party is
On Sat, Jan 16, 2010, adam.gross...@devitron.com wrote:
>
> The problem is that the clients have been hacked to add some information
> within the first packet sent over. and i, unfortunately, can't change
> that. so i need to be able to read in the raw first 128 bits, get some
> info out of tha
> The problem is that the clients have been hacked to add some
> information
> within the first packet sent over. and i, unfortunately, can't change
> that. so i need to be able to read in the raw first 128 bits, get some
> info out of that, and the have the SSL connection go just as normal,
> n
On Fri, Jan 15, 2010, Rausch, Michael wrote:
> Thanks. Yes I have made sure they are all in there.
>
> The certificate in question reads out something like:
>
> subject name: servername.subdomain.domain.com
> SAN#1: servername.subdomain.domain.com
> SAN#2: servername.domain.com
> SAN#3: servern
> Adam Grossman wrote:
>
>> One last questions, and i am done bugging you about this...
>>
>> These are the steps i am taking:
>>
>> SSL_set_fd(ssl_data->ssl_ssl, sock_fd);
>> sslbio=SSL_get_rbio(ssl_data->ssl_ssl);
>>
>> internalBIO=BIO_new(BIO_s_bio());
>> BIO_set_write_buf_size(internalBIO, 1024
The next thing is to ensure that its extendedKeyUsage includes 'SSL
Client' and 'SSL Server', and its keyUsage includes dataEncipherment,
keyEncipherment, digitalSignature, and keyAgreement.
I have not seen any specific extension requirement for SIP.
Another question is: is your certificate being
Adam Grossman wrote:
> One last questions, and i am done bugging you about this...
>
> These are the steps i am taking:
>
> SSL_set_fd(ssl_data->ssl_ssl, sock_fd);
> sslbio=SSL_get_rbio(ssl_data->ssl_ssl);
>
> internalBIO=BIO_new(BIO_s_bio());
> BIO_set_write_buf_size(internalBIO, 1024);
>
> B
On Sat, Jan 16, 2010 at 12:33:47PM -0500, Adam Grossman wrote:
> These are the steps i am taking:
>
> SSL_set_fd(ssl_data->ssl_ssl, sock_fd);
No, you do not associate the network socket with the SSL engine,
your app copies data back and forth between the SSL engine network
bio and the socket. SS
On Sat, 2010-01-16 at 11:41 -0500, Victor Duchovni wrote:
> On Sat, Jan 16, 2010 at 10:39:13AM -0500, Adam Grossman wrote:
>
> > On Fri, 2010-01-15 at 17:06 -0500, Victor Duchovni wrote:
> > > On Fri, Jan 15, 2010 at 04:11:04PM -0500, Adam Grossman wrote:
> > >
> > > > A simpler question might be
On Sat, Jan 16, 2010 at 10:39:13AM -0500, Adam Grossman wrote:
> On Fri, 2010-01-15 at 17:06 -0500, Victor Duchovni wrote:
> > On Fri, Jan 15, 2010 at 04:11:04PM -0500, Adam Grossman wrote:
> >
> > > A simpler question might be (hopefully), is after i call "SSL_accept",
> > > is there a way to re
On Fri, 2010-01-15 at 17:06 -0500, Victor Duchovni wrote:
> On Fri, Jan 15, 2010 at 04:11:04PM -0500, Adam Grossman wrote:
>
> > A simpler question might be (hopefully), is after i call "SSL_accept",
> > is there a way to retrieve all the raw data which was read in by
> > SSL_accept?
>
> Don't ca
13 matches
Mail list logo
