In your s_client command, you still need to include the -CAfile parameter
and point it to just the self-signed Root certificate. Your server is
sending the intermediates but the client is not able to verify the chain up
to a Root.
You may want to edit cacerts.pem to include only the Root certifica
That is what I have when I don't include the intermediate in the command:
openssl s_client -connect 10.10.10.10:443 -verify 5 -state -showcerts
verify depth is 5
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server he
Jorge,
On the server, you can copy all the public certs i.e. the intermediates and
the root into one PEM file. That will send everything down to the client.
Best,
Somesh
On Tuesday, May 21, 2013, Jorge Ventura wrote:
> I have an application (server) that is working using SSLv23 with a
> regular
On 21 May 2013, at 5:37 PM, Jorge Ventura wrote:
> Somech,
> The server side is using one .pem file like this:
>
>
>
>
>
>
> The was signed by one root CA available at client
> side and the two intermediate was supplied by the same root authority.
> I think that I didn't forgot that.
It
Somech,
The server side is using one .pem file like this:
The was signed by one root CA available at client
side and the two intermediate was supplied by the same root authority.
I think that I didn't forgot that.
On Tue, May 21, 2013 at 7:29 PM, Somesh Chakrabarti
wrote:
> Jorge,
>
>
On 21 May 2013, at 5:02 PM, Jorge Ventura wrote:
> Because the client trust the connection when I inform the
> intermediate, I suppose the server is not sending the intermediate,
> only the first certificate in the chain and in this case the command
> fail.
That is a reasonable conclusion. You ca
I have an application (server) that is working using SSLv23 with a
regular certificate. Now I have to use one chain of two intermediate
certificates but for any reason, openssl library is not sending the
chain and the only way to work correctly is when I inform to the
client side about the intermed
On Tue, May 21, 2013 at 11:00 AM, Viktor Dukhovni
wrote:
> If so, this is a Windows Perl bug IMHO. The parent should wait
> for the child to exit with close(STDOUT) in either scenario.
> Any special treatment of STDOUT should be reset after
>
> open STDOUT,"|cmd";
>
> in such a way as to
Hello!
I need to create a key and a csr with SN=x but can't find any way to do
this.
Does anyone know how to do this?
Kind regards
/Per Edlund
signature.asc
Description: Message signed with OpenPGP using GPGMail
Hi,
I built and installed openssl 1.0.1e. When i try to connect using ssh with
2048 DSA keys, i get *bad sig size 32 32* error.
Is this a bug?
Here is how i created the keys.
openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
openssl dsaparam -out dsaparam.pem 2048
openssl gendsa -out ssh_dsa_key
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury wrote:
>
> Which means GetProcAddress is failing for symbol name
> FINGERPRINT_premain. But if I do "dumpbin /exports libeay32.dll", I
> can see the symbol FINGERPRINT_premain exported.
Quote that output line from dumpbin, exactly. Namesp
On Tue, May 21, 2013 at 10:14:27AM -0600, Phillip Hellewell wrote:
> Good news, I found the bug! I got thinking, why is x86_64-gf2m the
> only one giving me a problem? So I compared x86_64-gf2m.pl to the
> others and found that it has this line:
> open STDOUT,"| \"$^X\" $xlate $flavour $outp
Good news, I found the bug! I got thinking, why is x86_64-gf2m the
only one giving me a problem? So I compared x86_64-gf2m.pl to the
others and found that it has this line:
open STDOUT,"| \"$^X\" $xlate $flavour $output";
whereas the others have this:
open OUT,"| \"$^X\" $xlate $flavour $
I forgot to mention, I am using perl.exe version 5.16.3 and nasm.exe
version 2.10.07.
Phillip
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@ope
On Tue, May 21, 2013 at 9:08 AM, Phillip Hellewell wrote:
> But when executed from my build script (a batch file), it runs into
> problems.
Here is a copy of my build script. Can anyone spot a problem with it?
@echo off
if "%1"=="" goto buildall
setlocal
cd /d "%~dp0.."
@call target\dependency
On Tue, May 21, 2013 at 5:33 AM, Dr. Stephen Henson wrote:
> Just tried it myself with Visual Studio 2012, nasm version 2.10.07 and it
> compiles with no problems for me. I also tried it without nasm (i.e. ml64) and
> that worked OK too.
Ok, this is very helpful to know that it is working for oth
Yes, basically I am trying to see if I can make OpenSSL use certain
'pre-defined' bufs that will be mmap'ed to a known location in
the memory. So that in the HW cryptolib I can make use of DMA to supply
data to the crypto engine and read back to the same physical address. That
way it will be faster
Ø I would like to know if it is possible to assign pre-defines bufs(addresses)
to OpenSSL which it can use to store plaintext/cipher text during AES
computation.
You mean force all AES encryptions during a TLS session to use fixed buffers?
No, that is not possible without code changes.
On Mon, May 20, 2013, Phillip Hellewell wrote:
> On Mon, May 20, 2013 at 1:12 PM, Phillip Hellewell wrote:
> > Should I try to patch it myself?
>
> FYI, the linker error is occurring because nasm is failing with a ton
> of errors on x86_64-g2m.asm, I think maybe because it is creating the
> wron
On 5/21/2013 2:04 AM, Phillip Hellewell wrote:
On Mon, May 20, 2013 at 1:12 PM, Phillip Hellewell wrote:
Should I try to patch it myself?
FYI, the linker error is occurring because nasm is failing with a ton
of errors on x86_64-g2m.asm, I think maybe because it is creating the
wrong type of a
On 5/17/2013 11:50 AM, Abhijit Ray Chaudhury wrote:
Hi,
Is there anybody tried Openssl build on wince ce6 ?
I am trying to compile openssl-1.0.1-c on ce6 after applying the patch
mentioned in http://www.mail-archive.com/openssl-dev@openssl.org/msg26888.html,
but my link fails for md4test.exe wi
Hi,
I would like to know if it is possible to assign pre-defines
bufs(addresses) to OpenSSL which it can use to store plaintext/cipher text
during AES computation.
Hi,
I have compiled openssl-fips and openssl in Windows CE 6. But when I
run "fips_premain_dso.exe libeay32.dll" in target environment I get
following error:
=
217450134:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could
not bind to the requested symbol
name:.\crypto\dso\dso_w
"If these are the roots you attached -- with names that differ only
in case of one letter -- they should have gotten the same hashvalue
(with suffixes .0 and .1); did they?"
yes
"Does it work with client=Firefox using client certs under both CAs?
I would expect at least one to fail. Note that s_se
24 matches
Mail list logo
