On Oct 9, 2013, at 10:59 PM, Viktor Dukhovni wrote:
> A better solution is to not call SSL_pending() until the SSL
> handshake completes. For now you should keep track of whether
> SSL_accept() has completed for a given session, and refrain from
> SSL_pending() until then.
Agreed, but my code n
On Wed, Oct 09, 2013 at 10:46:35PM -0700, Jeremy Friesner wrote:
> > With SSL sessions created via SSLv23_method(), use of this primitive
> > will lead to the failure in question when invoked before the SSL
> > session has switched to SSLv3, TLSv1, ?
>
> Aha! Yes, that appears to be my problem.
Hi Viktor,
On Oct 9, 2013, at 9:16 PM, Viktor Dukhovni wrote:
> On Wed, Oct 09, 2013 at 07:54:34PM -0700, Jeremy Friesner wrote:
>
>> If you're interested in trying to reproduce the fault yourself,
>> let me know and I can upload the code I'm testing with.
>
> Are you using SSL_pending(), BIO_
Hi all,
I'm working on adding OpenSSL support to my server program, and generally it's
working pretty well, but I have come across a problem.
First, some background: The server is single-threaded and uses non-blocking
I/O and a select() loop to handle multiple clients simultaneously. The serv
>Aside: this message was pretty garbled, and in richtext which my Outlook won't
>fix sensibly.
>I've tried to manually reformat what I can, but it would be easier if you
>posted plaintext.
Really sorry for that, I saw it only once message was already posted.
Thanks for taking the time anyway.
Thanks every one for making my understanding right and this gives me idea on
what to do next :)
I will try to see, how to create OCSP and proceed further.
--
View this message in context:
http://openssl.6102.n7.nabble.com/OpenSSL-CRL-Understanding-tp46712p46816.html
Sent from the OpenSSL
Hello again,>It doesn’t sound like you did profile, but rather a stop-watch at
start and >stop. That’s more coarse-grained than I think you need to do. For
example,>you need to measure time to do the key exchange, time to do the
encryption, >time to put the traffic over the network. For example,
On Wed, Oct 09, 2013 at 07:54:34PM -0700, Jeremy Friesner wrote:
> If you're interested in trying to reproduce the fault yourself,
> let me know and I can upload the code I'm testing with.
Are you using SSL_pending(), BIO_pending() or anything similar
anywhere in your code?
With SSL sessions cre
Hi Elaine,
No browser, just a client and server program I wrote myself (in C++) that I'm
trying to upgrade to support SSL. (They both previously worked over vanilla
TCP connections only, but I'm adding SSL transport as an option)
For this test, both the client and server are running on my Mac
Jeremy,
I am very interested in the 25% scenario's you are referring to here.
What browser where you using? Where were you trying to connect to, what
Operating system were you trying to connect to,
I was reading up on extended cert's today and found out some interesting
information from the Gibs
> The synatx of the extension is needed too. Do you know of any specs giving
> details?
Googling the OID found this which seems to imply that it's the same syntax as
NextUpdate: http://www.imc.org/ietf-pkix/old-archive-04/msg01798.html
--
Principal Security Engineer
Akamai Technology
Cambri
> The synatx of the extension is needed too. Do you know of any specs giving
> details?
I've emailed the user but no response yet!
<>
Hi all,
I'm working on adding OpenSSL support to my server program, and generally it's
working pretty well, but I have come across a problem.
First, some background: The server is single-threaded and uses non-blocking
I/O and a select() loop to handle multiple clients simultaneously. The serv
On Thu, Oct 10, 2013, Puneet Khunteta wrote:
> Can i get the patch file( diff) for "Streaming ASN1 encode support for
> PKCS#7 and CMS." feature introduced in v1.0.0 ?
>
It's not a trivial change. A significant amount of the ASN1, BIO and PKCS#7
code was modified to support streaming.
Steve.
--
On Fri, Sep 13, 2013, adrien pisarz wrote:
> Hi,
>
> A new non-critical extension is available in order to download the Crl before
> his expiration.
>
> Unfortunately I don't know to use it with OpenSSL. May someone help me ?
>
> For information, I added the msCRLNextPublish with his OID in th
Can i get the patch file( diff) for "Streaming ASN1 encode support for
PKCS#7 and CMS." feature introduced in v1.0.0 ?
On Fri, Oct 4, 2013 at 6:40 PM, Richard Könning <
richard.koenn...@ts.fujitsu.com> wrote:
> Am 03.10.2013 14:32, schrieb Puneet Khunteta:
>
> Hello,
>>
>> I have later found th
Hi Ken thanks for replying. I have been struggling with this issue since last
3 days.
I am not using RSA_verify. I am using openssl -verify to verify my
signature. Secondly, should I write 20 instead of strlen(reply)?
Best Regards
--
View this message in context:
http://openssl.6102.n7.nabble
There are a few issues here:
RSA_Verify does not return a signature. It returns a boolean pass/fail.
If reply is a hash, strlen(reply) is not the length of the hash. The
length is 20 for SHA-1.
On 10/9/2013 1:46 PM, aqueelmirza wrote:
I am using OpenSSL in iOS app to sign a message. I use
I am using OpenSSL in iOS app to sign a message. I use RSA_sign to sign. When
I use RSA_verify to verify the signature, result is like this
050 +(f2d7846a5f495a743e470663facf7a2858d052cf
Where f2d7846a5f495a743e470663facf7a2858d052cf is the original signature. So
I am getting additional 050 +( at
On Wed, Oct 09, 2013, Graham Leggett wrote:
> Hi all,
>
> I have a cert, a CA cert, and N intermediate certificates, each in three
> separate files. I don't know the value of N during this process.
>
> What I need to do is combine these certs into a P12 file, but crucially I
> need to give the
On Tue, Oct 08, 2013, Sean Alexandre wrote:
> I'm writing a client app that uses OpenSSL to connect to an SSL server. I want
> to display the number of bits used for the DH parameter set. How do I do this?
>
> So far I've found "struct dh_st" and it has (from dh.h):
> BIGNUM *p;
Hi all,
I have a cert, a CA cert, and N intermediate certificates, each in three
separate files. I don't know the value of N during this process.
What I need to do is combine these certs into a P12 file, but crucially I need
to give the cert and the CA cert very specific nicknames for further s
22 matches
Mail list logo
