Re: SSL_read() and dropped (half-open) connections

2014-05-09 Thread Tilman Sauerbeck
Michael Wojcik [2014-05-09 21:12]: Hello Michael, thanks for your reply. > > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > > us...@openssl.org] On Behalf Of Tilman Sauerbeck > > Sent: Thursday, 08 May, 2014 12:26 > > > > my program is an SSL client which is reading large amounts

RE: CRL & default_crl_days

2014-05-09 Thread Michael Wojcik
I don't claim any expertise in this area, but RFC 5280 5.1.2.5 seems pretty clear: 5.1.2.5 Next Update This field indicates the date by which the next CRL will be issued. The next CRL could be issued before the indicated date, but it will not be issued an

RE: SSL_read() and dropped (half-open) connections

2014-05-09 Thread Michael Wojcik
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Tilman Sauerbeck > Sent: Thursday, 08 May, 2014 12:26 > > my program is an SSL client which is reading large amounts of data > without sending data itself (after the initial handshake). > My machine's

Re: CRL & default_crl_days

2014-05-09 Thread Gregory Sloop
GS> So, I'm working with an EAP-TLS system running under freeradius. GS> I've setup things to use a CRL [not OSCP] to revoke certificates and GS> all works well. GS> However, the parameter default_crl_days=XXX puzzles me. GS> Through trial and error [mostly error] I know that if I don't GS> rege

Re: CRL & default_crl_days

2014-05-09 Thread Gregory Sloop
GS> So, I'm working with an EAP-TLS system running under freeradius. GS> I've setup things to use a CRL [not OSCP] to revoke certificates and GS> all works well. GS> However, the parameter default_crl_days=XXX puzzles me. GS> Through trial and error [mostly error] I know that if I don't GS> reg

af_alg engine from openssl

2014-05-09 Thread Jitendra Lulla
Hi, I want to use the openssl commad to compute various things eg hmac-sha. I want to use '-engine af_alg' for the same. I have taken the af_alg plugin from src.carnivore.it. i have been extending it for eg sha384 etc. I wonder if I can get this engine from openssl.org? ~Jitendra Lulla _

Re: graphic arts help needed

2014-05-09 Thread elaine ossipov
You Betcha, I'd be happy to help. When would you like it by? and Ow, see Stacy just replied to, so maybe we can collaborate. ~~elaine o. *blessed be.* *http://elaineo.me * *See my vizify bio!* [image: Elaine Ossipov 's Visual Thumbprint]

SSL_read() and dropped (half-open) connections

2014-05-09 Thread Tilman Sauerbeck
Hi, my program is an SSL client which is reading large amounts of data without sending data itself (after the initial handshake). My machine's connection does drop regularly, and I want to make sure that my program detects the dropped connection instead of hanging in read()/recv() forever. My ques