RE: OpenSSL skills

2002-04-14 Thread Andy Schneider
I know this adds to the length of this thread - but I have to apologise. Sorry for sending that post to openssl-users, that was dumb thing to do. Regards, Andy S. <>

RE: 0.9.7-dev ncipher bugfixes

2002-01-27 Thread Andy Schneider
vix> By the way, can someone explain me, how should one use those vix> "embed" type keys? I've read all the documentation, searched vix> mailing lists and Internet, experimented quite a lot, but no vix> success. I get some strange error (invalid param or smth) vix> from HWCryptoHook library whe

IP Validation error: client side handling

2002-01-16 Thread Andy Schneider
I have a server that does checking of the altSUbjectName against the source IP address of the client connection. When the verify fails the server (my code) closes the connection with extreme predjudice. What I'd like to do is to have my client (mine so I have code control) be able to work out t

RE: CRYPTO_malloc_init()

2002-01-11 Thread Andy Schneider
Using the nothrow form of new maybe an idea. > -Original Message- > From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]] > Sent: 10 January 2002 14:51 > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: CRYPTO_malloc_init() > > > From: [EMAIL PROTECTED] (robert) > > rob

RE: Why DNS/IP in certificate?

2002-01-11 Thread Andy Schneider
> Also, do OpenSSL automatically renegotiate symmetric keys every X > minutes (or Y bytes)? Automatically via the SSL_BIO (providing you specify time or byte thresholds) or manually via SSL_renegotiate. __ OpenSSL Project

RE: Intermediate signing certs

2001-12-10 Thread Andy Schneider
A, B and C need to be available to the certificate verification process if you wish to check that D was signed by C, which was signed by B, which was signed by A. > -Original Message- > From: Tat Sing Kong [mailto:[EMAIL PROTECTED]] > Sent: 10 December 2001 17:01 > To: Openssl-Users@Opens

RE: Engine vs non-engine

2001-12-07 Thread Andy Schneider
AFAIK OpenSSL 0.9.7 is going to have pluggable cryptographic service providers (engines). 0.9.6 doesn't have this (it's all software) but 0.9.6-engine does. You can therefore use an engine based version with hardware crypto if you have an appropriate engine. 0.9.6 supports three? of engines, softw

RE: binding IP addresses to X.509 certificates for use with OpenSSL?

2001-11-29 Thread Andy Schneider
You can use altSubjectName for the IP address but you'll have to do the validation yourself (AFAIK) since OpenSSL doesn't. A cert is normally just specifies the DNS name of the server but I've encountered clients who want to lock things down more tightly than that (so they are immune to a DNS base

RE: Multiple accept threads - failure

2001-11-26 Thread Andy Schneider
I think I have this sussed. Calls to methods that manipulate SSL_CTX aren't always thread safe and I was assuming they were (without checking - doh!). Andy S. > -Original Message- > From: Andy Schneider > Sent: 26 November 2001 13:19 > To: [EMAIL PROTECTED] > Subj

Multiple accept threads - failure

2001-11-26 Thread Andy Schneider
Folks, I have a test program that puts down 60 threads. 30 server threads that put down listens () and 30 client threads that do connects (). I find that some of the threads fail (openssl-0.9.6b-engine - Solaris 2.8 - 2 CPU box) with ret code -1 in SSL_accept. SSL_get_error yields 0 and errno is

RE: SSL_connect gives me the error SSL_ERROR_SYSCALL

2001-11-20 Thread Andy Schneider
Often a look at errno can be instructive. Compiling SSL in debug and stepping through the code when the error occurs can also be very useful. -Original Message-From: Venugopal Panchamukhi [mailto:[EMAIL PROTECTED]]Sent: 20 November 2001 12:21To: [EMAIL PROTECTED]Subject: SSL_c

Alt Subject Name : IP Address

2001-10-04 Thread Andy Schneider
Can anyone send me a code snippet showing how I get the subject alternate name (IP address) in a form useful for IP source verification? Andy S. __ OpenSSL Project http://www.openssl.org User Supp

RE: SSL renegotiation and SSL_bio (more data)

2001-09-21 Thread Andy Schneider
} while (skip_message); > -Original Message- > From: Bodo moeller [mailto:[EMAIL PROTECTED]] > Sent: 21 September 2001 00:59 > To: [EMAIL PROTECTED] > Cc: Andy Schneider > Subject: Re: SSL renegotiation and SSL_bio (more data) > > > Andy Sch

RE: SSL renegotiation and SSL_bio (more data)

2001-09-20 Thread Andy Schneider
ic as above. Regards, Andy. BTW: I don't know if there is an official bug fix channel. -Original Message- From: Eric Rescorla Sent: Thu 9/20/2001 5:52 PM To: [EMAIL PROTECTED] Cc: Subject:Re: SSL renegotiation and SSL_bio (more data) "Andy Schneider&quo

RE: SSL renegotiation and SSL_bio (more data)

2001-09-20 Thread Andy Schneider
- From: Eric Rescorla Sent: Thu 9/20/2001 4:09 PM To: [EMAIL PROTECTED] Cc: Subject:Re: SSL renegotiation and SSL_bio (more data) "Andy Schneider" <[EMAIL PROTECTED]> writes: > With further instrumentation I can see what happens. The server sends > the serve

RE: SSL renegotiation and SSL_bio

2001-09-19 Thread Andy Schneider
Hours) { SSL_renegotiate (s); SSL_do_handshake (s); s->state = SSL_ST_ACCEPT; SSL_do_handshake (s); } ... // Respond to client SSL_write (...) Is this what is normally expected? -Original Message- From: Andy Schneider Sent: Wed 9/19/2001 10:45 AM To: [EMAIL PROTECTED] Cc:

SSL renegotiation and SSL_bio

2001-09-19 Thread Andy Schneider
ponse from anyone. Any pointers or assistance gratefully appreciated. Regards, Andy Schneider. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL