My experience so far, has been that, if you send a "Connection: Keep-Alive"
in the HTTP headers of the object the browser asked for, and not close the
connection, the browser will ask you for more objects (if there are any
more). It's as simple as that.
This works with both IE/Netscape.
Arun.
--
Hopefully you are doing add_ssl_algorithms(..) (and a helpful
SSL_load_error_strings(..)) in the beginning. Also, did you try
ERR_print_errors_fp(stdout) and see if something appears? I may be restating
the obvious here.
The usual way I detect errors is to do a SSL_get_error(..) and do a
switch-c
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, August 24, 2000 6:50 PM
Subject: re: using ssl in http protocol
>a question about persistent mode in http
>
>if in keep-alive mode, in the server side, how can i recong
I am not sure if this is indeed the source of the problem, but to deal with
export browsers with a 1024-bit certificate, one needs to generate a
temporary key 512-bits long, since that's all those browsers can handle.
In openssl, one does this using SSL_CTX_set_tmp_rsa_callback(...)
Arun.
"If y
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, August 24, 2000 6:53 AM
Subject: using ssl in http protocol
>one question:
>http is a connectionless protocol(at least 1.0 is, and i don't know if
there are some imple
[Moved to openssl-users]
AFAIK, SSL_RECEIVED_SHUTDOWN means the **other side** (ie. the server) sent
you a shutdown. This could be because you are using HTTP/1.0 and not asking
for a Keep-Alive connection in your request. All such connections are
required to be shut-down by the protocol.
In any
This question has been asked numerous times. Please check the archives.
Arun.
"If you torture data long enough, it will admit anything you want.."
This message is for the named person(s) use only. It may contain
confidential, pr
-Original Message-
From: Radhakrishna <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, July 29, 2000 2:44 PM
Subject: Is it possible to send Binary Data using SSL_write( )
>Is it possible to send the binary data using
-Original Message-
From: Walsh, Dan <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Saturday, July 29, 2000 7:16 AM
Subject: Is there a way to get SSL_Connect to timeout?
>I am writing a program that connects to one hundred different machines. A
>couple of these m
You need the "ar" utility for your platform. If you already have it, make
sure it is in your path or get one for your platform.
Arun.
"The online world is a cool place to visit, but you really don't want to
live there."
This mess
That means nothing more to me that it does to you :) Try
ERR_error_string(ERR_get_error(), NULL) instead.
Arun.
"The online world is a cool place to visit, but you really don't want to
live there."
This message is for the named pe
I believe that for SSL_connect() a return value of 0 also indicates an
error. In such a case, you should delve deeper and figure out the exact text
message of the error (as lutz suggested). You may see what you have been
looking for.
Arun.
"The online world is a cool place to visit, but you real
Looks to me like your "bc" program is the culprit here. Check your bc
version, try to get the latest for your platform and see if the same problem
recurs.
HTH.
Arun.
"The online world is a cool place to visit, but you really don't want to
live there."
*
In the future, please do not post such user problems to the developer
mailing list. (Should this be a faq :)
I am hazarding a guess here. It seems you me that you are trying to use the
sample cert supplied with the demo. Note that this is just a dummy
certificate and not signed by a "real" CA. Is
We have a similar application where we reuse a pool of SSL connections. The
only difference between our approach and yours is the following piece of
code which we execute before reusing an already used SSL structure.
SSL_set_session(ssl, NULL);
Can you try this and see if the problem recurs? We
Base64 is a basic encoding mechanism (it is **not** encryption) used by HTTP
clients for encoding username and password, for urls that requires user
authentication. It is quite simple and there are a lot of implementations
freely available (C/Perl/Java). Just do a search on www.google.com to sampl
If you are using apache, it's very simple to install the cert. Just put it
in the directory pointed to by the appropriate setting in ur httpsd.conf
file.
Arun.
-Original Message-
From: Murthy, Ashok P. <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Monday, June 19,
how to free up stuff allocated by SSLeay_add_ssl_algorithms() - openSSLI
would like to know also. I have seen a SSL_library_cleanup() in the BSafe
API, but nothing comparable in OpenSSL.
Arun.
>-Original Message-
>From: Arora Meenakshi <[EMAIL PROTECTED]>
>To: Openssl-Users (E-mail) <[EM
-Original Message-
From: Michael Sierchio <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, June 16, 2000 10:14 AM
Subject: Re: FTP & SSL
>Arun Venkataraman wrote:
>>
>> This is an old gripe :( Ppl don't seem to have at
This is an old gripe :( Ppl don't seem to have attempted seriously to use
SSL over something else other than http. Try
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps for a SSL-ftp client and server on
Unix. These may be outdated though. I haven't come across an implementation
on Windoze.
Arun.
-O
Electric Fence is one, though I haven't used it myself. I am not sure if it
is as good/better/worse than purify.
Arun.
-Original Message-
From: Richard Dykiel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 15, 2000 12:45 PM
Subject: RE: FW: multithread
After you have made the distribution,
In demos/ssl, you go:
"gcc -I ../../include cli.cpp ../../libssl.a ../../libcrypto.a"
Arun.
-Original Message-
From: Blahamuha <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 15, 2000 9:25 AM
Subject: Compiling cl
Looks like ur linux installation needs some tuning. I have a symlink in my
/usr/include/ directory which points to /usr/src/linux/include/linux/ which
contains an errno.h. The make seems to be looking for this file and not
finding it on your system. Perhaps you can check to see if a errno.h exist
SSL_shutdown() sends a message to the peer, indicating that the session is
over. If you do SSL_clear() and try to reuse the same SSL structure for
another session, note that you do need to do a SSL_shutdown() to the peer
before that.
SSL_set_shutdown() turns on something called a "preemtive" shut
If you are talking abt reusing SSL structures, you can do
SSL_clear(sslp) and SSL_set_session(sslp, NULL) to try and reuse the old
session. This way, you need not free(). It worked for me. Same holds for
SSL_accept. The only caveat is that you need to use the same method (SSLv23,
SSLv3 etc.) as be
Hello,
I am developing a server side SSL application. I know that you can minimise
renegotiation of SSL connections by using a session cache, which basically
stores info about previously negotiated connections. I also know that the
session-cache timeout is a configurable value.
* By default, how
>I have the following error:
>[Thu May 25 15:10:26 2000] [crit] unable to set private key
>[Thu May 25 15:10:26 2000] [crit] error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch
>[Thu May 25 15:10:26 2000] [error] ApacheSSLSetCertStuff failed
Most likely, the key
>Does 0.9.5 support the Cryptoswift line of SSL accelerators? Is anyone
>using one under Solaris 2.6?
AFAIK, it is upto rainbow technologies to provide a patch for OpenSSL 0.95.
I believe a patch of 0.94 is available but I am not sure about 0.95.
Arun.
"The online world is a cool place to vis
I did a project very similar to yours. Assuming you know how to handle
blocking and non-blocking sockets using SSL (and reuse the SSL structure, if
you want), initialization is a cinch. Refer to the cli.cpp and serv.cpp
example written by sampo kellomaki in demos/ssl. You will find all the info
yo
We do SSL webhosting distributed over multiple webservers. Each customer we
host gets a domain called customer.speedera.com, so to avoid browser
warnings, we need a new certificate per customer distributed out to all the
SSL webservers. Is it possible to get a *.speedera.com certificate so we can
I think there is an option ("-new", is it?) which causes the CSR generating
utility to read the responses from the screen. So, you input all the values
instead of the utility looking in sslc.cnf...I haven't tried this on NT
though.
Arun.
"The online world is a cool place to visit, but you
U need to include the libraries in your compilation. Something like:
gcc -lcrypto -lssl -ocli cli.cpp.
Arun.
-Original Message-
From: Tewari, Vijay <[EMAIL PROTECTED]>
To: 'Open-SSL' <[EMAIL PROTECTED]>
Date: Wednesday, May 10, 2000 9:15 AM
Subject: Compilation Problems
>Hi,
>I am newb
32 matches
Mail list logo
