Re: keep-alive

2000-09-20 Thread Arun Venkataraman
My experience so far, has been that, if you send a "Connection: Keep-Alive" in the HTTP headers of the object the browser asked for, and not close the connection, the browser will ask you for more objects (if there are any more). It's as simple as that. This works with both IE/Netscape. Arun. --

Re: Using SSL_accept with non blocking socket

2000-09-06 Thread Arun Venkataraman
Hopefully you are doing add_ssl_algorithms(..) (and a helpful SSL_load_error_strings(..)) in the beginning. Also, did you try ERR_print_errors_fp(stdout) and see if something appears? I may be restating the obvious here. The usual way I detect errors is to do a SSL_get_error(..) and do a switch-c

Re: using ssl in http protocol

2000-08-24 Thread Arun Venkataraman
-Original Message- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Thursday, August 24, 2000 6:50 PM Subject: re: using ssl in http protocol >a question about persistent mode in http > >if in keep-alive mode, in the server side, how can i recong

Re: Netscape 4.5 Bug ?

2000-08-24 Thread Arun Venkataraman
I am not sure if this is indeed the source of the problem, but to deal with export browsers with a 1024-bit certificate, one needs to generate a temporary key 512-bits long, since that's all those browsers can handle. In openssl, one does this using SSL_CTX_set_tmp_rsa_callback(...) Arun. "If y

Re: using ssl in http protocol

2000-08-24 Thread Arun Venkataraman
-Original Message- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Thursday, August 24, 2000 6:53 AM Subject: using ssl in http protocol >one question: >http is a connectionless protocol(at least 1.0 is, and i don't know if there are some imple

Re: HELP NEEDED: Persist connection

2000-08-24 Thread Arun Venkataraman
[Moved to openssl-users] AFAIK, SSL_RECEIVED_SHUTDOWN means the **other side** (ie. the server) sent you a shutdown. This could be because you are using HTTP/1.0 and not asking for a Keep-Alive connection in your request. All such connections are required to be shut-down by the protocol. In any

Re: CryptoSwift

2000-08-09 Thread Arun Venkataraman
This question has been asked numerous times. Please check the archives. Arun. "If you torture data long enough, it will admit anything you want.." This message is for the named person(s) use only. It may contain confidential, pr

Re: Is it possible to send Binary Data using SSL_write( )

2000-07-29 Thread Arun Venkataraman
-Original Message- From: Radhakrishna <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Saturday, July 29, 2000 2:44 PM Subject: Is it possible to send Binary Data using SSL_write( ) >Is it possible to send the binary data using

Re: Is there a way to get SSL_Connect to timeout?

2000-07-29 Thread Arun Venkataraman
-Original Message- From: Walsh, Dan <[EMAIL PROTECTED]> To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]> Date: Saturday, July 29, 2000 7:16 AM Subject: Is there a way to get SSL_Connect to timeout? >I am writing a program that connects to one hundred different machines. A >couple of these m

Re: install issues

2000-07-26 Thread Arun Venkataraman
You need the "ar" utility for your platform. If you already have it, make sure it is in your path or get one for your platform. Arun. "The online world is a cool place to visit, but you really don't want to live there." This mess

Re: (no subject)

2000-07-18 Thread Arun Venkataraman
That means nothing more to me that it does to you :) Try ERR_error_string(ERR_get_error(), NULL) instead. Arun. "The online world is a cool place to visit, but you really don't want to live there." This message is for the named pe

Re: (no subject)

2000-07-18 Thread Arun Venkataraman
I believe that for SSL_connect() a return value of 0 also indicates an error. In such a case, you should delve deeper and figure out the exact text message of the error (as lutz suggested). You may see what you have been looking for. Arun. "The online world is a cool place to visit, but you real

Re: Opeen SSL 0.9.5a "make test" Failed! bc: 1 is unimplemented

2000-07-17 Thread Arun Venkataraman
Looks to me like your "bc" program is the culprit here. Check your bc version, try to get the latest for your platform and see if the same problem recurs. HTH. Arun. "The online world is a cool place to visit, but you really don't want to live there." *

Re: certificate verify fails

2000-06-30 Thread Arun Venkataraman
In the future, please do not post such user problems to the developer mailing list. (Should this be a faq :) I am hazarding a guess here. It seems you me that you are trying to use the sample cert supplied with the demo. Note that this is just a dummy certificate and not signed by a "real" CA. Is

Re: Error in handshake: Get client hello B

2000-06-30 Thread Arun Venkataraman
We have a similar application where we reuse a pool of SSL connections. The only difference between our approach and yours is the following piece of code which we execute before reusing an already used SSL structure. SSL_set_session(ssl, NULL); Can you try this and see if the problem recurs? We

Re: base64-encoding with openssl

2000-06-28 Thread Arun Venkataraman
Base64 is a basic encoding mechanism (it is **not** encryption) used by HTTP clients for encoding username and password, for urls that requires user authentication. It is quite simple and there are a lot of implementations freely available (C/Perl/Java). Just do a search on www.google.com to sampl

Re: How do I install a Verisign Cert.

2000-06-19 Thread Arun Venkataraman
If you are using apache, it's very simple to install the cert. Just put it in the directory pointed to by the appropriate setting in ur httpsd.conf file. Arun. -Original Message- From: Murthy, Ashok P. <[EMAIL PROTECTED]> To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]> Date: Monday, June 19,

Re: how to free up stuff allocated by SSLeay_add_ssl_algorithms() - openSSL

2000-06-16 Thread Arun Venkataraman
how to free up stuff allocated by SSLeay_add_ssl_algorithms() - openSSLI would like to know also. I have seen a SSL_library_cleanup() in the BSafe API, but nothing comparable in OpenSSL. Arun. >-Original Message- >From: Arora Meenakshi <[EMAIL PROTECTED]> >To: Openssl-Users (E-mail) <[EM

Re: FTP & SSL

2000-06-16 Thread Arun Venkataraman
-Original Message- From: Michael Sierchio <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Friday, June 16, 2000 10:14 AM Subject: Re: FTP & SSL >Arun Venkataraman wrote: >> >> This is an old gripe :( Ppl don't seem to have at

Re: FTP & SSL

2000-06-16 Thread Arun Venkataraman
This is an old gripe :( Ppl don't seem to have attempted seriously to use SSL over something else other than http. Try ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps for a SSL-ftp client and server on Unix. These may be outdated though. I haven't come across an implementation on Windoze. Arun. -O

Re: FW: multithreaded crypto functions

2000-06-15 Thread Arun Venkataraman
Electric Fence is one, though I haven't used it myself. I am not sure if it is as good/better/worse than purify. Arun. -Original Message- From: Richard Dykiel <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Thursday, June 15, 2000 12:45 PM Subject: RE: FW: multithread

Re: Compiling cli.cpp

2000-06-15 Thread Arun Venkataraman
After you have made the distribution, In demos/ssl, you go: "gcc -I ../../include cli.cpp ../../libssl.a ../../libcrypto.a" Arun. -Original Message- From: Blahamuha <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Thursday, June 15, 2000 9:25 AM Subject: Compiling cl

Re: Make Error

2000-06-15 Thread Arun Venkataraman
Looks like ur linux installation needs some tuning. I have a symlink in my /usr/include/ directory which points to /usr/src/linux/include/linux/ which contains an errno.h. The make seems to be looking for this file and not finding it on your system. Perhaps you can check to see if a errno.h exist

Re: SSL_set_shutdown, SSL_shutdown

2000-06-13 Thread Arun Venkataraman
SSL_shutdown() sends a message to the peer, indicating that the session is over. If you do SSL_clear() and try to reuse the same SSL structure for another session, note that you do need to do a SSL_shutdown() to the peer before that. SSL_set_shutdown() turns on something called a "preemtive" shut

Re: SSL_free

2000-06-13 Thread Arun Venkataraman
If you are talking abt reusing SSL structures, you can do SSL_clear(sslp) and SSL_set_session(sslp, NULL) to try and reuse the old session. This way, you need not free(). It worked for me. Same holds for SSL_accept. The only caveat is that you need to use the same method (SSLv23, SSLv3 etc.) as be

Session Cache

2000-06-12 Thread Arun Venkataraman
Hello, I am developing a server side SSL application. I know that you can minimise renegotiation of SSL connections by using a session cache, which basically stores info about previously negotiated connections. I also know that the session-cache timeout is a configurable value. * By default, how

Re: Error (Apache+SSL)

2000-05-25 Thread Arun Venkataraman
>I have the following error: >[Thu May 25 15:10:26 2000] [crit] unable to set private key >[Thu May 25 15:10:26 2000] [crit] error:0B080074:x509 certificate > routines:X509_check_private_key:key values mismatch >[Thu May 25 15:10:26 2000] [error] ApacheSSLSetCertStuff failed Most likely, the key

Re: Cryptoswift 100 ?

2000-05-23 Thread Arun Venkataraman
>Does 0.9.5 support the Cryptoswift line of SSL accelerators? Is anyone >using one under Solaris 2.6? AFAIK, it is upto rainbow technologies to provide a patch for OpenSSL 0.95. I believe a patch of 0.94 is available but I am not sure about 0.95. Arun. "The online world is a cool place to vis

Re: Win32 web server using ssl

2000-05-23 Thread Arun Venkataraman
I did a project very similar to yours. Assuming you know how to handle blocking and non-blocking sockets using SSL (and reuse the SSL structure, if you want), initialization is a cinch. Refer to the cli.cpp and serv.cpp example written by sampo kellomaki in demos/ssl. You will find all the info yo

Certificate Management

2000-05-16 Thread Arun Venkataraman
We do SSL webhosting distributed over multiple webservers. Each customer we host gets a domain called customer.speedera.com, so to avoid browser warnings, we need a new certificate per customer distributed out to all the SSL webservers. Is it possible to get a *.speedera.com certificate so we can

Re: CSR Help

2000-05-11 Thread Arun Venkataraman
I think there is an option ("-new", is it?) which causes the CSR generating utility to read the responses from the screen. So, you input all the values instead of the utility looking in sslc.cnf...I haven't tried this on NT though.   Arun.   "The online world is a cool place to visit, but you

Re: Compilation Problems

2000-05-10 Thread Arun Venkataraman
U need to include the libraries in your compilation. Something like: gcc -lcrypto -lssl -ocli cli.cpp. Arun. -Original Message- From: Tewari, Vijay <[EMAIL PROTECTED]> To: 'Open-SSL' <[EMAIL PROTECTED]> Date: Wednesday, May 10, 2000 9:15 AM Subject: Compilation Problems >Hi, >I am newb