Hi,
I am using openssl 0.9.8b on CentOS 5.2 and I see some behaviour that I
cannot understand. I am using the SSL_CTX_set_verify(SSL_VERIFY_PEER) on
both the client and server. The certificate chain has a root with multiple
levels then the end entity certs. If the CRL has expired for the CA tha
stems. For Linux see
> /proc/sys/kernel/random/poolsize
>
> Glenn
>
>
> On Wed, Jun 11, 2008 at 7:52 AM, Bruce Keats <[EMAIL PROTECTED]> wrote:
>
>> I forgot to mention that the systems in question are severs that do not
>> have the keyboard or mouse as sou
I forgot to mention that the systems in question are severs that do not have
the keyboard or mouse as sources of entropy. Yes indeed, the problem seems
a lack of entropy. What I find surprising is that on these systems, I seem
to be able to get approx 400 bytes from /dev/random and it doesn't mat
I have noticed that some linux systems (CentOS 5.1, FC7 and FC8) that
RAND_load_file("/dev/random", 1024) can take a long time (20 minutes). If I
do an strace on the process, I see that it is doing reads on /dev/random and
getting back 8 or 9 bytes. I assume that what is happening here is that
R
The code was release in 2006. Does anyone know if a newer version will be
released soon?
Bruce
On Tue, Jun 3, 2008 at 7:00 PM, <[EMAIL PROTECTED]> wrote:
> No docs, but there is working code here:
>
> https://www.openca.org/projects/ocspd/
>
> Best,
> Max
>
> Quoting Brian Smith <[EMAIL PROTEC
After much head scratching, I tracked down the issue to the negotiated
cipher suite. I had left in a cipher suite that didn't have DH support, so
it ended up picking the one that didn't support DH (only one in common).
Bruce
On Wed, May 7, 2008 at 1:39 PM, Bruce Keats <[EMAIL PROT
Hi,
I am implementing a server that accepts connections from clients over SSL.
I am using Fedora Core 7 which comes with openssl 0.9.8b. I create an SSL
CTX and I disable the SSL session cache (SSL_CTX_set_session_cache_mode),
set the SSL_OP_SINGLE_DH_USE flag (SSL_CTX_set_options) and setup the
t;
> Thanks,
> Zhang Cong
>
> On Dec 21, 2007 2:24 AM, Bruce Keats <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I have an TLS/SSL client I wrote using openssl and I was wondering if I
> have
> > to do anything special to verify if a certificate was revoked in
Hi,
I have an TLS/SSL client I wrote using openssl and I was wondering if I have
to do anything special to verify if a certificate was revoked in one of the
CRLs taken from one of the CDPs? Is there special code or calls I need to
make in the verify_callback() that is installed by SSL_CTX_set_ver
ECTED]> wrote:
>
> On Mon, Oct 29, 2007, Bruce Keats wrote:
>
> > Hi,
> >
> > I have been trying for a couple of days now to test an OCSP responder,
> but I
> > am having problems getting the openssl OCSP client to send the OCSP
> requests
> > to the
10 matches
Mail list logo
