Perhaps not on an OpenSSL list?You might try stackoverflow.comCharlesSent from
a mobile; please excuse the brevity.
Original message From: Dawn Cassara
Date: 8/5/19 5:53 PM (GMT-05:00) To: openssl-users@openssl.org Subject:
documentation on installation Where would I find the
Temporary solutions that "work" tend to become permanent solutions.
That's how products end up shipping with hard-coded admin passwords or similar
back doors.
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Hu
about something you already knew?
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Eliot Lear
Sent: Tuesday, January 15, 2019 7:29 AM
To: openssl-users@openssl.org
Subject: [openssl-users] in the department of "ain't no perfect&quo
I suspect the problem was that the underlying TCP connection was still
hanging.
I have never in my life touched SO_LINGER. There is no socket duplication,
fork(), or the like.
Thanks again,
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
ard to picture any meaningful data
transfer and (3) we are in a session cleanup situation anyway -- so it seems
to me that an abortive disconnect is perfectly fine. Am I wrong?
Thanks for all of your help.
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl
t()
Thanks again!
Charles
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Karl Denninger
Sent: Friday, January 11, 2019 10:04 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Close TCP socket after SSL_clear()?
On 1/10/2019 17:07, Charles Mill
bove logic in any other way?
The code basically "works" but I see evidence that a Windows TCP session is
still open following an SSL error.
Thanks,
Charles Mills
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Those darned customers are asking for it!
I do understand the privacy exposure. Don't know if the customers do or do
not.
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Monday, December 3, 2018 12:40
r with all of the ins and outs of Windows.
OCSP and OCSP stapling are currently higher on my wish list than this.
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Michael Wojcik
Sent: Monday, December 3, 2018 10:58 AM
To: openssl-users@
LOL. Amen to that. It has gotten a WHOLE lot better. I started with OpenSSL
somewhere around 2010 and the documentation was EXTREMELY sparse to say the
list. Lots of functions documented as "under construction."
Charles
-Original Message-
From: openssl-users [mailto:openssl-
e issue in mind if a problem
comes up.
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Sunday, December 2, 2018 5:50 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Question on ne
lying real problem is. That
said, I would suggest that "Provided chain ends with untrusted self-signed
certificate" still does not really convey "no relevant CA certificate found
in the provided path."
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-
Do I need to say no calls to SSL_CTX_set_client_CA_list() nor any of the
three related functions listed on the man page?
Charles
From: Charles Mills [mailto:charl...@mcn.org]
Sent: Sunday, December 2, 2018 4:38 PM
To: 'openssl-users@openssl.org'
Subject: Question on ne
Sorry, I do not have a packet capture tool configured.
I have a verify callback with a lot of trace messages. I can see that it is
only entered once; X509_STORE_CTX_get_error_depth() is 1.
Does that tell us anything useful?
Charles
-Original Message-
From: openssl-users
pancy. I'm especially wondering if I
have set a trap that will spring down the road: "yes it works, but if a user
does X then it will not work."
Thanks!
Charles
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
t, and generated the
certificate, and loaded it into the certificate store.)
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Saturday, December 1, 2018 12:47 PM
To: openssl-users@openssl.org
Subject: Re: [openssl
g process imply trust? Then
the error message should be "untrusted CA certificate," no? (There is only
one certificate in the CApath folder.)
Am I missing something?
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Vik
x27;t work that way." I
would reply "I understand. I'm asking you to change the code."
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Friday, November 30, 2018 3:35 PM
To: openssl-users@ope
Thank you, yes, that solved it.
May I respectfully suggest that you consider improving the error message?
"Self-signed certificate in certificate chain" does not to me convey "No
certificate hash links" (or "CA certificate not found in hash links").
Charles
-
works as a CAfile. Can someone give me some guidance here?
FWIW I specify SSL_CTX_set_verify(sslContext, SSL_VERIFY_PEER,
verify_callback);
Thanks,
Charles
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Not to disagree of course, but you can always put printf's in your callbacks
to confirm.
CharlesSent from a mobile; please excuse the brevity.
Original message From: "Salz, Rich via openssl-users"
Date: 4/13/18 3:22 PM (GMT-05:00) To:
openssl-users@openssl.org Subject:
The CA’s certificate validity is
Not After : Nov 18 17:39:38 2024 GMT
Charles
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
warron.french
Sent: Monday, November 6, 2017 4:02 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Help with making a
rd
Here is what I end up with:
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Charles Mills Consulting, LLC, ST=California,
C=US/emailAddress=charl...@mcn.org, O=Charles Mills Consulting, LLC
Validity
Not Before: Nov 6 19:13:09 2017 GMT
Not
Works like a champ! Threaded code is handling 800 TLS server sessions with
nary a callback in sight.
Charles
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Paul Dale
Sent: Wednesday, October 18, 2017 5:04 PM
To: openssl-users@openssl.org
Subject: Re: [openssl
Got it. Thanks,
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Richard Levitte
Sent: Thursday, October 19, 2017 12:19 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Where is mttest.c?
In message <131801d34
Sorry - OpenSSL is not what I do every day.
I see in the man pages a reference to crypto/threads/mttest.c. I've got the
1.1.0f tar and the crypto directory does not contain a threads directory.
Where do I find mttest.c?
Thanks,
Charles
--
openssl-users mailing li
Wow! Thanks.
You are saying to just drop out this array, and the two
CRYPTO_set_..._callback() functions, and the functions they reference?
Charles
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Paul Dale
Sent: Wednesday, October 18, 2017 2:14 PM
To
get an array of
the size returned by a call to CRYPTO_num_locks(void)? Is that correct?
Anything else I need to do in this regard?
Thanks,
Charles
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
That was it... thank you so much!!!
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charles.ba...@allworx.com | 585.421.5565
From: openssl-users [openssl-users-boun...@openssl.org] on behalf
de to figure out how
control is supposed to get passed to an engine - I believe this happens in
evp_enc.c.
Something tells me I'm just missing something fundamental here... like a
configuration option on build or maybe something I missed in openssl.conf.
Does anybody have any expertise in this
x27;.
For reference, I am running the following:
linux kernel v 3.19
openssl v 1.0.1m
running on a TI am3352
Any help on why digests seem to be working with the af_alg engine but ciphers
do not would be much appreciated.
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream com
n a vector.
This conversation also helped me find some other places where I wasn't properly
freeing reference counted OpenSSL structures.
Thanks for the help!
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charles.ba...@allworx.com
y free the X509* that I pass
to that argument if I am subsequently calling SSL_CTX_free on the CTX. In
retrospect that doesn't sound correct. I will fix my code to free the X509s as
well as the CTX and see if that is my issue.
Thank you everybody for all of the help!
Charles A. Barbe
To set the record straight, I am told that a PTF (IBMese for patch) is
required for z/OS V1R13 to support TLS v1.2.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Friday, November 21, 2014 12:07
be required for things that FIPS requires. (A corollary would seem
to be that z/OS V1R13 does not support current FIPS requirements but don't
quote me on that.)
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf
tic void
clearCertsVector(CERTS_VECTOR* certs)
{
//Not freeing certs because they will be
// freed when context is destroyed
if(certs != NULL)
{
certs->clear();
}
}
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester
is pretty clearly not FIP
140-2 compliant.
Hmm. I had this note partly composed when Dr. Henson's reply came in. I am
thoroughly mystified.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell
Sent: Friday, Nove
ccept... I just need to figure out how to ask OpenSSL to free it.
Thanks so much for the help.
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charles.ba...@allworx.com | 585.421.5565
From: owne
I posted the certificates. What's next?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell
Sent: Wednesday, November 19, 2014 3:35 PM
To: openssl-users@openssl.org
Subject: Re: SSL alert number 51
ons and they all do the
following before they exit:
ERR_remove_thread_state(0);
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charles.ba...@allworx.com | 585.421.5565
From: owner-openssl
I see your point but I cannot have memory allocated when my application shuts
down. This constraint is related to the fact that this is an embedded VoIP
system.
Thanks for the response!
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY
te at s3_srvr.c:3365
0x0868b864: ssl3_accept at s3_srvr.c:418
0x086982f4: ssl23_get_client_hello at s23_srvr.c:657
0x08698bb8: ssl23_accept at s23_srvr.c:213
Any help would be appreciated.
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charl
this is probably my
last reply for ~36 hours.
Thanks for your help. I really appreciate what you folks do.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Wednesday, November 19, 2014 4:53 PM
To
- DHE is 1024
- RSA is 2048
Server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Charles Mills Consulting, LLC, ST=California,
C=US/emailAddress=charles
m...@mcn.org, O=Charles Mills
nd use
otherwise identical parameters then this error occurs. (Cipher Suite 39 is a
valid FIPS 140-2 cipher suite, according to the IBM GSK documentation.)
I don't think that an s_client test would be terribly informative, seeing as
I can connect with the actual client software.
Back to you ...
Good day -
Can anyone offer some clues on
10280:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:.\ssl\s3_pkt.c:1275:SSL alert number 51
OpenSSL 1.01h is the server, running on Windows 7 Pro 64 bit.
Thanks,
Charles
me is restricted to the PrintableString (SIZE (2)) type
which is a restricted subset of DirectoryString?
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charles.ba...@allworx.com | 585.421
Yet openssl verify said OK to both of my certificates against the CA
certificate... so is it incorrectly neglecting to compare the types when it
tries to build the chain of certificates?
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY
Thompson [dthomp...@prinpay.com]
Sent: Monday, July 07, 2014 4:03 PM
To: openssl-users@openssl.org
Subject: RE: Certificate problem
> From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
> Sent: Sunday, July 06, 2014 22:42
> I have the following certificates and associate
CHAD
On Jul 7, 2014, at 11:03 PM, "Dave Thompson" wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
>> Sent: Monday, July 07, 2014 21:59
>
>> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
>>
>> One thi
CHAD
> On Jul 7, 2014, at 11:11 PM, "Jeffrey Walton" wrote:
>
> On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles
> wrote:
>> I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
>>
>> One thing I did try today was to have both servers genera
om: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Barbe, Charles
> Sent: Sunday, July 6, 2014 8:42 PM
> To: openssl-users@openssl.org
> Subject: Certificate problem
>
> I'm having a problem with generating certificates and I'
As I said in another note, I will try to send the certs tomorrow. Thanks for
the help!
CHAD
> On Jul 7, 2014, at 4:42 PM, "Kyle Hamilton" wrote:
>
>
>> On 7/6/2014 7:41 PM, Barbe, Charles wrote:
>> Does anybody have any suggestions on where to look to fig
risk attaching them but i still need the approval.
Thanks for responding!
CHAD
On Jul 7, 2014, at 4:03 PM, "Dave Thompson" wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
>> Sent: Sunday, July 06, 2014 22:42
>
>> I have the follow
I'm having a problem with generating certificates and I'm wondering if anybody
has any suggestions on where to look.
I have the following certificates and associated private keys:
A - certificate A generated with one version of my software not using openssl
B - certificate B generated with a ne
To expand on this question a little more, is it safe to just create one
SSL_CTX* at initialization of my server that will be used each time a new
client connects when i do SSL_new(ctx)?
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY
my call to
SSL_CTX_use_PrivateKey. Is that safe or should I be copying my EVP_PKEY for
each connection?
Thanks!
Charles A. Barbe
Senior Software Engineer
Allworx, a Windstream company
245 East Main St | Rochester NY | 14604
charles.ba...@allworx.com | 585.421.5565
Hello,
I have implemented an SSL server on the ecos platform and it seems to be
working well however I am a tiny bit unclear about the requirements around
whether or not calls to SSL_read and SSL_write need to be syncrhonized and I
want to avoid doing something incorrect. The specific question
I've noticed what appears to be a bug in the OpenSSL 1.0.1e 586
assembly-optimized AES_cbc_encrypt function when encrypting data that is> 1
block in length, but not an integral multiple of the block size. Specifically
it appears that when encrypting the partial-block "tail", the block is XOR-ed
Thanks Mat - that info really helps. I validated your input and queried the
private key file - which indeed pointed to handles on the HSM. For further
validation - i tried to sign using the sautil output key file on another box
w/o hsm and it failed.
- Simon Charles -
> From: argem
# sautil -l "my-rsa-private-label" g 2048
# openssl req -engine LunaCA3 -new -nodes -key "my-rsa-private-label"
-keyform ENGINE -out tmpkey.req -days 30
Which works but when using openssl ca routine - it is not able to find / load
the keys
- Simon Charl
here. Any help would be much
appreciated.
Thanks.
- Simon Charles -
> Subject: Re: Openssl default_ca values while using HSM - LunaCA3
> From: ppatter...@carillon.ca
> Date: Thu, 13 Dec 2012 13:54:11 -0500
> To: openssl-users@openssl.org; charlessi...@hotmail.com
>
> Hello
/usr/local/openssl/ssl/bin/openssl version
OpenSSL 1.0.0e 6 Sep 2011
- Simon Charles -
> Date: Thu, 13 Dec 2012 19:53:40 +0100
> From: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re: Openssl default_ca values while using HSM - LunaCA3
>
> On Thu, D
6D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:
* Looks like it is trying to read the key from disk on not from the HSM.
Thanks.
- Simon Charles -
> Date: Thu, 13 Dec 2012 15:48:09 +0100
> From: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re:
All ,
What would the default_ca section look like while using LunaCA3 HSM for
storing CA private key. Openssl looks for certificate and private_key on disk -
how do i make openssl ca routine aware of private keys on the HSM ( LunaCA3 )
Thanks.
- Simon Charles -
. Openssl looks for certificate
and private_key on disk - how do i make openssl ca routine aware of
private keys on the HSM ( LunaCA3 )
Thanks.
- Simon Charles -
. What the heck do
I do?" Examples are good, but they are not the only, and perhaps not the
best, way of presenting task-oriented documentation. (The trouble with an
example is one sometimes finds oneself asking "do I HAVE to do it that way,
or did that writer just CHOOSE to do it that
parameter of 1 meant No and 2 meant Yes, and a programmer had coded it passing
a value of true, intending it to mean Yes, but which the compiler (of course)
accepted and the function saw as a parameter of 1 (= No)?
Charles
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us
EXACTLY!
Charles
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Sanford Staab
Sent: Tuesday, November 13, 2012 12:53 PM
To: openssl-users@openssl.org
Subject: Re: I can't believe how much this sucks
Couldn’t agree more Ted. I think the b
”?
Charles
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Sanford Staab
Sent: Tuesday, November 13, 2012 10:35 AM
To: openssl-users@openssl.org
Subject: I can't believe how much this sucks
I have been struggling with openssl for a few month
A struct tm is only granular down to whole seconds, right?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Wednesday, November 07, 2012 9:33 AM
To: openssl-users@openssl.org
Subject: Re: Find
Absolutely!
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrey Koltsov
Sent: Tuesday, October 30, 2012 4:08 AM
To: openssl-users@openssl.org
Cc: Indtiny s
Subject: Re: https server using openssl
Hi.
I think that
the question that I asked (whether *applink* was
SSL-specific).
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Monday, October 29, 2012 11:52 AM
To: openssl-users@openssl.org
Subject: RE: Trouble w
You should at least look into it. I am not sure what the defaults are
without looking at the docs. Try setting SSL_OP_ALL (sounds good to me) |
SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should
(IIRC) leave you able to accept SSL v3, TLS v1, and TLS v1.1.
Charles
From
Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
BTW, openssl-users (not -dev) is the proper forum for this sort of
questions.
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us
x or some such, but the original checksum I think
is always computed on what came before it. The bi-sync CRC-16 (boy, am I
dating myself!) was computed that way IIRC.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Beha
used." Ridiculously
complex, but a definitive explanation, FWIW.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Thursday, October 25, 2012 2:00 PM
To: openssl-users@openssl.org
Subject: RE: Trouble
Nor does *.domain.com work for domain.com, correct?
Just out of curiosity, do you perceive a trust constrain there (for any
real-world situation)?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent
ked with OpenSSL I could
not necessarily turn it into a .DLL that exported services to calling
programs?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Wednesday, October 24, 2012 12:19 PM
Not sure if it is relevant but are you calling SSL_library_init()?
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mitchell, Daniel F
Sent: Tuesday, October 23, 2012 12:05 PM
To: openssl-users@openssl.org
Subject: Trouble with Windows DLL
Msdn.com is excellent. Good advice, few flames.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
Jeremy Farrell wrote:
If you start openssl.exe, that's the mode it's in by default - waiting for
commands from stdin, writing the output from those commands to stdout. I
be able to get it right.
You are in my experience on the right track using SSLeay_version(). I would
leave it in my code and printf the results on every execution. You never
know when someone is going to install *something* and mess you up.
Good luck!
Charles
-Original Message-
From: owner
OK. Misunderstood the earlier answer.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Thursday, October 18, 2012 12:26 AM
To: openssl-users@openssl.org
Subject: RE: Building an "exportable&quo
using lib/VC/*.
I may change that to MinGW so that the intention is more obvious.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Tuesday, October 16, 2012 5:53 PM
To: openssl-users@openssl.
This is a critical point.
BTW, thanks for the Shining Light Windows build. It's what I am using.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Thomas J. Hruska
Sent: Tuesday, October 16, 2012 8:02 AM
To: o
penSSL must "know" what are the so-called export ciphers.
Would appreciate any additional miscellaneous tips.
Charles
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Whew!
Thanks.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Monday, October 15, 2012 9:51 AM
To: openssl-users@openssl.org
Subject: Re: top 10 mistakes when using libopenssl?
On Mon, Oct
on without error, and report the use of strong
SSL/TLS cipher suites.
What am I missing?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Sunday, October 14, 2012 3:56 AM
To: openssl-users@openssl.o
upport.godaddy.com/help/article/567/what-is-a-wildcard-ssl-certifica
te (They'd love to sell you one; this is not an endorsement.)
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Thursday, October
exactly the same
as one of the names (including alternates) in the certificate. (You can
wildcard the last node in the alternate names.) myserver is not the same as
myserver.com
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Derek Cole
Sent
the problem of a client certificate that "got away" into the wild, right?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Wednesday, October 10, 2012 12:48 PM
To: openssl-users@openssl.o
generation (CRL
*success* outputs no messages)
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Derek Cole
Sent: Thursday, October 11, 2012 3:14 PM
To: openssl-users@openssl.org
Subject: OpenSSL cert authority with no database
Hello,
Is there a
Aren't you talking here about the client's validation of the server's
credentials? That's useful information, but my question was about server
validation of client certificates ...
Charles
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-opens
Dave, any thoughts on my original question? My thread kind of got hi-jacked.
Charles
-Original Message-
From: Charles Mills [mailto:charl...@mcn.org]
Sent: Saturday, October 06, 2012 9:52 AM
To: openssl-users@openssl.org
Subject: Best practice for client cert name checking
I have
Trying to achieve client authentication.
Should I have said "certificate signed by a CA known to the server"?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Ben Laurie
Sent: Saturday, October 06, 2012 1
Thanks. I'm a relative newbie to this whole topic. Can you point me to a
resource that describes "pin" in the sense you use it below? The word is too
common for the Google to be much help.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:o
ed in the whitelist?
Comments?
Charles
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Ma
http://www.openssl.org/related/binaries.html
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of engineermike
Sent: Friday, October 05, 2012 9:37 AM
To: openssl-users@openssl.org
Subject: OpenSSL running on Windows XP/2003/7
Hello,
I&#x
I hear you (whoever you are!).
It's a playpen CA. I'm a software developer. These certificates will never be
allowed out into the wild.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of lists
Sent: Thursda
I deleted index.txt and reset serial.txt to 00 and that solved the problem.
Hope that was not a terrible idea.
I understand that I have lost the ability to revoke any previous
certificates.
I won't edit index.txt again.
Charles
-Original Message-
From: Charles Mills [mailto:
1 - 100 of 390 matches
Mail list logo
