correctly in my stunnel code. And also, if i do the
nmake -f ms\ntdll.mak install, *.lib files in the out32dll.dbg folder do
not make it to the lib folder of my install directory. They are in there
for the precompiled binaries. Were those just copied in by hand?
On Fri, Nov 14, 2014 at 3:11
Hello,
I am noticing that when I install the OpenSSL bundle from
http://slproweb.com/products/Win32OpenSSL.html
The lib folder gets a lot of .lib files in it that are corresponding to the
engines such as capi.lib
How can I compile OpenSSL to generate those same lib files? Is it simply a
matter o
Hello,
I am acting as my own cert authority so the index.txt file is constantly
being updated as I generate new certs. However, I have noticed that things
like the DB_file field are never used in the CA program.
Is it safe for me to write some custom code that will take advantage of
that field?
Just to update - I found the section in one of the apps that copies the
extensions from the request. I was able to enable the EXT_COPY_ADD and was
able to get my SANS in the cert as well as the request.
On Wed, Apr 24, 2013 at 6:44 PM, Derek Cole wrote:
> Hello,
>
> I have some code w
Hello,
I have some code which I am using to generate a CSR and some code which I
am using to generate a cert using my cert authority.
If I view the CSR, I can see that my alt names were added correctly. If I
view the cert itself, the altnames are not there. I had kind of thought
that if I had a C
Hello all,
I am curious about how something should work relating to some self signed
certs I am trying to use. It has been a while since I was messing with
this.
I have a webserver setup for my internal webmail at https://examplemail.com.
however, that site redirects to https://mail.mycompany.com
, but wouldn't it be easier to just choose
> eNULL cipher when no encryption is needed ?
>
> Le 09/11/2012 06:08, Derek Cole a écrit :
>
> Hello,
>>
>> I have a server running that I am accepting both SSL and non SSL traffic.
>> Currently I check the traffic
Hello,
I have a server running that I am accepting both SSL and non SSL traffic.
Currently I check the traffic first and if the first part of the TCP data
looks like an SSL header, I send it off to an OpenSSL socket to be read. If
it's plaintext, I just read it right there on that socket.
Is it p
As I am thinking about this a little more - I guess that the SSL_new and
SSL_accept handles all of the SSL handshake negotiation as well, that would
have to be manually handled if you were trying to decrypt on the fly?
On Wed, Oct 31, 2012 at 2:23 PM, Derek Cole wrote:
> To be clear - I h
decrypting
the TCP payload "automatically" as the SSL socket does when you stand up a
SSL_CTX and use SSL_new with that context?
On Wed, Oct 31, 2012 at 2:06 PM, dreamwvr wrote:
> On 10/31/12 11:21 AM, Derek Cole wrote:
>
>> Hello,
>>
>> Is it possible to
Hello,
Is it possible to use libpcap to detect an incoming connection (writing all
packets those packets to a socket), then, if using libpcap i determine that
a SSL connection was established , stand up another socket to read the same
file descriptor with the SSL client so that I could use the pro
CA cert?
Thanks
On Fri, Oct 12, 2012 at 11:22 AM, Derek Cole wrote:
> So I think you were right. I used a command to view the CSR that I
> generated with the following:
>
> openssl req -new -nodes -subj "/CN=www.myserver.com" -out /tmp/file.csr
> -keyout /tmp/privkey.cs
Nevermind.
I didn't realize that I did have the call in there for my socket connect()
(which was in another part of the code for non-ssl connections...it is
needed for both). I had though SSL_connect took care of that too.
On Sun, Oct 14, 2012 at 5:35 PM, Derek Cole wrote:
> Hello,
Hello,
I am trying to use SSL_connect. I have bound a socket to my interface, set
up the context, and call SSL_connect(). This is returning a -1, which I
catch, and call SSL_get_error() to fall through a switch statement. It is
retuning a SSL_ERROR_WANT_WRITE
So I am trying to use pselect in a wh
nssl.org On Behalf Of Derek Cole
> >Sent: Friday, 12 October, 2012 11:22
>
> >So I think you were right. I used a command to view the CSR
> >that I generated with the following:
> >openssl req -new -nodes -subj "/CN=www.myserver.com" -out /tmp/file.csr
> >-keyou
>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
> >Sent: Thursday, 11 October, 2012 19:03
>
> >i have a server that is running a custom app that can accept
> >a SSL connection. I generate a cert on each server, that is
> >signed by my own CA. I tested
Thanks to everyone for the information. I can't recall right now how I set
up the name - I was thinking for sure it was with the FQDN, but I'll double
check. I will do that reading and check tomorrow when I am back at work and
see if I can figure out what is going wrong there.
Thanks
On Thu, Oct
Hello,
I sort of posted about this earlier, but I think this is a more concise
question (as the previous replies were helpful for me to start debugging
the problem).
i have a server that is running a custom app that can accept a SSL
connection. I generate a cert on each server, that is signed by
status of certificate revocation and CRL generation (CRL
> *success* outputs no messages)****
>
> ** **
>
> *Charles*
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *Derek Cole
> *Sent:* Thursday, October 11, 2012 3:
ssl-us...@openssl.org On Behalf Of Derek Cole
> >Sent: Tuesday, 09 October, 2012 21:12
>
> >I am trying to write a server that will accept an incoming SSL connection.
>
> >In psuedo, I have the following chain of function calls
>
> >SSL_CTX_load_verify_locat
Hello,
I am trying to write a server that will accept an incoming SSL connection.
In psuedo, I have the following chain of function calls
SSL_CTX_load_verify_locations(ctx, root_cert_file, root_cert_dir)
SSL_CTX_use_certificate_chain_file(chain file)
SSK_CTX_use_PrivateKey_file(ch
Hi
I was wondering if there is a list of all the hardware accelerators that
openssl supports? Or at the very least if someone can tell
me if this card from Intel would be supported by OpenSSL.
http://www.intel.com/network/connectivity/products/pro100dport_adapter.htm
Regards
/Cole
At 18:52 07/08/01 +0200, you wrote:
>On Tue, Aug 07, 2001 at 05:28:25PM +0100, Garrard Cole wrote:
>> I have an SSL-enabled POP server using OpenSSL 0.9.4. running on Windows NT
>> using non-blocking socket i/o.
>
>0.9.4 is quite old, a lot of bugs have been fixed since
I have an SSL-enabled POP server using OpenSSL 0.9.4. running on Windows NT
using non-blocking socket i/o.
One particular customer has their POP client (Eudora 5.1) setup to check
mail every minute. After about an hour or so, the customer receives a
connection failure and the server log shows the
24 matches
Mail list logo
