Re: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

> Ok, SSL_VERIFY_PEER enforces all verification errors to be enforced, > thus SSL_connect() will result in hard failure, as shown below. > You will never reach the SSL_get_verify_result() below. No, you are right, Ive been trying stuff... > > openssl req -config ${MIX_HOME}/ssl/openssl.cnf -new

SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

ssl/ca/cert${MY_ID}.pem) ln -s ${MIX_HOME}/ssl/ca/cert${MY_ID}.pem ${MIX_HOME}/ssl/ca/$HASHNAME.pem Can anybody see where the problem lies. /Douglas -- -- Douglas Wikström <[EMAIL PRO

Plain solution

Hello! Right now I am using the normal way of identification, using a CA-cert, and certs signed using the key of the CA-cert. I.e. something like: openssl req -config ${MIX_HOME}/ssl/openssl.cnf -new -keyout $MIX_HOME/ssl/key.p em -out $MIX_HOME/ssl/newrequest.pem -nodes openssl ca -batch -conf

PrivateKey.

Hello! I use this when initializing. SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, SSL_FILETYPE_PEM) what is the correct way of accessing this keyfile later. I.e. I would like to say: skey = ssl_ctx->private_key; or similar. /Douglas __

Re: Kurt Seifred's article on securityportal

Goetz Babin-Ebell wrote: > > Greg Stark wrote: > That the biggest problem in security is between keyboard and chair. > The user has to know what he is doing. > Normal user don't. > So all computer security is faulty... As is all cars, airoplanes, etc when a human subroutine is added :-) /D _

Re: MVS ports

SL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROT

mem leaks?

hello. This is a little of topic, please excuse me :-) Is there an opensource, or at least linux equivalent of purify somewhere? /Douglas -- -- Douglas Wikström <[EMAIL PROTEC

Re: Emergency!How to read PEM encrypted key?

pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin); > if (pkey==NULL) printf("read error!"); > > > > Best Regards! > > TechInfo Group -- -- Douglas Wikström <[EMAIL PROTECTED]> --

Re: Out of office autoreply

. Another nice feature of any listserver would be to cache the last msgs and dont remail multiple identical msgs. In fact I will try to figure out how to make my mail-app do the eq for me. /Douglas > > Amanda. > > On Tue, 15 Aug 2000, Douglas Wikström wrote: > > This is c

Multiple use of digests?

EVP_VerifyFinal(&md_ctx_veri, buf, acklen, pkey) Does anybody know of an issue prohibiting removal of the lines marked ## and using only one digest buffer in the pseudocode above? /Douglas -- ---------- D

Re: Stupid Question

--- > Black holes are, where god devided by zero. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -

Re: openssl and IE5.0 on MacOS

server side. Not many certs are involved, a root-cert + a server cert for each server to be administrated. using anonymous https is pointless, since it jeopardizes (how do you spell this? :-) the admin-pwds. sorry, dont know mac-ish issues. -- ------

Re: Certificates

___ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- ---

Re: openSSL+IE5.0 on macintosh

ser Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROTECTED]>

Re: Got in late in the conversation. Maybe this is what you want

NULL,NULL)) == NULL) > { > BIO_printf(bio_err,"Error reading certificate in %s\n", > cert); > goto err; > } > ok = 0; > err: > if (b

verifying CAcert and cert?

if (!X509_verify_cert(csc)) { fprintf(stderr, "Verification of cert failed!\n"); exit(1); } X509_STORE_CTX_free(csc); Any hints, clarifying comments, or pointers to docs are very welcome. Best regards: Douglas -- ---

Storing and reading X509 to/from file

Hello! Could anybody hint me on functions to dump a X509 cert to file and then recreate it in memory? /Douglas -- -- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God created Man

Re: Netscape Signtool 1.1/1.2

ssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- ---------- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God cr

Re: Legality - just heated up

; So lets not waste our time calling up RSA and asking stupid questions, ok? I would say this is a natural question to ask when selling a solution to somebody. Failing to do so would be doing a bad job. /douglas -- -- Douglas Wikström <[EMAI

Re: Cipher question...

gt; this right. This implies finding someone who -really- knows what > they're doing and having them find proven, peer-reviewed approaches > and implementations. Good crypto is no place for amateurs, and even > the pros require peer review to catch mistakes---no one is

Re: Cipher question...

___ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -

Re: Free CA

transactions?" Implementing or mandating the use I > believe just as big a marketing problem as a technical problem. I agree, this is not a tech problem. -- -- Douglas Wikström &l

Re: Digest openssl mailing lists

tomated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROTECTED]> -- Yes, God created M

Re: Certificate Authority

//www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- -- Douglas Wikström <[EMAIL PROTECTED]> --

Re: setting random seed generator under Windows NT

mouse randomly? or rather how do you know when you have enough entropy? (if you restrict the way the user tip you reduce the uncertainty again :-) /Douglas -- -- Douglas Wikström <[EMAIL PROTECTED]> ---

Re: Douglas!Please help me

Hello! > It is first time for me to work on your > "openssl" security software.So iam requesting you to > send me the testing program(for client&server)in "C" > which uses your"openssl API"functions of C > language.when i run that (the program that you are > going to send )programs(client program

Re: FAQ? (or recommended books) (fwd)

Hello! > > I found "Applied Cryptography - Protocols, Algorithms, and Source Code > > in C", by Bruce Schneier, second edition, to be very useful. The ISBN > > is 0-471-11709-9. > > I also found "SSL and TLS Essentials", Stephen Thomas, Wiley Computer > Publishing, ISBN 0-471-38354-6 to be q

signtool signing and openssl

Hello everybody! Ive written a tiny webserver that handles http and https requests. Ive manufactured a CA cert in DER format which I deliver to a webserver by a simple link: Load CA cert into your browser After clicking a couple of dialogs Navigator treats the cert as a root ca. This ofcourse a