> Ok, SSL_VERIFY_PEER enforces all verification errors to be enforced,
> thus SSL_connect() will result in hard failure, as shown below.
> You will never reach the SSL_get_verify_result() below.
No, you are right, Ive been trying stuff...
> > openssl req -config ${MIX_HOME}/ssl/openssl.cnf -new
ssl/ca/cert${MY_ID}.pem)
ln -s ${MIX_HOME}/ssl/ca/cert${MY_ID}.pem
${MIX_HOME}/ssl/ca/$HASHNAME.pem
Can anybody see where the problem lies.
/Douglas
--
--
Douglas Wikström <[EMAIL PRO
Hello!
Right now I am using the normal way of identification, using a CA-cert,
and certs signed using the key of the CA-cert. I.e. something like:
openssl req -config ${MIX_HOME}/ssl/openssl.cnf -new -keyout
$MIX_HOME/ssl/key.p
em -out $MIX_HOME/ssl/newrequest.pem -nodes
openssl ca -batch -conf
Hello!
I use this when initializing.
SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, SSL_FILETYPE_PEM)
what is the correct way of accessing this keyfile later. I.e. I would
like to say:
skey = ssl_ctx->private_key;
or similar.
/Douglas
__
Goetz Babin-Ebell wrote:
>
> Greg Stark wrote:
> That the biggest problem in security is between keyboard and chair.
> The user has to know what he is doing.
> Normal user don't.
> So all computer security is faulty...
As is all cars, airoplanes, etc when a human subroutine is added :-)
/D
_
SL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
--
Douglas Wikström <[EMAIL PROT
hello.
This is a little of topic, please excuse me :-)
Is there an opensource, or at least linux equivalent of purify
somewhere?
/Douglas
--
--
Douglas Wikström <[EMAIL PROTEC
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
> if (pkey==NULL) printf("read error!");
>
>
>
> Best Regards!
>
> TechInfo Group
--
--
Douglas Wikström <[EMAIL PROTECTED]>
--
. Another nice feature of any listserver would be
to cache the last msgs and dont remail multiple identical msgs. In fact
I will try to figure out how to make my mail-app do the eq for me.
/Douglas
>
> Amanda.
>
> On Tue, 15 Aug 2000, Douglas Wikström wrote:
> > This is c
EVP_VerifyFinal(&md_ctx_veri, buf, acklen, pkey)
Does anybody know of an issue prohibiting removal of the lines marked ##
and using only one digest buffer in the pseudocode above?
/Douglas
--
----------
D
---
> Black holes are, where god devided by zero.
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
-
server side.
Not many certs are involved, a root-cert + a server cert for each server
to be administrated.
using anonymous https is pointless, since it jeopardizes (how do you
spell this? :-) the admin-pwds.
sorry, dont know mac-ish issues.
--
------
___
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
---
ser Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
--
Douglas Wikström <[EMAIL PROTECTED]>
NULL,NULL)) == NULL)
> {
> BIO_printf(bio_err,"Error reading certificate in %s\n",
> cert);
> goto err;
> }
> ok = 0;
> err:
> if (b
if (!X509_verify_cert(csc)) {
fprintf(stderr, "Verification of cert failed!\n");
exit(1);
}
X509_STORE_CTX_free(csc);
Any hints, clarifying comments, or pointers to docs are very welcome.
Best regards:
Douglas
--
---
Hello!
Could anybody hint me on functions to dump a X509 cert to file and then
recreate it in memory?
/Douglas
--
--
Douglas Wikström <[EMAIL PROTECTED]>
--
Yes, God created Man
ssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
----------
Douglas Wikström <[EMAIL PROTECTED]>
--
Yes, God cr
; So lets not waste our time calling up RSA and asking stupid questions, ok?
I would say this is a natural question to ask when selling a solution to
somebody. Failing to do so would be doing a bad job.
/douglas
--
--
Douglas Wikström <[EMAI
gt; this right. This implies finding someone who -really- knows what
> they're doing and having them find proven, peer-reviewed approaches
> and implementations. Good crypto is no place for amateurs, and even
> the pros require peer review to catch mistakes---no one is
___
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
-
transactions?" Implementing or mandating the use I
> believe just as big a marketing problem as a technical problem.
I agree, this is not a tech problem.
--
--
Douglas Wikström &l
tomated List Manager [EMAIL PROTECTED]
--
--
Douglas Wikström <[EMAIL PROTECTED]>
--
Yes, God created M
//www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
--
Douglas Wikström <[EMAIL PROTECTED]>
--
mouse randomly? or rather how
do you know when you have enough entropy? (if you restrict the way the
user tip you reduce the uncertainty again :-)
/Douglas
--
--
Douglas Wikström <[EMAIL PROTECTED]>
---
Hello!
> It is first time for me to work on your
> "openssl" security software.So iam requesting you to
> send me the testing program(for client&server)in "C"
> which uses your"openssl API"functions of C
> language.when i run that (the program that you are
> going to send )programs(client program
Hello!
> > I found "Applied Cryptography - Protocols, Algorithms, and Source Code
> > in C", by Bruce Schneier, second edition, to be very useful. The ISBN
> > is 0-471-11709-9.
>
> I also found "SSL and TLS Essentials", Stephen Thomas, Wiley Computer
> Publishing, ISBN 0-471-38354-6 to be q
Hello everybody!
Ive written a tiny webserver that handles http and https requests. Ive
manufactured a CA cert in DER format which I deliver to a webserver by a
simple link:
Load CA cert into your browser
After clicking a couple of dialogs Navigator treats the cert as a root
ca. This ofcourse a
28 matches
Mail list logo