Hello,
When we create DH parameters we have to specify the group (2 or 5).
What does happen if both sides of the connection don't use the same group ?
Best regards,
--
Francis
__
OpenSSL Project
Hello,
Thank to both of you.
Best regards,
--
Francis
Le 17/09/2014 20:38, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Wednesday, September 17, 2014 13:35
We use openSSL in OFTP2 implementation. The OFTP2 working group
decided
to strongly
Hello,
We use openSSL in OFTP2 implementation. The OFTP2 working group decided
to strongly recommend to use preferably the cipher suites including PFS
(ephemeral Diffie Hellman).
So in our iplementation (linked against openssl 1.0.1g) I limited the
list of offered ciphers (client) and prefered
Hello,
From the man page, it looks like signing packages always use SHA1, and
there is no argument to pkcs7_sign and cms_sign functions which would
allow to chose the algorithm.
May be I missed something... Or is there some method to sign with
another hsah algorithm ?
Thanks in advance.
Best
quot;to these values,
like X509_STORE_CTX_get_error or X509_STORE_CTX_get_current_cert, is
mandatory.
Best regards,
Francis GASCHET
Le 18/06/2012 19:51, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Monday, 18 June, 2012 12:06
In my application
...
Best regards,
--
Le 18/06/2012 19:51, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Monday, 18 June, 2012 12:06
In my application, I met some problem when verifying a
certificate which is expired. It worked perfectly in 0.9.8
and I get the
Hello,
In my application, I met some problem when verifying a certificate which
is expired.
It worked perfectly in 0.9.8 and I get the X509_V_ERR_CERT_HAS_EXPIRED
error code, and my verify call back is able to print the issuer and
subject of the "current_cert".
The same code linked with 1.0.
an error to
'select' before calling 'SSL_write' in that state.
Sorry, but I don't understand why it's an error, assumed that you select
not only for read, but also for write if you have something to write.
And also use the timer (last argument of the call to se
first
SSL_read has returned something select is useless.
Anyway I'm blocked in the first SSL_read while SSL is reading the whole
record so both method should give the same result in term of response
time, and the second one is cleaner. Is it correct?
Best regards,
--
Francis GASCHET /
; when it
begins to receive a new record. So if I read only the beginning of the
record because I use a too small buffer, I'll never be notified for the
remaining bytes.
Am I right or did I missed something.
Thanks anyway.
Best regards,
--
Francis GASCHET / NUMLOG
http://www.numlog.fr
Tel.:
thing is ready
to be read and the gateway application gets the second 1500 bytes buffer
and the final 1100 one. And OFTP sends its credit, but its too late !
I can walk around the issue by reading SSL with a 16384 bytes buffer.
But I lose the "broken flow" feature, which is interes
n't activate usually !
So I never saw that the first certificate was correctly inserted during
the first loop !
Anyway I feel like somebody escaping from a psychiatric hospital !
Give me your address : you won a bottle of french wine !
Thanks and best regards,
--
Francis GASCHET / NUMLOG
http:
r are extracted
without any problem in order to print details on the error.
Compilation parameters :
gcc -c -g -ggdb -D_FILE_OFFSET_BITS=64 -Wno-comment -Wno-unused -ansi
-D_BSD_SOURCE -D_XOPEN_SOURCE -Dunix
Both applications are linked with libcrypto and libssl 0.9.8
Thanks in advance
are extracted
without any problem in order to print details on the error.
Compilation parameters :
gcc -c -g -ggdb -D_FILE_OFFSET_BITS=64 -Wno-comment -Wno-unused -ansi
-D_BSD_SOURCE -D_XOPEN_SOURCE -Dunix
Both applications are linked with libcrypto and libssl 0.9.8
Thanks in advance
14 matches
Mail list logo
