Hi All,
Have a basic ECC question, I have a predefined scalar K, and I used the
x9.62 256 prime curve. Invoking the scalar multiplication method
EC_POINT_mul with the generator of that curve, I get a different output,
when compared with wcurve of python.
The curve is fixed, K is fixed but the ge
thick skull. Clarity is a beautiful thing,
> thank you.
>
> ** **
>
> John
>
> ** **
>
> ** **
>
> *From:* owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Gayathri Sundar
> *Sent:* Wednesday, September 12, 2012 10:07 A
Hi John,
I definitely do not agree with charles's email, but what I think he meant
is, you need to write programs to use OpenSSL. Its an installable library,
which you need to invoke from your application using its exposed APIs and
recompile your code, link OpenSSL library and execute for it to wo
unless somebody is gonna tap your LAN connection, I don't see a point in
using SSL. Generally its useful only when you want to send secure
application data over the internet. Intranets are safe esp ur 2 home
computers :).
thanks
--Gayathri
On Tue, Sep 11, 2012 at 11:36 AM, John A. Wallace wrote:
ere be some issue with numerous SSL connections between the same
> parties? Or maybe it's some threading issue - perhaps SSL has some special
> considerations?
>
> ------
> *From:* Gayathri Sundar
> *To:* openssl-users@openssl.org
> *Sent:* Mon
did you try making use of non blocking fd? it cannot deadlock in if you use
that.
Thanks
--Gayathri
On Mon, Jan 16, 2012 at 10:17 AM, Nathan Smyth wrote:
> Just seeking advice/things to consider for deadlock (or 'wait') on a
> SSL_Connect(). Unfortunately it stalls here, so there's no return co
y understanding,Before sending master key to client ,
> server has to maintain the master key. How i can get this in server side? is
> there any code sample or snippet to get this key?
>
>
>
> Krishna
>
> On Tue, Aug 23, 2011 at 11:54 PM, Gayathri Sundar
> wrot
t;
>
> --
> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
> On Behalf Of Gayathri Sundar [suraj...@gmail.com]
> *Sent:* Thursday, August 18, 2011 8:14 PM
> *To:* openssl-users@openssl.org
> *Subject:* Re: hi
>
>
gt; Any help will be great.
>
> Thanks for your time,
>
> Krishnamurthy
>
> On Mon, Aug 22, 2011 at 9:03 PM, Gayathri Sundar wrote:
>
>> Please read the RFC, it would clearly explain how the master secret is
>> dervied, and from that how the read and write keys are d
Please read the RFC, it would clearly explain how the master secret is
dervied, and from that how the read and write keys are derived. With that
you can get to know how to extract the read n write keys. Meanwhile the read
and wirte keys are available as part of the ssl object.
Check that structure
> --
> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org]
> On Behalf Of Gayathri Sundar [suraj...@gmail.com]
> *Sent:* Thursday, August 18, 2011 8:14 PM
> *To:* openssl-users@openssl.org
> *Subject:* Re: hi
>
> Hi,
>
>
Hi,
First of all your question is really strange. Please check your client and
server settings as to which highest ssl version is enabled. Generally SSLv2
should be disabled and never negotiated.
The code your referring to is a piece of code that would be called when
sslv3 is negotiated during the
strace is a unix command wherein u need to attach the process which is
linking with ur openssl library. It would tell the path from which all the
libraries are loaded (for that process) along with a ton of other info. You
would need to search the output of strace manually to figure out ur library
p
Please dont expect much response to this question. Going thro the man pages
of openssl will have all the necessary answers you are expecting. Do you
homework before coding.
Thanks
--Gayathri
On Thu, Jul 14, 2011 at 8:17 AM, Amit Kumar wrote:
> Hi team,
>I am using SSL_Connect() in one of my
Did you implement fd timeouts and appropriate cleanups after some
expiration? It's impossible for non blocking sockets to hang..so I am
assuming ur having a lot of unused fds on ur poll table.
On Friday, July 1, 2011, Harshvir Sidhu wrote:
> Hi,
> I have implemented the state machine in my mana
to s_server, it gives error, "unknown
> protocol"
> Thanks.
>
> // Harshvir
> On Wed, May 25, 2011 at 10:02 AM, Gayathri Sundar wrote:
>
>> So finally u have agreed to my initial suggestion of state machines :)
>>
>> The basic steps in terms of am algo
So finally u have agreed to my initial suggestion of state machines :)
The basic steps in terms of am algorithm are as follows
A. Create the ssl ctx and ssl. Obj
B. Create a pair of memory bios and attach them to the ssl obj, one is
for read and the other is for write.
C. Create the tcp fds and c
actually I would seriously recommend you read the OpenSSL book written by
Eric Rescorla, it discusses all the use cases of openssl, BIO, async/sync
usages..so that you get an idea of how OpenSSL itself works.
On Mon, May 23, 2011 at 6:02 PM, Neo Liu wrote:
> I think you can read this article and
as Neo Liu has pointed out, if you try to use memory bio pair for
communcation, then its ur responsibility to read and write every byte
out the fd using tcp_send and recv() calls, as openssl would only read and
write into the bio. This approach is very very tedious and not sure if thats
the only wa
. I
am sure here they are trying to process SSL from kernel and not using
openssl from userland..there is no other reason as to why this alert has to
come.
thanks
--Gayathri
On Mon, May 16, 2011 at 8:12 PM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Gayathri
Alert 21 seems to be decryption failure.
Sent from my iPad
On May 16, 2011, at 6:12 AM, pradeepreddy wrote:
>
> Hi,
>
>
> After lot of struggles, finally get rid of this error, but I cant tell the
> reason, how was it rectified.
> We installed our libs on a new machine.
>
> Now a different
You could hack ur client and server to use cipher null and see the
alert in clear..most,y should be digest failure.
On Monday, May 16, 2011, pradeepreddy wrote:
>
> Hi,
>
>
> After lot of struggles, finally get rid of this error, but I cant tell the
> reason, how was it rectified.
> We installed
can you give some specific cipher like rc4-md5 using the --cipher command
and see if it goes thro? maybe the 1st cipher suite sent by the client is
not available with the server or something..you can use mozilla and edit the
cipher suites in the advance tab or use openssl client connect command and
Can u share the parsed core file?
On Wednesday, May 11, 2011, Mani Suresh wrote:
>
> While executing the below code its coring randomly in two cases,
>
> 1) While executing the method SSL_library_init() in the constructor.
> 2) Coring while executing the call back method locking_function().
>
> W
Eric, you must be really kidding this time :), servers with this
architecture are susceptible to dos and what not..am sure for embedded
systems where memory is a big limiting factor the best would be async
design, also code becomes easily portable in future.
On Wed, May 11, 2011 at 10:39 AM, Eric
>> /* do your thing */
>> (void)setblock(fd,prevmode); /* restore to original
>> condition */
>>
>> At 04:15 PM 5/6/2011, you wrote:
>>
>> Thanks for the reply Gayathri.
>> Do you mean to changing the sockets to non blocking, or w
> }
>
> Also i suspect, that if i change the socket to non blocking, then my
> current read write code will not work. i mean the one in which i use FD_SET
> and select to perform operations.
>
> Thanks.
>
> // Harshvir
>
>
>
>
> On Fri, May 6,
; /* restore to original
> condition */
>
> At 04:15 PM 5/6/2011, you wrote:
>
> Thanks for the reply Gayathri.
> Do you mean to changing the sockets to non blocking, or when i create bio for
> ssl to make that as non blocking?
>
> Thanks.
>
>
&g
as non blocking?
> Thanks.
> On Fri, May 6, 2011 at 6:03 PM, Gayathri Sundar wrote:
> Harsh,
> Okay from what I can understand, if you make ur underlying fd non blocking
> then it would work fine. Blocking FDs, unless and until one client is
> finished with its processing the
ion to that, when i use WireShark to see packets, then it shows
> that machine has received the packet from client. But server dont show that
> alert.
> Thats why i think it could be some socket option which is affecting it.
>
> // Harshvir
>
>
> On Fri, May 6, 2011 at 5:37
I think the openssl src already has sample server and client programs which
are written in non blocking mode ..check wserver2.c if I am able to recall.
On Fri, May 6, 2011 at 2:42 PM, Graham Leggett wrote:
> On 06 May 2011, at 9:23 PM, derleader mail wrote:
>
> Can you show us the source code.
Harshvir,
SO_REUSEADDR sock option has noting to do with ur problem, please go thro
the socket ops man page to get a better understanding. First find out if ur
server code is a blocking i/o or non blocking I/O..if former then
connections will be handled sequentially..only after the 1st client is
f
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is used to thwart some CBC attacks.
check out this link for details
http://www.openssl.org/~bodo/tls-cbc.txt
Thanks
--Gayathri
> Hi,
>
> The client is configured with SSLv3_client_method.
>
> *ctx = SSL_CTX_new(SSLv3_client_method());*
>
> Whenever the client
From: Gayathri Sundar <[EMAIL PROTECTED]>
Date: Fri, Feb 29, 2008 at 9:35 AM
Subject: [Fwd: Re: How to handle dead sessions with SSL_write]
Original Message
Subject: Re: How to handle dead sessions with SSL_write
From:&qu
> Hi,
>
>
>
> We are using OPEN SSL library in our client server application. We are
> using SSL_WRITE and SSL_READ api used to read and
>
>
>
> write operations between them. Connection is broken When server sends
> very large message (more than 56K) using SSL_WRITE api.
>
>
>
> We fixed problem w
Hi There.,
Marek, hope ur reading this mail.
I am hitting a strange problem with Openssl. Recently I migrated from
OpenSSL-0.9.8a to OpenSSL-0.9.8d, from the release notes, I see that some
fixes have gone into cipher selection logic of OpenSSL.
Now for the same CLIENT HELLO message (same as in n
Thanks marek, I didnt know abt the R option on s_server.
Is it possible to make IE renegotiate? I have a rather complex testing
requirement and I cannot test using s_client, somehow I need to ensure the
client triggers renegotiation. I got a KB on IE
http://support.microsoft.com/kb/265369
and tri
Hi folks.,
I would like to know as an ssl server, when do I send a "Hello request" on
the wire? Based on what parameters should I trigger that? I have quite a
few questions based on this
A) Does the re-handshake happen on the existing tcp connection? i.e the
tcp connection over which the "hello r
>Hi All,
>I am using EVP functions for AES encryption/Decryption. Please can any
one >tell me how to find the exact AES encryption/decryption routines
called >when do_cipher is invoked?
did you try single stepping using gdb or something? thats the easiest way
to find out..or checkout the cipher
Whatever you have mailed is correct, but I believe the TLS 1.0 RFC explains
all these in details. Try reading 2246 from ietf.org.
Thanks
--Gayathri
Hi All
I have a general question about RSA Key Block.
The output of PRF with the master_secret to give us many keys. It
includes: client_write_MAC_
Hi,
I'm trying to verify a cert chain against a trusted chain of cert, and
here's what i get
"error 20 at 1 depth lookup:unable to get local issuer certificate"
can someone shed some more light at the error, like
1) what doest it mean
Its not able to find the CA that signed your certifica
its always better to use BIO for easier migration in the future if for
some reason some enhancement/changes are to be done in your product. Also
while using SSL_set_fd, socket BIO is automatically created and attaches
to the TCP fd. What you can do is to create explicitely a read bio and a
write b
ure (timeout),
it would report failure to the client
~ Urjit
- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To:
Sent: Friday, March 30, 2007 9:25 AM
Subject: Re: SSL_connect and SSL_accept
I am quite clear with your problem and am not confused. The only point I
ha
fact be taken up by SSL_accept() and SSL_accept() will now error out
saying it read invalid SSL handshake packet.
Now as I write down this whole thing, I wonder if even non-blocking
sockets can help.
Does it look more like a design issue ?
~ Urjit
- Original Message -----
From: "Gayathri
with respect to the current thread. So I will
send a new post for that.
Thank you everyone for responding.
~ Urjit
- Original Message -
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 29, 2007 1:02 PM
Subject: RE: SSL_connect and SSL_accept
Yes, I agr
a s2n followed by an
digest update?
Thanks
--Gayathri
Gayathri Sundar wrote:
> Can someone give me inputs on the function ssl3_mac, especially where
> it is called s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
>
> I need to know what p[wr->length] is pointing to a
Yes, I agree with you, but then why would the CLIENT get an ERROR?
>2) The client calls SSL_connect(). The underlying socket is in blocking
>mode
>3) SSL_connect() returns error.
>4) The server does not notice this, and continues to wait in SSL_accept().
if SSL_connect indeed has returned with ER
its probably a shown as a data file coz its encrypted..how did you
generate the cert? U should be using a PKCS12 format for importing that
stuff into the browser/server..btw are you telling it from windows's
perspective?
>Hi,
>I have a SSL server application in which the certificate file is rsa.d
>I am wondering if the following scenario possible:
>1) The server calls SSL_accept(). The underlying socket is in blocking mode
>2) The client calls SSL_connect(). The underlying socket is in blocking
>mode
>3) SSL_connect() returns error.
>4) The server does not notice this, and continues to wait
Can someone give me inputs on the function ssl3_mac, especially where it
is called s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
I need to know what p[wr->length] is pointing to and why we do a digest
update of 2 bytes from that.
The code is taken from s3_pkt.c function ssl3_write_bytes.
Thank
Hi Folks.,
Am facing a persistant problem with Internet Explorer not able to talk to
SSL Server when configured with a DSA certificate. SSL CTX has the
set_tmp_dh_params enabled and the code looks pretty much correct as
Mozilla/Firefox/Opera is working fine with the exact same SSL Server
Configura
Check out ssl/ssl_ciph.c to get an idea.
Thanks
--Gayathri
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Krishna Vennamaneni
Sent: Thursday, November 30, 2006 9:13 AM
To: openssl-users@openssl.org
S
Wow, I was thinking its "Privacy Enhanced Mode!!" ?? No?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mouse
Sent: Tuesday, August 01, 2006 6:47 AM
To: openssl-users@openssl.org
Subject: RE: What does "PEM" mean?
PEM = Privacy-Enhanced Mail.
> -O
Wonder why you need a "pfd" format!!
Does "man openssl" mean anything to you?
Now how could anyone respond to ur query??
First of all let us know what you want to use it for
Coz openssl commands are plenty..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf O
Thanks Marek..appreciate ur help..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, July 24, 2006 4:04 PM
To: openssl-users@openssl.org
Subject: RE: Query On SSL Processing
Hello,
> There seems to be no such function in openssl
Marek,
There seems to be no such function in openssl
(ssl3_record_sequence_update())!!
Can you pls tell where exactly this SSL sequence number is updated.
Thanks
--Gayathri
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, July
Hi Marek.,
Thanks once again for the detailed response..
Me now have a few more doubts..
Does this read_mac_secret and write_mac_secret change with
Every md5 hash verification?
I am not able to locate the code which actually updates this tcp
Seq numbers and so on..what does this hash_update fun
Thanks Richard..but I was thinking only SSL RECORDS with Record Type "APP
DATA"
Contain application data!!! If I can ensure that only complete SSL Records
of Type
Handshake, Change cipher spec, and Alerts are given to OpenSSL, it can
process it rite?
This way how can openssl know that app data re
Ok, what I meant is I will be removing the SSL record along with the app
data!!
So this should be fine right?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Salz
Sent: Friday, July 21, 2006 5:28 PM
To: openssl-users@openssl.org
Subject: RE: Query
Thanks Marek, can you explain more on this "MAC" verification errors?
When I can ensure only control records are read by SSL_read, why should
I get such errors? Yeah, ur correct, I will discard appliation records ;)
(don't ask me how!!) but then openssl will work rite?
What I have to do next depen
Title: intoto Stationery
What would happen if
openssl is starved of application data records and is fed only control messages?
Would it misbehave?
Thanks
--Gayathri
-Original Message-From:
[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of David SchwartzSent: Friday, July 07, 2006
10:57 AMTo: openssl-users@openssl.orgSubject: RE: Does Openssl cache App
data -- 2nd Try..> a. Does this msg_callback get executed
after peek? or after read?> if
Thanks once again for the responses...I would like to add few more points
here..there seems to be a callback function (msg_callback) within the ssl_st
structure, which when registered by the application for a specific content
type,
SSL_read, seems to call that if a pkt of that content type is seen
Thanks david..let me add more clarity to my requirement...
Is there someway for the application to know before calling ssl_read,
that some app data buffer can be got for sure? Or can SSL_peek prevent me
from hitting the case you have mentioned? The reason is we are in a scenerio
wherein all ssl co
Title: intoto Stationery
Hi.,
Following
is the comments written on s3_pkt.c before the function
ssl3_read_bytes
Return up to 'len' payload bytes received in 'type' records. *
'type' is one of the following: * * -
SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) *
- SSL3_RT_AP
Title: intoto Stationery
Hi.,
Following
is the comments written on s3_pkt.c before the function
ssl3_read_bytes
Return up to 'len' payload bytes received in 'type' records. *
'type' is one of the following: * * -
SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) *
- SSL3_RT_AP
Thanks Marek..yeah, its more to do with processing block ciphers
from kernel rather than SSL as such, my question to be exactly precise
is for me to find out how to feed exact multiples of block cipher length
from sk_buff,
when they are internally fragmented in physical/virtual memory within an
sk_
Title: intoto Stationery
Thanks, but let me rephrase my question.
There seems to be a requirement for us to process SSL app data from
kernel,
wherein I would like to read the sk_buff and pass it to a crypto
acclerator
(hardware/software), but we face a problem wherein for block ciphers, we
Title: intoto Stationery
Hi.,
Does openssl
as such provide support for packet processing
from
kernel..i.e what do I have to do to invoke SSL_read/write
from
kernel..has anyone attempted this before.
Thanks
--Gayathri
Hi.,
Does openssl as such provide support for packet processing
from kernel..i.e what do I have to do to invoke SSL_read/write
from kernel..has anyone attempted this before.
Thanks
--Gayathri
__
OpenSSL Project
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On
Behalf Of Andrew DennisonSent: Friday, May 05, 2006 7:23
PMTo: openssl-users@openssl.orgSubject: SSL_connect
returns 0, with no error
I
am currently experiencing an issue using SSL_connect() on a non-block
did you try "man ciphers"?
EXP1024 has to work on 1024 bit key, which is why it is called so,
definitely they are stronger than "normal" EXP ciphers..once again EXP
ciphers are reduced in strength so that it can be exportable in US, and
I believe now there are no such restrictions..atleast thats w
what do you mean by "decrypt a signed message"? either u have to
decrypt the encrypted message, or rehash and check the msg digest i.e
the sha/md5 signature.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ambarish Mitra
Sent: Thursday, April 27, 2006 5:16 PM
mode.
thanks,Haridharan
On 4/20/06, Gayathri
Sundar <[EMAIL PROTECTED]>
wrote:
I too faced similar
problem when I pumped heavy data via smart bits..
this piece of code
worked for me..btw the underlying bio in non blocking..
do
{ ERR_
I too faced similar problem when I pumped heavy data via smart
bits..
this piece of code worked for me..btw the underlying bio in non
blocking..
do {
ERR_clear_error(); nbytesread =
SSL_read(pSSLObject,pBuffer,BufSize); if(nbytesread > 0
) { totalbytesread
+= nbytes
AFAIK, tcp read can return Zero, as numbytes read, and does not
mean
than the fd is invalidated. I think you should use SSL_received_shutdown
or something
which checks if any close has been initiated by the
server..
Attempting write when a close was received will result in
sigpipe..
---
The accept could have failed for any reason such as
mismatch of ssl versions/ no matching ciphers/ untrusted certificate /
so check on the wire whats going on. From your code snipped,
am not sure what exactly setup_client_ctx() does or what ciphers
have been set on the server ctx..the SSL_METHOD u
Have you set the
the underlying FD to nonblocking (FIONBIO?)..I dont see why if the socket non
blocking flag is set, you should have this problem..it doesnt make
sense..
Thanks
--G3
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On
Behalf Of Henry Yip (h
I think verify depth of 1 will work only for self signed certificates,
in this case it wont work, you should override the default certificate
checking functions by registering ur own callback for this function
pointer in ssl_st.
int (*verify_callback)(int ok,X509_STORE_CTX *ctx)
as you already kn
you can put CA2 as part of the revocation list?
if CA2 is part of the client's CRL, then it will automatically
be rejected..is this what you want?
Thanks
--G3
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Olaf Gellert
Sent: Tuesday, March 07, 2006 5:26 PM
Probably you can try the openssl verify command?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Julien ALLANOS
Sent: Monday, February 06, 2006 6:38 PM
To: openssl-users@openssl.org
Subject: Testing private key - public key consistency
Hello,
is there a q
iting on (if you needed that).
-Kyle H
On 2/12/06, Gayathri Sundar <[EMAIL PROTECTED]> wrote:
> Probably you can call the following
>
> iRet = SSL_get_shutdown(pSSL);
> if(iRet >= 0) SSL_shutdown(pSSL);
>
> This is because, SSL_shutdown writes data on the wire,
> i.e t
Probably you can call the following
iRet = SSL_get_shutdown(pSSL);
if(iRet >= 0) SSL_shutdown(pSSL);
This is because, SSL_shutdown writes data on the wire,
i.e the closure alerts..and if a FIN was received meanwhile,
you will catch a SIGPIPE..this piece of code, actually
saves me from this..
Tha
I think you should load myside.com as well onto the browser..
as it is needed to verify part.myside.com.
Thanks
--G3
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Zaid
Sent: Sunday, February 12, 2006 5:33 AM
To: openssl-users@openssl.org
Subject: Certifica
Hi there.,
Have some queries on the way IE is handling SSL Renegotiation.
1. Whenever IE receives a "Client Cert" req from the Server, say when it
is talking for the 1st time (IE gonna connect to this ssl server for the
very 1st time), it immediately closes the TCP connection abrubtly by
sending
Peter Sylvester wrote:
> It happened that I played with this a bit.
>
> It is not just that you have a list of servers in one context, all
> parameters of the server e;g. requirements for user certs etc can be
> different, so a separate SSL_CTX seems useful.
>
does this theoretically rule out usage
Original Message
Subject: Re:Re: BIO_read is continuously returning "-1"
From: "Gayathri Sundar" <[EMAIL PROTECTED]>
Date:Wed, December 28, 2005 4:59 am
To:
edit ur openssl.cnf to point to the correct ca certificate and its private
key..obviously the file is not the path that the cnf is looking at..
hi everybody, well finally get install openssl v0.9.8a, now when i try to
generate certificates to be used with freeradius (eap-tls or eap-peap) i use
th
Forgot to mention that perhaps your client does not understand HTTP 1.1?
Check whether the redirect request came back to the server.
> Hi Pankaj.,
>
> This difference in the HTTP response header is very critical.
> It influences the way in which the Client is going to behave.
>
> In case of 1, as
Hi Pankaj.,
This difference in the HTTP response header is very critical.
It influences the way in which the Client is going to behave.
In case of 1, as the "Connection: Close" header is sent as part of the
response, the http server will initiate the tcp teardown and need not
bother sending the c
AFAIK, if a close notify is not sent, the the ssl connection termination
is considered premature and the session cannot be reused. The
specification does not define it as a MUST, rather it is defined as a
SHOULD. If session reuse is not a necessary criteria (if your willing to
compromise performanc
cket = (SSL *)NULL;
}
Thanks,
Perry
Gayathri Sundar wrote:
>Hi.,
>
>I think that depends on the mode of SSL meaning blocking/non blocking,
>If its the latter then you need to select again before calling the
>2nd ssl shutdown and check whether the close notify from the peer is
>rec
Hi.,
I think that depends on the mode of SSL meaning blocking/non blocking,
If its the latter then you need to select again before calling the
2nd ssl shutdown and check whether the close notify from the peer is
received by checking the ssl_received_shutdown flag. If this flag is not
set, then you
Try using one of these two
-verify arg - turn on peer certificate verification
-Verify arg - turn on peer certificate verification, must have a cert.
in the command, btw u can get the whole list of options in man s_server
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PR
Hi.,
Have a small doubt on how the application needs to "react" for an
SSL_ERROR_SYSCALL. What do I have to do when I actually attempted
an SSL_READ and endedup with that error code, now should the operation
need to be retried based on "errno" or should this be regarded
as a "fatal"?
If it needs
Hey can you try setting verify depth to Zero and not pointing to any CA cert
i.e SSLCACertificatePath pointing to null?
Thanks
--Gayathri
> Hi Again.,
>
> This is what I found from the "log" file you sent..is this pointing to the
> same CA cert "itcilo-ca.crt, I put it in ssl.crt" ?
>
> debug] ss
Hi Again.,
This is what I found from the "log" file you sent..is this pointing to the
same CA cert "itcilo-ca.crt, I put it in ssl.crt" ?
debug] ssl_engine_init.c(1112): CA certificate:
/C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO
CA/[EMAIL PROTECTED]
[Wed Jul 13 11:48:34 2005] [debug] ssl
Hi.
Have you imported the CA of the client cert on the server side?
A verify depth of 1 has been set, which could mean that the client
cert is self signed? Can you set it to some higher value and try?
Also can you check whether the option "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"?
It looks to me a defini
Original Message
Subject: Re: Reducing size of the OpenSSL library
From:"Gayathri Sundar" <[EMAIL PROTECTED]>
Date:Fri, June 24, 2005 12:05 am
To:
Hi there,
Can any body please tell me,
where can I find the answers to these questions?
Thanks
-Rohan
Original Message
Subject: Re: Queries over OpenSSL programs
From:"Rohan Shrivastava" <[EMAIL PROTECTED]>
Date:Wed, June 8, 2005
1 - 100 of 107 matches
Mail list logo
