I think you may call the function [X509 *SSL_get_peer_certificate(const SSL
*s)] to get a peer's certificate,
but you have freed this certificate.SSL_get_peer_certificate will increase the
reference count of this certificate and finally you will find that you haven't
freed this certificate's mem
HI, Sheng Liang
You may reference the following APIs:
intSSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
intSSL_set_cipher_list(SSL *s, const char *str);
These two functions use a cipher list string to customize ciphers during the
handshake.The default is as follows:
#define SSL_D
RSA_size(RSA *) told you the max length of every RSA encryption needed.
RSA encryption is not designed to encrypt the large files because of its high
cost.It is common to use a symmetric algorithm to encrypt the large data and
the RSA algorithm is used to encrypt the key that the symmetric algori
Hi, Andy,
Check yoursystem's time. Is the time in the range of Validity.
If this is ok, I think this may not really be a expried error and you may check
the source code to see what happened.
At 2011-10-11 16:09:34,"Shaw Andy" wrote:
Hi!
When I use SSL_connect with thehttps://www.google.c
As I know, the cipher suite 'ECDH-ECDSA-AES128-SHA256' is belong to the TLS 1.1
or TLS 1.2.OpenSSL has not supported TLS 1.1 or TLS 1.2 yet, but they are now
at implementation of TLS 1.1 ,1.2.
At 2011-05-25 18:50:23,shoutee wrote:
>Hi,
>
>I want to run a TLS Server with support of cipher su
At 2011-04-30 04:33:43,"Mike Markley" wrote:
>I'm trying to establish an SSL connection with a server and my
>handshake is failing with 'alert unknown ca' I'm using a self signed
>certificate and I'm also specifying SSL_VERIFY_NONE in my call to
>SSL_set_verify. Is this message indicating a pro
1)The exponent x in DH can be any number.It should be big enough to
bear attack.The source in DH told us what exponent x can be.
ref:dh_key.c
if (generate_new_key)
{
l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent
length */
if (!BN_rand(priv_key,
