Title: RE: connection refused, error code 146
>The output was:
>connect: Connection refused
>connect:errno=146
[snip]
^^ There's your problem.
Connection refused most likely caused by server
not configured properly.
Make sure your server is configured to listen
o
Sorry, I'm assuming a Windows environment, and the
default file would be testss.bat, not makess.bat.
Sorry for the confusion.
Rob
-Original Message-
From: Neff Robert A [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 06, 2002 3:54 PM
To: '[EMAIL PROTECTED]'
Subject: RE: D
Andrew,
If you are using the makess.bat file to generate your CA cert,
I would look at that and check for a param called -days in the
X509 command. This also may show you why your certs are
expiring.
Hope that helps,
Rob
-Original Message-
From: Andrew T. Finnell [mailto:[EMAIL PROTECTED
Steve,
Actually, you will be further ahead using your self-signed certificate
and private key to sign additional certificates that you create using
OpenSSL for your servers. Then, simply import that self-signed CA
certificate that corresponds to the private key you used to sign the
server certifi
My apologies Daryl, your code will work correctly.
I based the solution off my code which does:
int rval;
if ((rval = SSL_connect(con)) > 0)
{
// good return
}
else
{
int err = SSL_get_error(con, rval);
/* handle the error here */
}
Must be slipping in my old
No, that is incorrect coding.
See SSL_connect() docs for further information
regarding return values.
-Original Message-
From: Daryl Odnert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 28, 2002 1:35 PM
To: '[EMAIL PROTECTED]'
Subject: RE: re[2]: HELP, SSL_connect fails !
Jeff,
Chan
As have I. Stupid question but: Are you sure you've subscribed to the list?
I always get my own postings as should you.
-Original Message-
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 28, 2002 1:42 PM
To: [EMAIL PROTECTED]
Cc: Mike Schiffman
Subject: Re: ?
On Th
Message-
From: Eric Rescorla [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 1:40 PM
To: [EMAIL PROTECTED]
Subject: Re:
Neff Robert A <[EMAIL PROTECTED]> writes:
> You cannot snoop a secure https transaction without somehow
> pretending to be the destination host. To do th
You cannot snoop a secure https transaction without somehow
pretending to be the destination host. To do that requires
the cert, which is public, and private key, which you will
not have. The proxy acts as an SSL transport only, after
establishing the initial socket connection to the destination
d ask
>
>On Thu, Jan 10, 2002 at 09:34:50AM -0500, Neff Robert A wrote:
>>
>> The client needs to verify who it is connected to.
>> Anyone in the world can present a certificate to
>> establish an ssl connection. In a nutshell, the
>> checks that need t
>is it possible to have an OpenSSL server located behind a Network Adress
>Transalation device (a NET device is sometimes part of firewalls, eg
>the Cisco PIX) and still have the client handshake complete without
>error ?
Yes, you can use NAT devices quite easily since they really are just a
simp
Ralf,
I, for one, am still receiving these...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: None
Subject:
RSET
RSET
MAIL FROM:<> SIZE=3789
RCPT TO:<[EMAIL PROTECTED]>
DATA
RSET
RSET
MAIL FROM:<> SIZE=2592
RCPT TO:<[EMAIL PROTECTED]>
DATA
RSET
RSET
MAIL FRO
Title: RE:
Yes, I
received this as well
-Original Message-From: Fabro, Loic
[mailto:[EMAIL PROTECTED]]Sent: Thursday, December 20, 2001
1:31 PMTo: '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'Cc: 'Richard Levitte - VMS
Whacker'Subject: RE:
I just got two "blank" emails
Title: RE: I got 4 or more emails identical
I'm
getting multiples here. Please investigate and slam the door
shut!
Thank
you!
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Sent: Thursday, December 20, 2001
11:40 AMTo: [EMAIL PROTECTED]Subject: RE: I
Go to either
http://www.netscape.com/
http://www.verisign.com/
http://www.rsa.com/
and read up on the docs contained there. On each site can
be found good info discussing the questions you ask.
-Original Message-
From: Murali K. Vemuri [mailto:[EMAIL PROTECTED]]
Sent: Friday, Dec
Steve,
Please, please, please put your comments like this into the CVS
source or man pages. Your knowledge of this stuff is priceless
to us mere mortals! :-)
Thank you.
Rob
-Original Message-
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 12, 2001 12:57 PM
To: [
Try Eric Rescola's site: http://www.rtfm.com/puretls/
-Original Message-
From: Tat Sing Kong [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 07, 2001 10:55 AM
To: [EMAIL PROTECTED]
Subject: RE: Java toolkit for SSL???
I'm sure I heard of one a while back called SSLava or something, b
It is not the connection I was referring to but the environment
that was generating the certs. Was the original user attempting
to store his client's generated key pairs on his server? Then
that server better be secured. Perhaps I wasn't clear on
that point. However, I personally would never u
iginal Message-From:
Andrew Finnell [mailto:[EMAIL PROTECTED]]Sent:
Thursday, December 06, 2001 10:40 AMTo:
'[EMAIL PROTECTED]'Subject: RE: Cryptology
Questions
Neff,
Thanks for the quick response. You
actually helped me understand some aspects that I didnt truely under
Title: Cryptology Questions
hmmm...a tall order for us busy folks...but I'll help you out
some.
1. Provided you are using a "strong" password to
encrypt your key when using DES-CBC
you are pretty secure.
Remember that if
I can get access to, or copy, your .pem file
from
off your machine
Leonid,
The quick answer to your question is that YOU must parse the
cert received from the client to determine whether s/he has
access to your site or not. The use of a Verisign signed
certificate, with the trusted Verisign CA cert chain contained
within the OpenSSL CA cert store, simply means t
Here are some RFC's containing security discussions regarding SMTP
that you might find helpful:
http://www.ietf.org/rfc/rfc2449.txt
http://www.ietf.org/rfc/rfc2487.txt
http://www.ietf.org/rfc/rfc2554.txt
http://www.ietf.org/rfc/rfc2595.txt
-Original Message-
From: Eric Daigneault [mailto
Since you didn't specify the -config option, you are using the
default config file with a location of /usr/local/ssl/openssl.cnf.
That directory doesn't exist in Windows. A simple solution is to
place the following into a .bat file in your openssl\ms directory,
and run it from that directory:
se
not previously authenticated...
-Original Message-
From: Eric Rescorla [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 04, 2001 2:36 PM
To: [EMAIL PROTECTED]
Subject: Re: SSL_read() never returns an error if client rejects
certifica te
Neff Robert A <[EMAIL PROTECTED]> writes:
>
Rick,
Actually, the retardedness is due to the netscape browser
not terminating the network connection while waiting for
the user's input. Micro$oft IE implements that behaviour
properly by terminating the connection, waiting for the
user to accept the cert, then will reconnect once accepted.
Cha
Ruby,
You can find additional info in the Openssl\doc\ssl
directory. In this case, examine the file ssl_accept.pod
which explains the function syntax, purpose, errors, and
behavior of SSL_accept().
>From your question it is quite apparent that you should
really start by reading as much openssl d
In my zeal to quickly help you, I forget to switch the cipher
string after I cut-n-pasted into my reply. My apologies.
Read the file SSL_CTX_set_cipher_list.pod in the
OpenSSL/doc/ssl directory for further information on that
function call.
Here's the correct call for your purpose:
SSL_CTX_se
I know that the current version of OpenSSL doesn't support shared
libraries for NetBSD. However, I really need the shared libraries (for
perl modules). Has anyone found a way to get the shared libraries to
compile on NetBSD?
-- Felicia
__
28 matches
Mail list logo
