Hmm ok I get it.
So, to be able to get the fingerprint for the used certificates during a
TLS handshake is possible by using the SSL_set_verify callbacks in the
application or is the mentioned postfix useful for this purpose?
_
On Mon, Mar 15, 2021 at 12:23:54PM +0100, Robert Ionescu wrote:
> I already found the callbacks for the verification process and I am
> still trying to figure it out if it is possible to change them in a
> way that they will print some certificate information to determine
> which certificate was u
I already found the callbacks for the verification process and I am still
trying to figure it out if it is possible to change them in a way that they
will print some certificate information to determine which certificate was
used?
On Fri, Mar 12, 2021 at 09:06:57AM +0100, Robert Ionescu wrote:
> With "wrong" certificate I meant "invalid certificate". So the idea
> was in a bigger environment with a lot of certificates, to make the
> invalid certificate debugging easier by getting more information from
> openssl to identify
Thu, Mar 11, 2021 at 8:40 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users On Behalf Of
> Viktor
> > Dukhovni
> > Sent: Thursday, 11 March, 2021 10:39
> > To: openssl-users@openssl.org
> > Subject: Re: Client certificate a
> From: openssl-users On Behalf Of Viktor
> Dukhovni
> Sent: Thursday, 11 March, 2021 10:39
> To: openssl-users@openssl.org
> Subject: Re: Client certificate authentication
>
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am searchi
If he's trying to muck with the library, he's probably struggling with a
precompiled binary he doesn't have the source code to.
-Kyle H
On Thu, Mar 11, 2021, 11:48 Viktor Dukhovni
wrote:
> > On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
> >
> > I am searching for the functions in openss
> On Mar 11, 2021, at 2:16 PM, Robert Ionescu
> wrote:
>
> I am searching for the functions in openssl used to verify the clients
> certificate when using mutual authentication.
The same code verifies peer certificate chains, whether client or server.
> My intention is to find a way to log a w
Hi,
I am searching for the functions in openssl used to verify the clients
certificate when using mutual authentication.
My intention is to find a way to log a wrong user certificate directly
inside the openssl source.
Any help would be highly appreciated
_
You are right.
Looks ubuntu packages didn't get that update up to now.
Thanks,
Nuno
2010/3/20 Peter Sylvester :
>
> Wasn't there a pb with a great number of CA names? There are 16K already?
> The pb was in apache ad some of my three neurons seem to agree.
>
> https://issues.apache.org/bugzilla/
Wasn't there a pb with a great number of CA names? There are 16K already?
The pb was in apache ad some of my three neurons seem to agree.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
/PS
__
OpenSSL Project
e I removed the http:// links. To see
if the list had that blocked due to spam.
I apologize for any inconvenience.
Regards,
Nuno
On Sat, Mar 20, 2010 at 18:13, Michael S. Zick wrote:
> On Sat March 20 2010, Nuno Gonçalves wrote:
>> I'm trying to set client certificate authentica
On Sat, Mar 20, 2010, Graham Leggett wrote:
> On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
>
>> Questions:
>> Is normal that firefox hangs when it doesn't have a valid certificate
>> to provide?
>> Openssl output looks OK?(or the error in the end is a exception?)
>
> I am not 100% sure of the deta
On Sat March 20 2010, Nuno Gonçalves wrote:
> I'm trying to set client certificate authentication.
> It looks that I cant set even the simple demo...
>
Look like your e-mail client isn't correct either, it
seems to be sending the same message every two hours.
Mike
> Wi
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
I am not 100% sure of the details, but I do recall a hang being a
symptom of using a clie
I'm trying to set client certificate authentication.
It looks that I cant set even the simple demo...
With apache2.2 installed:
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart
Browse with firefox to (https)localhost - page retrieved after
security warning, ssl wo
Hello list
I have been experimenting on client certificate authentication using openssl
s_server command
but i have a problem in this case:
i am running ssl server using the command:
openssl s_server -accept 443 -cert sslcert/cacert.pem -key
sslcert/private/cakey.pem -Verify 1 -CAfile ca
[EMAIL PROTECTED] wrote:
Is there a (reasonable) way to authenticate a client (browser)
certificate from a CGI without having to modify the web server
configuration.
What we are up against is that we produce a package that is supported
on a variety of platforms and web servers. We have been inf
Is there a (reasonable) way to authenticate a client (browser)
certificate from a CGI without having to modify the web server
configuration.
What we are up against is that we produce a package that is supported
on a variety of platforms and web servers. We have been informed the
to meet securi
Reposting this since it got lost in the churn.
I have a Perl script using that is failing mysteriously to connect with
an HTTPS site requiring client certificates for authentication. Here's
the command that allows me to connect to the site in question:
openssl s_client -connect hostname:443 -cert
I have a Perl script using that is failing mysteriously to connect with
an HTTPS site requiring client certificates for authentication. Here's
the command that allows me to connect to the site in question:
openssl s_client -connect hostname:443 -cert test.crt
-key test.key -CAfile cacerts.cr
PROTECTED]
Subject: Re: Apache 2.0.39 + ssl + ldap with client certificate
authentication
Hi Jose,
would you please outline how exactly one could use this patch?
What kind of LDAP lookup works best with X509_NAME_oneline()-style
names?
Should the LDAP tree be somewhat special?
thank you and sorr
On Wed, 2 Oct 2002, Sarath Chandra M wrote:
> Dear Jose,
> I had looked at the site u mentioned. But my problem is in applying the
> patch (http://authzldap.othello.ch/modssl-patch.html) to mod_ssl
> as said in the installation page of the same site.
> If you could tell me how to apply this patch,
EMAIL PROTECTED]
> Subject: Apache 2.0.39 + ssl + ldap with client certificate
> authentication
>
>
>
> Dear group,
> Has anybody tried doing ldap client certificate authentication for an
> apache
> 2.0.39 ssl server ?
>
> Our environment is :
> RedHat linux
Title: Message
Dear group,Has anybody tried doing ldap client certificate
authentication for an apache2.0.39 ssl server ?Our environment is
:RedHat linux 7.1 kernel 2.4.xapache 2.0.39 (inc.
mod_ssl)openssl-engine-0.9.6gopenldap (on a different redhat linux
server)The apache website has a
I get the following error on the client:
24611:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:s3_pkt.c:985:SSL alert number 51
24611:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
and on the server:
24610:error:0407006A:rsa routines:RSA_padd
Benjamin Grosman <[EMAIL PROTECTED]>:
> I am able to fetch the issue and subject details of the client certificate
> from inside the server, but how do I know that someone hasn't simply
> generated their own certificate with the same details?
If you initialize the verification settings with abou
27 matches
Mail list logo
