subject:"question about ssl"

Re: reg: question about SSL server cert verification

2021-06-20 Thread Viktor Dukhovni

> On 19 Jun 2021, at 10:08 pm, Jakob Bohm via openssl-users > wrote: > >> Differences are observed once the local trust store contains some >> intermediate certificates or the remote chain provides a cross cert for >> which the local store instead contains a corresponding (same subject >> name a

Re: reg: question about SSL server cert verification

2021-06-19 Thread Jakob Bohm via openssl-users

On 2021-06-18 17:07, Viktor Dukhovni wrote: On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote: Now the client simply works backwards through that list, checking if each certificate signed the next one or claims to be signed by a certificate in /etc/certs. This looku

RE: reg: question about SSL server cert verification

2021-06-18 Thread Michael Wojcik

2021 07:10 > >> To: openssl-users@openssl.org > >> Subject: Re: reg: question about SSL server cert verification > >> > > And there are a whole bunch of other checks: signature, validity dates, key > > usage, basic constraints... > > Those checks would

Re: reg: question about SSL server cert verification

2021-06-18 Thread Viktor Dukhovni

On Fri, Jun 18, 2021 at 05:37:33PM +0200, Jakob Bohm via openssl-users wrote: > > Also, the correspondence between the peer identity as requested by > > the client, and as represented by the entity certificate, should not > > be done using the CN component of the Subject DN (as OP suggested), > >

Re: reg: question about SSL server cert verification

2021-06-18 Thread Jakob Bohm via openssl-users

On 2021-06-18 16:23, Michael Wojcik wrote: From: openssl-users On Behalf Of Jakob Bohm via openssl-users Sent: Friday, 18 June, 2021 07:10 To: openssl-users@openssl.org Subject: Re: reg: question about SSL server cert verification On 2021-06-18 06:38, sami0l via openssl-users wrote: I&#

Re: reg: question about SSL server cert verification

2021-06-18 Thread Viktor Dukhovni

On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote: > Now the client simply works backwards through that list, checking if > each certificate signed the next one or claims to be signed by a > certificate in /etc/certs. This lookup is done based on the complete > distingu

RE: reg: question about SSL server cert verification

2021-06-18 Thread Michael Wojcik

> From: openssl-users On Behalf Of Jakob > Bohm via openssl-users > Sent: Friday, 18 June, 2021 07:10 > To: openssl-users@openssl.org > Subject: Re: reg: question about SSL server cert verification > > On 2021-06-18 06:38, sami0l via openssl-users wrote: > > I'm c

Re: reg: question about SSL server cert verification

2021-06-18 Thread Jakob Bohm via openssl-users

On 2021-06-18 06:38, sami0l via openssl-users wrote: I'm curious how exactly an SSL client verifies an SSL server's certificate which is signed by a CA. So, during the SSL handshake, when the server sends its certificate, will the SSL client first checks the `Issuer`'s `CN` field from the x509

reg: question about SSL server cert verification

2021-06-17 Thread sami0l via openssl-users

I'm curious how exactly an SSL client verifies an SSL server's certificate which is signed by a CA. So, during the SSL handshake, when the server sends its certificate, will the SSL client first checks the `Issuer`'s `CN` field from the x509 SSL certificate that it received for example, and comp

RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan

-Original Message- From: owner-openssl-us...@openssl.org on behalf of Bryan Boone Sent: Mon 7/26/2010 3:10 PM To: openssl-users@openssl.org Subject: Re: Simple question about SSL certs Oh sorry, I think I was using the wrong terminology. Let me see if I have this straight. If my cli

Re: Simple question about SSL certs

2010-07-26 Thread Bryan Boone

users@openssl.org; openssl-users@openssl.org Sent: Mon, July 26, 2010 2:31:20 PM Subject: RE: Simple question about SSL certs Again, the purpose of the client cert is to authenticate you to the remote (in this case LDAP) server. It can be used to restrict WHO can access the server REGARDLESS of

RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan

to the user, but this is less secure from the user's perspective. -Original Message- From: owner-openssl-us...@openssl.org on behalf of Wim Lewis Sent: Mon 7/26/2010 1:51 PM To: openssl-users@openssl.org Subject: Re: Simple question about SSL certs On Jul 26, 2010, at 12:55 PM, Bryan B

RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan

se them unless the LDAP server is configured to require them. -Original Message- From: owner-openssl-us...@openssl.org on behalf of Bryan Boone Sent: Mon 7/26/2010 2:09 PM To: openssl-users@openssl.org Subject: Re: Simple question about SSL certs Hi Rene, thanks for the reply. Well

Re: Simple question about SSL certs

2010-07-26 Thread Wim Lewis

On Jul 26, 2010, at 12:55 PM, Bryan Boone wrote: > I would like to write an LDAP client that when a user connects to an LDAP > server with SSL, that the client cert is automatically downloaded to the > client. Then a prompt asks the client to accept or reject the cert. Is this > possible when

Re: Simple question about SSL certs

2010-07-26 Thread Bryan Boone

he Jxplorer. thanks From: Rene Hollan To: openssl-users@openssl.org; openssl-users@openssl.org Sent: Mon, July 26, 2010 1:43:19 PM Subject: RE: Simple question about SSL certs What you are asking for does not make sense. The point of the client cert is to establish

RE: Simple question about SSL certs

2010-07-26 Thread Rene Hollan

on a secure web server), and have it push the client cert to you. -Original Message- From: owner-openssl-us...@openssl.org on behalf of Bryan Boone Sent: Mon 7/26/2010 12:55 PM To: openssl-users@openssl.org Subject: Simple question about SSL certs Hi everyone, I am a noob when it comes

Simple question about SSL certs

2010-07-26 Thread Bryan Boone

Hi everyone, I am a noob when it comes to SSL and I have an easy question but I don't have the time to look up the answer myself. I am trying to write an LDAP client. I need this client to use SSL as well. I am using the openldap server and C libraries. Here is what the openldap web page say

Re: A question about SSL connection reopen

2006-06-27 Thread Darryl Miles

Zhang, Long (Roger) wrote: > I have created a TLS connection with SSL_connect(ssl) successfully. ...SNIP.. Ah you're asking on the correct list now, you might get a useful answer. I think you may need to call SSL_clear() after SSL_shutdown() and before SSL_connect(). But if you are re-using th

A question about SSL connection reopen

2006-06-27 Thread Zhang, Long \(Roger\)

Hi, I have created a TLS connection with SSL_connect(ssl) successfully. Then I call SSL_shutdown(ssl) to close the TLS connectio sussessfully. Thenn I want to do the reopen with SSL_connect(ssl) . But I found it failed. The return value from ::SSL_get_error (ssl, status) is SSL_ERROR_SYSCALL, a

A question about SSL connection reopen

2006-06-27 Thread Zhang, Long \(Roger\)

Hi, I have created a TLS connection with SSL_connect(ssl) successfully. Then I call SSL_shutdown(ssl) to close the TLS connectio sussessfully. Thenn I want to do the reopen with SSL_connect(ssl) . But I found it failed. The return value from ::SSL_get_error (ssl, status) is SSL_ERROR_SYSCALL, a

RE: question about ssl certs

2006-04-20 Thread David Schwartz

> Hi, all. I'm hoping somebody can clarify the confusion for me. > > Do certs need to be guarded or not? Almost never. > Because what happens if > you're doing client-side > authentication and a server asks you for your cert, caches it and > that server is later > compromised?

Re: question about ssl certs

2006-04-20 Thread Richard Salz

> > What will prevent somebody from stealing my cert and > > going around pretending to be me? > > "Okay, if you're Susan, this this blob: xx" Sign. The challenge is "sign this blob" > Without your *private* key, they cannot do that. Therefore, they cannot > pretend to be you. If

Re: question about ssl certs

2006-04-20 Thread Richard Salz

> What will prevent somebody from stealing my cert and > going around pretending to be me? "Okay, if you're Susan, this this blob: xx" Without your *private* key, they cannot do that. Therefore, they cannot pretend to be you. If they did, it be like accepting a passport or driver's licen

question about ssl certs

2006-04-20 Thread Susan

Hi, all. I'm hoping somebody can clarify the confusion for me. Do certs need to be guarded or not? Because what happens if you're doing client-side authentication and a server asks you for your cert, caches it and that server is later compromised? What will prevent somebody from stealing my c

question about ssl decoding

2005-08-29 Thread amineh salehi

I am investigating about ssl, I need to know that after decoding a record, what is verified first? "MAC" or "length of application data"? please reply me, I'm very very thank you. Start your day with Yahoo! - make it your home page

Re: question about ssl

2005-07-08 Thread Jostein Tveit

amineh salehi <[EMAIL PROTECTED]> writes: > at page 72 in rfc2246 :The following cipher specifications are carryovers > from SSL Version 2.0. These are assumed to use RSA for key exchange and > authentication. > my question was about this note. The lines you quoted is at page 66 of RFC2246. DH k

Re: question about ssl

2005-07-08 Thread amineh salehi

at page 72 in rfc2246 :The following cipher specifications are carryovers from SSL Version 2.0. These are assumed to use RSA for key exchange and authentication. my question was about this note. Mr Tveit, pleas explain more for me about "signature be omitted entirely" in anonymous key exchang

Re: question about ssl

2005-07-07 Thread Jostein Tveit

amineh salehi <[EMAIL PROTECTED]> writes: > in the ciphersuites defined for it in "rfc2246"( TLS1.0), there isn't > diffi-helman key exchange, why? RFC 2246 specifies many DH key exchange cipher suites. Have a look at page 61. > What is the soulotion for vulnerability in anonymous key exchange

question about ssl

2005-07-06 Thread amineh salehi

I investigate the security of the SSL protocol, I have 2 question about ssl version 2.0. in the ciphersuites defined for it in "rfc2246"( TLS1.0), there isn't diffi-helman key exchange, why? What is the soulotion for vulnerability in anonymous key exchange pointed by Bruce Schnei

Re: Question about "SSL and TLS" book

2003-10-25 Thread Ohaya

Hi, Thanks. Can you (or anyone else) tell me under what conditions or what determines which of these cases "happens"? In other words, what "decides" to use, say, one certificates only (presumably the root CA cert) vs. certificate chains? takamichi saito wrote: > > > Hi, > > > > I've been

Re: Question about "SSL and TLS" book

2003-10-25 Thread takamichi saito

(B (B> Hi, (B> (B> I've been reading the subject book, by Eric Rescorla, and ran across the (B> following passage on page 110 (Chapter 4, under "CertificateRequest"): (B> (B> "It is important to note that IF certificate chains are being used, then (B> the CA name specified in the Certifi

Question about "SSL and TLS" book

2003-10-24 Thread Ohaya

Hi, I've been reading the subject book, by Eric Rescorla, and ran across the following passage on page 110 (Chapter 4, under "CertificateRequest"): "It is important to note that IF certificate chains are being used, then the CA name specified in the CertificateRequest message need not refer to th

Re: question about SSL libs

2002-12-04 Thread marcus.carey

Just call SSLeay_add_ssl_algorithms(); Marcus - Original Message - From: "Nick Marcantonio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 04, 2002 11:04 AM Subject: RE: question about SSL libs > Is there anything that SSL_library_init

RE: question about SSL libs

2002-12-04 Thread Nick Marcantonio

!\n"); Regards, Nick Marcantonio [EMAIL PROTECTED] Venturcom, Inc -Original Message- From: marcus.carey [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 6:06 PM To: [EMAIL PROTECTED] Subject: Re: question about SSL libs SSL_library_init() registers the available

Re: Naive Question about SSL

2001-04-16 Thread Lutz Jaenicke

On Mon, Apr 16, 2001 at 02:18:06PM -0500, David Jourard wrote: > Till now I always thought that the SSL was secure in just one direction > from the client to the server since the client browser encrypts the data > with a public key and the server decrypts with a private key; till someone > else

Naive Question about SSL

2001-04-16 Thread David Jourard

Hi, I"m hoping someone could just help my understanding about SSL. The scenario is a client is purchasing something from an e-commerce site and submits their credit card info on a form coming from a secure server. The secure server sends back a confirmation page showing everything purchased

Re: Newbie question about ssl password

2001-02-14 Thread ApacheSSL

Hi, mads > > Now I want to run ssl aware apache as service, but I failed, then how > > can I let modssl read password from another way, for example, read from > > a file? Thanks in advance. > > > See http://www.modssl.org/docs/2.8/ssl_reference.html#ToC2 > > vh > > Mads Toftum I am working

Re: Newbie question about ssl password

2001-02-13 Thread Mads Toftum

On Tue, Feb 13, 2001 at 10:51:17AM +0800, ApacheSSL wrote: > Hi, > > Now I want to run ssl aware apache as service, but I failed, then how > can I let modssl read password from another way, for example, read from > a file? Thanks in advance. > See http://www.modssl.org/docs/2.8/ssl_reference.ht

Re: Some question about SSL implementation...

2001-01-25 Thread Greg Stark

ntica, Inc. [EMAIL PROTECTED] _ - Original Message - From: "Sharon" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 25, 2001 3:52 AM Subject: Some question about SSL implementation... > Hello, > > I&

Question about SSL detection

2000-11-30 Thread Vendetti, Jeff (Cahners)

Hi, All Is there a way in Perl or CGI to determine whether the browser is capable of using SSL, and, also, if the browser might have turned off the SSL option. I'm trying to send someone to either a secure or non-secure part of our site automatically. Any help appreciated. Jeff Vendetti __

40 matches

Mail list logo