Hello,
> If a blocking application sets SSL_MODE_AUTO_RETRY, SSL_read() will
> only return once data is available, or a real error occurs. This must
> not change.
It is not set for s_client.
We are taking of these case.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
Hello
> Your proposition was to add further breakage. It is a mistake to issue a
> blocking socket operation if you do not wish to block, end of story. This is
> just a single example of one way this can break and it is impossible to fix
> it completely without breaking proper blocking applic
Is there any support for multiple primary domains and associated customer
certificates on the same ip and port (i.e. a multihomed SSL
server).
Hello,
> Is there any support for multiple primary domains and associated
> customer certificates on the same ip and port (i.e. a multihomed SSL
> server).
If you think of mechanism such server_name introduced in RFC 3546 6.1
(which may be used for this purpose) - not in this release.
Best regard
On Wed, Jun 07, 2006 at 07:40:44PM -0400, Matthew L Daniel wrote:
> If this needs to go to the dev list, let me know.
>
> I am experiencing a SIGSEGV in BN_BLINDING_free because mt_blinding
> appears to be 0x11 instead of a pointer to some memory.
We had an identical issue reported here:
https:/
I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
And the official OpenSSL release 0.9.7j with the following options
./Configure threads zlib shared no-rc5 no-idea no-krb5
fips --openssldir=/opt/openssl hpux-ia64-cc
I tried compling the sam
On Mon, Jun 12, 2006, Haridharan wrote:
> I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
> ./Configure fips hpux-ia64-cc
>
If you literally typed that command in then it is a violation of the security
policy and the result is not compliant.
If the config script chose
I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
If you literally typed that command in then it is a violation of the
security
policy and the result is not compliant.
If the config script chose those options when you did:
./config fip
I just noticed an insanely bad typo in my original message:
> However, when "CC=gcc fipsld" is used, the following error results:
Should instead be
> However, when "CC=g++ fipsld" is used, the following error results:
Sorry for any confusion. Any help would be very much appreciated.
- Marty
On Mon, Jun 12, 2006 at 11:42:03AM +0200, Marek Marcola wrote:
> Hello,
>
> > Is there any support for multiple primary domains and associated
> > customer certificates on the same ip and port (i.e. a multihomed SSL
> > server).
>
> If you think of mechanism such server_name introduced in RFC 354
Hello list!
I am trying to connect to a server that has supplied me with a cert. The
cert in question is called debitech_CA.pem and when I supply the
following command;
$ openssl s_client -connect secure.incab.se:443/verify/server/click
-cert debitech/debitech_CA.pem
I get the following error;
No, you got the problem exactly right, and it is a bug that does need
to be addressed. (HMAC_SHA1_SIG is defined as a string with a nil
terminator. gcc doesn't throw the error, but g++ rightly does. I
think there's a command-line parameter to disable that particular
error check, but I'm not sur
Kyle Hamilton wrote:
No, you got the problem exactly right, and it is a bug that does need
to be addressed. (HMAC_SHA1_SIG is defined as a string with a nil
terminator. gcc doesn't throw the error, but g++ rightly does. I
think there's a command-line parameter to disable that particular
error
Kyle Hamilton wrote:
>
> No, you got the problem exactly right, and it is a bug that
> does need to be addressed. (HMAC_SHA1_SIG is defined as a
> string with a nil terminator. gcc doesn't throw the error,
> but g++ rightly does. I think there's a command-line
> parameter to disable that particu
The server has supplied you with the certificate to its CA, which
includes the CA's public key. You're putting it in the option for
client authentication via certificate.
I believe the option is -cacert, but I'm not quite certain. (I don't
use s_client enough to know for sure.)
-Kyle H
On 6/1
Hi all,
I am getting the following error message on encrypted
packets. Can someone tell me what they mean and
what I can do to correct the problem. Google did not bring
me any meaningfull results.
The script is running on an AIX box.
openssl enc -d -a -iv 31464F4C4C455431 -des
On Mon, Jun 12, 2006, Kyle Hamilton wrote:
> The server has supplied you with the certificate to its CA, which
> includes the CA's public key. You're putting it in the option for
> client authentication via certificate.
>
> I believe the option is -cacert, but I'm not quite certain. (I don't
>
Hello,
> $ openssl s_client -connect secure.incab.se:443/verify/server/click
> -cert debitech/debitech_CA.pem
>
> I get the following error;
>
> unable to load client certificate private key file
> 31977:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:644:Expecting: ANY PRIVAT
Hello,
> The script is running on an AIX box.
>
> openssl enc -d -a -iv 31464F4C4C455431 -des3 -K
> 31323334466F6C6C657426265472696D6461746131323334 -in
> directory_encrypt/CS4_35854292.enc
>
> A.RETURN.PKT=bad decrypt 130746:error:0606506D:digital envelope
> routines:EVP_Dec
>
> ryptFinal:wro
We are in the process of migrating from box A (AIX 4.3.3.0 running
openssl 0.9.6g) to box B (AIX 5.3.0.0 running openssl 0.9.8). Both A and
B access the same file system which contains our CA files.
When I revoke a certificate from box A, the process works as expected.
When I revoke a certific
Hi,
I'm currently developping a Python application which is a standalone
xml-rpc server, so with no web server in front of it.
(more details on http://www.pykota.com/software/pykoticon if needed)
this application works perfectly fine, but now I'd like to encrypt
all traffic between the client h
> > I am experiencing a SIGSEGV in BN_BLINDING_free because mt_blinding
> > appears to be 0x11 instead of a pointer to some memory.
>
> We had an identical issue reported here:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193633
> which is somehow caused by the use of Zimbra binaries.
T
Hi,
I think box A be the owner of the certificate so when u revoke it in box A it works fine.Box B may not be the owner(issuer) and when revoking the certificate , it is verified whether it is revoked by the
corresponding person who issued the certificate by checking CN field in the certificate,
23 matches
Mail list logo
