> If you ... subsequently call set_default_verify_paths, the later call
overrides and
> (only) the default file and/or directory are used.
Thanks. I wondered about that. I commented it out though and still get
exactly the same result.
I also added a certificate verify callback. I come through the
arity than "unable to get local
issuer certificate"?
I'm using a pre-built Windows distribution of OpenSSL 1.0.1c. It will take
some re-arrangement to be able to trace into OpenSSL.
64-bit Windows, if that matters.
Charles
-Original Message-
From: Charles Mills [mailto:charl.
Found some things on the Web that led me to believe some programs choke when
they get IPv6 addresses back from gethostbyname(), so I tried disabling IPv6
on Windows -- but no improvement.
I have tried coding a server program more or less following the example in
the O'Reilly OpenSSL book and the f
mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Monday, August 13, 2012 7:09 PM
To: openssl-users@openssl.org
Subject: RE: s_server gethostbyname failure
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 13 August, 2012 11:32
>
elf-signed certificate?
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Saturday, 11 August, 2012 08:57
> I wondered if perhaps there were path or filename specification
> problems (need to escape backslashes? a problem with embedded spaces?)
> but I eliminated
Subject: RE: s_server gethostbyname failure
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 13 August, 2012 11:32
> Found some things on the Web that led me to believe some programs
> choke when they get IPv6 addresses back from gethostbyname(), s
Okay, I think I get it. Every OpenSSL example I have seen uses BIO, but
there is no need to use BIO, right (unless one wants I/O-type-independence)?
I have eliminated all of my BIO usage. I'm using normal TCP/IP bind(),
select(), accept(), and then SSL_set_fd(ssl, socket) and SSL_accept(); I
then
This is probably the world's most basic question but I can't find the
answer.
I have the following in my OpenSSL config file:
[ usr_cert ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = foo.com
DNS.2 = bar.com
It's working as expected. But what I
om: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of jb-open...@wisemo.com
Sent: Sunday, August 19, 2012 11:17 PM
To: openssl-users@openssl.org
Subject: Re: How tell OpenSSL to prompt?
On 19-08-2012 15:05, CharlesTSR wrote:
>> On Sat, Aug 18, 2012, Char
I understand the basics of session renegotiation. (And yes, I am familiar
with
http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATIO
N.) Not clear to me: should I be setting
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION?
What I am mostly looking for is some clue as to what w
-users@openssl.org
Subject: Re: How tell OpenSSL to prompt?
On Mon, Aug 20, 2012, Charles Mills wrote:
> > http://www.openssl.org/docs/apps/config.html
>
> Okay, thanks, I had seen that. I thought there must be more.
>
> > Did you run openssl.exe from the same command prompt whe
Take a look at
http://www.mail-archive.com/openssl-dev@openssl.org/msg20931.html and the
replies thereto.
(Maybe I can answer one for a change LOL.)
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Alona Rossen
Sent: Monday, August 20, 201
Sorry to have so many questions ...
I create a certificate request. I sign it with
openssl.exe ca -in MYNOTEBOOK_server.req.pem -config CMC_root_config.cnf
-out MYNOTEBOOK_server.pem -verbose -cert CMC_root.pem -keyfile
CMC_root.key.pem
OpenSSL reports
Everything appears to be ok, creating a
I create a certificate request that includes -reqexts usr_cert. The [
usr_cert ] section specifies two additional names.
I display the request and see them:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:MYNOTEBOOK, DNS:localh
6 bits will encode 64 different characters. So if you can restrict your input
to A-Z, a-z, 0-9, plus two other characters (space and period perhaps) then 24
characters of input can be represented in 6*24 = 144 bits. 144/8 = 18
characters. It is a Programming 101 exercise to encode 64 different c
The encrypted output could also contain a null (\0) which is probably even
more of a problem for your application.
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Tarun Thakur
Sent: Tuesday, August 21, 2012 3:26 AM
To: openssl-users@openssl
ve Names on signing
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 20 August, 2012 16:05
> I create a certificate request that includes -reqexts usr_cert. The [
> usr_cert ] section specifies two additional names.
>
> I display the request
-users@openssl.org
Subject: RE: CA-signed certificate reported as self-signed
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 20 August, 2012 15:32
> Sorry to have so many questions ...
>
> I create a certificate request. I sign it with
>
&g
Actually, there IS *almost* a general solution to this problem.
The input consists of characters from some set of 'n' characters. (Perhaps 'n'
is 94 -- 0x21 through 0x7e inclusive -- but it does not matter.) You need to
pack those characters with maximum density. It's conceptually the easiest if
9:35 AM
To: openssl-users@openssl.org
Subject: Re: OpenSSL DES generates '\n' in encrypted code
On 21 August 2012 14:14, Charles Mills wrote:
Actually, there IS *almost* a general solution to this problem.
The input consists of characters from some set of 'n' characters.
The O'Reilly OpenSSL book - in some examples but not others - cat's the
certificate and key together and then just uses that one file as both
certificate_chain_file and PrivateKey_file.
cat servercert.pem serverkey.pem > server.pem
Is that okay? It does seem more convenient to only have one file
Thanks for your thorough answer.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
Dave Thompson wrote:
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Tuesday, 21 August, 2012 14:41
> The O'Reilly OpenSSL book - in some examples
ot;less than AES256."
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Ben Laurie
Sent: Tuesday, August 21, 2012 1:47 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL DES generates '\n' in encrypted
I'm looking at
https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/j8O
bkLf6xgs
Do I interpret it correctly as saying that assuming I do not have some
clever source of entropy of my own, that I should just "do nothing" and let
OpenSSL do what it decides is best? In other wor
Does this help? It is from s_client. It is commented as only working with
(the deprecated) SSLv2 but I think I see this output when I run s_client
with TLSv1:
p=SSL_get_shared_ciphers(s,buf,sizeof buf);
if (p != NULL)
{
Watch out for "-endian" issues.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
"Dr. Stephen Henson" wrote:
On Thu, Aug 23, 2012, Saurabh Pandya wrote:
> I found following definition of "SSL_CIPHER" in openssl code
>
> typedef struct ssl_cipher_st
> {
> int valid;
> const char
Ping!
Anybody?
Charles
-Original Message-
Sent: Wednesday, August 22, 2012 10:07 AM
To: openssl-users@openssl.org
Subject: Entropy for OpenSSL
I'm looking at
https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/j8O
bkLf6xgs
Do I interpret it correctly as saying tha
Thanks.
RAND_status() is returning a 1 so I guess I am good for now. I put in an
error message if it fails to return a 1.
I will keep an eye on this problem going forward. The product is designed to
run as a Windows Service but I am currently testing in console mode. I will
specifically watch wha
I'm just trying to understand the SSL protocol -- this is not an alleged bug
or an "issue."
In OpenSSL s_client, or for that matter, in my client test program, an
attempt to use a *client* certificate fails unless I also specify -key or
call SSL_CTX_use_PrivateKey_file().
Why? What role does the
?
On 8/27/2012 3:46 PM, Charles Mills wrote:
> I'm just trying to understand the SSL protocol -- this is not an
> alleged bug
>
> or an "issue."
>
>
> In OpenSSL s_client, or for that matter, in my client test program, an
>
> attempt to use a *client* ce
Is there documentation for SSL_CTX_set_default_verify_paths()? It's declared
here http://www.openssl.org/docs/ssl/ssl.html but there's no description and
no link that I see.
I have an application working on Windows using explicit PEM certificate
files: SSL_CTX_load_verify_locations(SslCtx, "myCert
Is the firewall possibly blocking traffic to or from the server? "SSL
handshake has read 0 bytes" sounds like that is a possibility. Can other
applications (some e-mail client, I suppose) connect to imap.gmail.com:993?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailt
You can do this with the openssl.exe utility.
I am less than an expert but the doc is here:
http://www.openssl.org/docs/apps/openssl.html
Take a look at openssl.exe req -newkey
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ML Harmon
Sent: F
private
key if they are both in one file?
So I am missing something here, I expected 2 files for my key a public and
private.
On Fri, Aug 31, 2012 at 11:39 AM, Charles Mills wrote:
You can do this with the openssl.exe utility.
I am less than an expert but the doc is here:
http://www.o
ers@openssl.org
Subject: RE: Creating a SSH Key pair - public and private for my Windows
2008 server app so it can communicate with a partner sftp site
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 31 August, 2012 12:39
> To: openssl-users@openssl.org
&
Thompson
Sent: Friday, August 31, 2012 3:58 PM
To: openssl-users@openssl.org
Subject: RE: SSL_CTX_set_default_verify_paths and Windows?
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 31 August, 2012 12:00
> To: openssl-users@openssl.org
> Subject: SSL
When I come through my verify_callback routine, I get called successively with
descending certificate depths: the first time through
X509_STORE_CTX_get_error_depth() is 1 and the second time it is 0. So it would
seem to me that "the depth/length of the whole chain" is available as the value
of
> Is it possible that PEM_read_bio_RSA_PUBKEY uses BIO_gets internally
Sometimes the best answer to that sort of question -- sadly, perhaps, but
true nonetheless -- is to look at the source code. Not so hard to read as I
had at first supposed.
Charles
-Original Message-
From: owner-opens
Is there a C-callable function that an application may call to determine the
version of the OpenSSL library with which it is linked?
Thanks,
Charles
__
OpenSSL Project http://www.openssl.org
Use
Never mind. Found it:
http://www.openssl.org/docs/crypto/SSLeay_version.html
Hard to search for. Google and you get a lot of irrelevant
hits.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent
Try ERR_print_errors_fp(stderr) -- eliminates issues with your file. If that
works, then it's your file pointer.
Note Dave's point about flushing the file.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Yes, it works. It may be moderated. Please be patient.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Carlo Wood
Sent: Monday, September 10, 2012 10:34 AM
To: openssl-users@openssl.org
Subject: Does this mailinglist w
Do you write computer programs, or are you a home user of personal
computers?
If you don't write computer programs, then using OpenSSL at the level
addressed by this mailing list is not what you are looking for.
Some of the products you might buy might use OpenSSL "under the covers," but
yo
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Tuesday, September 11, 2012 12:52 PM
To: openssl-users@openssl.org
Subject: RE: openssl on a home LAN
Do you write computer programs, or are you a home user of personal
computers?
bool Comm::isAltNameMatch(X509 *certificate, const char *nodeName)
{
// there is alternative code on page 136 of O'Reilly OpenSSL
unsigned char *pBuffer = NULL;
int length = 0;
GENERAL_NAMES *subjectAltNames;
b
, 2012, Charles Mills wrote:
>
> {
>
> case GEN_DNS:
>
> case GEN_URI:
>
>
A thousand pardons. You totally misapprehend my intent. I guess that's a
classic hazard of e-mail, isn't it?
You're right, I make no pretense of being a moderator. It's a forum, and I'm
just a citizen trying to help you out by answering the question you asked in
the forum.
I won't bother yo
Not sure if it help at all but FWIW I am using Windows pre-built OpenSSL
dll's with server & client certificates, CAs, DH keys, and a CRL, and I am
seeing no memory leaks whatsoever in Visual Studio 2010.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-opens
no hard feelings. Take care and have a good day. Thanks.
John
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Wednesday, September 12, 2012 11:14 AM
To: openssl-users@openssl.org
Subject: RE: openssl on a home LAN
A
k that makes my asking it a legitimate question for this
group. If you don't like it, you can just learn to use your reading program
and ignore me. Thank you very much. J
John
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mill
Would it make sense to delete the expired certificate from the Windows
store? Duplicate expired/non expired CA certificates sounds to me like a
problem waiting to happen.
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Ashok C
Sent: Thursday,
I do it all the time. -days 3650 as I recall.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
Wim Lewis wrote:
On 17 Sep 2012, at 9:13 PM, Santhosh AP wrote:
> Kindly help us to create digital certificate having more than 365 day’s
> validity. At present we are using OpenSSL 0
Looking at my bat files, yes, I say –days 3650 on an openssl x509 –req
Charles
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Charles Mills
Sent: Tuesday, September 18, 2012 8:08 PM
To: openssl-users@openssl.org; openssl-users@openssl.org
Subject
Try plugging your code to exit after the first OpenSSL function, then after
the second, and so forth, and see if you can get down to the simplest case.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Thomas
Sent: Monda
What is the code in x509v3.h in the vicinity of lines 180 to 200?
My line 192 does not have a ')' in it.
Do you get any errors *preceding* the errors in x509v3.h?
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of david preetham
Sent: Tu
I'll send you my exact VS 2010 .h sequence tomorrow.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
"Dr. Stephen Henson" wrote:
On Tue, Sep 25, 2012, david preetham wrote:
> am trying to build wpa_supplicant which is referencing openssl header file
> x509v3.h on Visual studio
The following compiles without error in MS VS 2010 C++. Yes, I know
is in there twice: no reason, it just is.
#include "targetver.h"
// Watch out! winsock2 and friends has to be ahead of most things
#include "Ws2tcpip.h"
// Ws2tcpip always needs Ws2_32.lib. You can put it here or in the linker
i
hich is MS-speak for "not Unicode."
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Tuesday, September 25, 2012 9:33 PM
To: openssl-users@openssl.org
Subject: RE: error iin x509v3.h compiled wit
Well, as the messages say, you specified /WX - "treat any warning as a fatal
error." You got a warning -- /G5 is deprecated - and, just as you asked, VC
treated it as a fatal error.
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Ahmad
Sent:
Is there specific documentation anywhere for TXT_DB errors?
I'm not a total newbie at this but I am not an expert. I have issued server
certificates before but now I am stuck on a TXT_DB error 2.
serial.txt exists and contains 1C. index.txt exists and contains 17
(decimal) lines.
Unless I am co
0822124721Z 0D unknown /CN=Charles Mills
R 130822125501Z 120823201015Z 0E unknown /CN=C
R 130822135246Z 120822185456Z 0F unknown /CN=C
R 130822185636Z 120822190409Z 10 unknown /CN=C
R 130822190502Z 120823201600Z 11 unkn
I deleted index.txt and reset serial.txt to 00 and that solved the problem.
Hope that was not a terrible idea.
I understand that I have lost the ability to revoke any previous
certificates.
I won't edit index.txt again.
Charles
-Original Message-
From: Charles Mills [mailto:
I hear you (whoever you are!).
It's a playpen CA. I'm a software developer. These certificates will never be
allowed out into the wild.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of lists
Sent: Thursday, October 0
http://www.openssl.org/related/binaries.html
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of engineermike
Sent: Friday, October 05, 2012 9:37 AM
To: openssl-users@openssl.org
Subject: OpenSSL running on Windows XP/2003/7
Hello,
I've b
I have recently written a product that incorporates SSL/TLS server code that
processes client certificates. I designed what I thought made sense at the
time but now I am wondering if what I did was best.
In the product's configuration file the sysadmin may optionally include a
whitelist of client
wner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Saturday, October 06, 2012 4:40 PM
To: openssl-users@openssl.org
Subject: Re: Best practice for client cert name checking
On Sat, Oct 6, 2012 at 9:52 AM, Charles Mills wrote:
> I have recently written a product that incorporates SSL/
0:38 AM
To: openssl-users@openssl.org
Subject: Re: Best practice for client cert name checking
On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills wrote:
> I have recently written a product that incorporates SSL/TLS server
> code that processes client certificates. I designed what I thought
>
Dave, any thoughts on my original question? My thread kind of got hi-jacked.
Charles
-Original Message-
From: Charles Mills [mailto:charl...@mcn.org]
Sent: Saturday, October 06, 2012 9:52 AM
To: openssl-users@openssl.org
Subject: Best practice for client cert name checking
I have
Aren't you talking here about the client's validation of the server's
credentials? That's useful information, but my question was about server
validation of client certificates ...
Charles
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
I hit this EXACT problem.
The *wrong* ways to solve it are to keep deleting the database or deleting
records from the database.
The right way to solve it is to revoke certificates that you want to
re-issue. I just happen to have a (Windows - sorry if you're not Windows)
.BAT file to do just
rg
Subject: RE: Best practice for client cert name checking
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Monday, 08 October, 2012 07:47
> Dave, any thoughts on my original question? My thread kind of got
> hi-jacked.
Not much, but since you ask:
> -Ori
How do you specify the name (URL) of the Web site in Firefox? Do you use
exactly the same name as you use with the test client (and the name in the
certificate)?
Firefox is saying the certificate is for myserver but you are specifying a
different name when you open the site. The name has to be
11, 2012 5:13 PM
To: openssl-users@openssl.org
Subject: RE: Firefox unhappy with my self signed Cert
>From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
>Sent: Thursday, 11 October, 2012 19:40
Some minor points:
>How do you specify the name (URL) of the Web site in Firefox?
Oh-oh. I'm not calling OpenSSL_add_all_algorithms() or anything real
similar.
I call SSL_library_init() and SSL_load_error_strings() and set up the
Locking callback but that's it.
It seems to work. Both my client code and my server code interoperate with
non-OpenSLL TLS implementation without err
15, 2012, Charles Mills wrote:
> Oh-oh. I'm not calling OpenSSL_add_all_algorithms() or anything real
> similar.
>
> I call SSL_library_init() and SSL_load_error_strings() and set up the
> Locking callback but that's it.
>
SSL_library_init() counts as similar to Ope
I have a Windows-only OpenSSL application developed in VS 2010. I have now
been tasked with creating parallel "regular" and "exportable" (from the US)
distributions of the application.
I UNDERSTAND YOU CAN'T GIVE LEGAL ADVICE. I'M ONLY LOOKING FOR TECHNICAL
INPUT HERE.
The application statically
penssl-users@openssl.org
Subject: Re: Building an "exportable" OpenSSL application
On 10/16/2012 7:25 AM, Charles Mills wrote:
> I have a Windows-only OpenSSL application developed in VS 2010. I have
> now been tasked with creating parallel "regular" and "exportable"
org
Subject: RE: Building an "exportable" OpenSSL application
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Tuesday, 16 October, 2012 11:41
> > If you are linking to OpenSSL DLLs, then your application
> isn't statically
> > linked agains
t; OpenSSL application
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Wednesday, 17 October, 2012 09:47
[Using ShiningLight Windows build]
> > If you link with lib/VC/* (or lib/MinGW/*) you get implicit dynamic
> > linking. If you link with
> &
I can't give you a total solution but
> Well, I've called "SSLeay_version(SSLEAY_VERSION)" from lib, and I've got
> "OpenSSL 0.9.8a 11 Oct 2005".
> That's confirm it's a version problem. My question now is, what shall I
make
> for removing all Openssl versions from my pc. After no OpenSSL instal
Msdn.com is excellent. Good advice, few flames.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
Jeremy Farrell wrote:
If you start openssl.exe, that's the mode it's in by default - waiting for
commands from stdin, writing the output from those commands to stdout. Isn't
that wh
Not sure if it is relevant but are you calling SSL_library_init()?
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mitchell, Daniel F
Sent: Tuesday, October 23, 2012 12:05 PM
To: openssl-users@openssl.org
Subject: Trouble with Windows DLL
Is libssl32.dll possibly the poster's DLL that he refers to in his note?
> The code for "uplink" looks to me like it looks for _Applink ONLY in the
.exe
It *HAS* to be a .exe? OpenSSL has logic that depends on what type of
executable is calling it? If I had a .exe that worked with OpenSSL I could
Nor does *.domain.com work for domain.com, correct?
Just out of curiosity, do you perceive a trust constrain there (for any
real-world situation)?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: We
with Windows DLL
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Wednesday, 24 October, 2012 19:08
> > The code for "uplink" looks to me like it looks for
> _Applink ONLY in the .exe
>
> It *HAS* to be a .exe? OpenSSL has logic that depend
Isn't that a little like the guy who committed suicide, cut himself up in
little pieces, and flushed himself down the toilet?
Some checksums are computed such that the checksum is part of the message,
and if all if well, the checksum of the entire message including the
appended sum is 0 or 0x
Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
BTW, openssl-users (not -dev) is the proper forum for this sort of
questions.
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@
the reply. I am not setting any option using
SSL_CTX_set_options, should I indicate protocols using this function?.
Regards
Jaya
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Monday, October 29, 2012 7:40 PM
To: openssl-users
ith Windows DLL
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 26 October, 2012 11:08
> 1. Pardon my ignorance. So _Applink is a generic Windows facility, not
> OpenSSL-specific? Can you point me to a link or something that
> explains. I could
Absolutely!
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrey Koltsov
Sent: Tuesday, October 30, 2012 4:08 AM
To: openssl-users@openssl.org
Cc: Indtiny s
Subject: Re: https server using openssl
Hi.
I think that
A struct tm is only granular down to whole seconds, right?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Wednesday, November 07, 2012 9:33 AM
To: openssl-users@openssl.org
Subject: Re: Find t
AMEN!
Why is it easier to answer dumb question after dumb question here rather than
to document the darned product once? (Never mind the cumulative labor of all
the programmers trying to figure out and debug the same problems again and
again and again, all over the world.)
Consider http:
EXACTLY!
Charles
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Sanford Staab
Sent: Tuesday, November 13, 2012 12:53 PM
To: openssl-users@openssl.org
Subject: Re: I can't believe how much this sucks
Couldn’t agree more Ted. I think the bar on
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
marco.m
On 13.11.2012 19:49 , "Charles Mills" wrote:
>AMEN!
>
>Why is it easier to answer dumb question after dumb question here rather
>than to document the darned product once? (Never mind the cumulative
>
It tends to be a shortcoming of many, many types of software documentation
that it is feature-oriented rather than task-oriented. That is, it does a
good job of saying "this switch does this, that parm specfies that" and a
poor job of answering the question "I want to accomplish X. What the heck do
Good day -
Can anyone offer some clues on
10280:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:.\ssl\s3_pkt.c:1275:SSL alert number 51
OpenSSL 1.01h is the server, running on Windows 7 Pro 64 bit.
Thanks,
Charles
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Wednesday, November 19, 2014 2:20 PM
To: openssl-users@openssl.org
Subject: RE: SSL alert number 51
> From: owner-openssl-us...@openssl.org
- DHE is 1024
- RSA is 2048
Server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Charles Mills Consulting, LLC, ST=California,
C=US/emailAddress=charles
m...@mcn.org, O=Charles Mills
this is probably my
last reply for ~36 hours.
Thanks for your help. I really appreciate what you folks do.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
Sent: Wednesday, November 19, 2014 4:53 PM
To
On 19/11/14 22:57, Charles Mills wrote:
> Dave -
>
> Thanks much.
>
>> Either there's a bug somewhere or you are being attacked (MitM'ed).
>
> Unlikely I am being MitM'ed -- the connection is over a VPN. (Why TLS
> when there is already a VPN in place? I a
1 - 100 of 131 matches
Mail list logo
