I try to build a SSL server which performs client authentication.
But I cannot use SSL_CTX_load_verify_locations which has a CA file as parameter.
(CA file is not located in the same machine)
Nevertheless, I succeeded having in my server the content of CA file in a buffer
through API like PEM_read
Hello All,
I have a question concerning SSL shutdown procedure.
I build a SSL server which accepts sslv2, sslv3 and tlsv1 method.
I work in asynchronous mode.
Whenever I want to end a SSL session, I use SSL_shutdown API, then SSL_free of
my SSL object, then the close of the socket, which is I th
Hello everybody,
I try to build a SSL server which performs client authentication and CRL
management.
To manage this:
First, with X509_STORE_add_cert, I add the certificate coming from
"trustees.pem" file to verify the client certificate
Then I read the CRL file and get the corresponding X509_C
Thank you for your response.
Actually I use the default verify_callback function (NULL)
"SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);"
By default it does not take into account possible errors coming from client
certificate?
Does it mean it is compulsary to call a verify_call_back function ?
Thank you Dr. Henson for the answer ..
I feel more ensured ... :)
I achieved to go a little bit further in my test now after having put the right
certificate in client side.
I am quite suprised by the behaviour of my server since when the client
certificate belongs to the CRL list handled by my s
Thank you Steve ..
I try to perform the test with s_server but I believe it does not handle CRL
file ( no option for this apparently) :(
>
> Thank you Dr. Henson for the answer ..
> I feel more ensured ... :)
>
> I achieved to go a little bit further in my test now after having put the
right
>
Just to be sure...
I have a crl file called crl.pem and a CA file called trustees.pem
To perform crl check with s_server, do I have to create a new file cacrlfile.pem
which is the concatenation of trustees.pem and crl.pem file.
and launch the following command:
openssl s_server -accept 7770 -cert
Hello all,
I build a ssl server with client authentication ( I use openssl 0.9.8d)
I wanted to know why I have the error "no certificate returned" when the client
certificat is revoked and not a more explicit one.
I decided to compile the openssl code to check where my pb is :
in s3_srvr.c , I
Hello Everybody,
I would like to know if it is possible to build a SSL server which accepts both
sslv3 and tlsV1 methods ..
As far as I understand, SSl_CTX_NEW API accepts only one method ...
Thank you for your help,
jf
__
OpenS
Hello everybody,
My purpose is to build a ssl server which can handle multiple CA certificate and
multiple server certificates too.
The different SSL certificate files are not located in the same machine where
the server will run but I have achieved to get them in a buffer in server side.
I supp
Hello,
I try to connect a client to an SSL server in SSL 3.0 mode.
I do not achieve to have the SSL connexion.
When I look at the IP streams, I can see the Hello client message and the
handshake phase during which I see the certificate sent by the server to the
client ( during this phase, I can s
Selon Marek Marcola <[EMAIL PROTECTED]>:
Thank you very much for the response ..
> Hello,
> > I try to connect a client to an SSL server in SSL 3.0 mode.
> > I do not achieve to have the SSL connexion.
> > When I look at the IP streams, I can see the Hello client message and the
> > handshake pha
Hello all,
I try to connect an openssl client to a ssl server.
I use the tool openssl s_client.
I use the -msg option in order to qsee the different messages exchanged during
the SSL connexion.
My purpose is to generate an SSL alert message by the client.
Hence I use a trustees file in client
Thank you Marek,
I try with the -verify option
openssl s_client -connect localhost:8890 -CAfile trustees.pem -showcerts -state
-ssl3 -msg -verify 10
But still no SSL alerts sent even if it detects an error ... can you give me the
reason ?
see below traces:
verify depth is 10
CONNECTED(0003)
Hello,
I developped a server that uses Openssl version 0.9.8.d
I try to connect a client who uses Openssl version 0.9.6.
I uses SSLV3 mode with 4096 bit RSA length key.
What I can see in stream traces is that the handshake between the two achieves.
But just after having received the last messag
Since I do not handle client side , what I can just tell is that the server
receives a "warning close_notify" message.
I have a quick look in openssl sources; it seems that this message is sent
everytime someone wants to perform a shutdown ...
I have tested with other clients ( openssl s_client,
16 matches
Mail list logo
