Hello Arno, I have updated to the last version of ICS and I used OpenSSL 1.0.0d
and it works perfectly. Again THANK YOU for your help.
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http
marius gabi wrote:
> Thank you for your time!
>
> Indeed updating the OpenSSL version fixed my issue but the following
> strange thing happens: currently I am using ICS V7 but the highest
> version supported by my ICS is 0.9.8n and in this case the
> application still would not work OK.
What does
Thank you for your time!
Indeed updating the OpenSSL version fixed my issue but the following strange
thing happens: currently I am using ICS V7 but the highest version supported by
my ICS is 0.9.8n and in this case the application still would not work OK.
The OpenSSL ver 0.9.8r (or higher) is
marius gabi wrote:
>> Here are the files with OK := 1;
>>
>> cert0 = Greatest CA (same as server's great CA)
>> cert1 = Intermediary CA (client's intermediary different from mine's
>> server) cert2 = Client certificate
Use at least OpenSSL version 0.9.8k from:
http://wiki.overbyte.be/wiki/index.p
Here are the files with OK := 1;
cert0 = Greatest CA (same as server's great CA)
cert1 = Intermediary CA (client's intermediary different from mine's server)
cert2 = Client certificate-BEGIN CERTIFICATE-
MIIKYjCCBkqgAwIBAgIJAMvPXQVBsjM2MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJGUjEPMA0GA1UEB
marius gabi wrote:
> I have updated the SslHandshakeDone(Sender: TObject; ErrCode: Word;
> PeerCert: TX509Base; var Disconnect: Boolean); event as you mentioned
> and I used SslVerifyDepth = 15 and
> for I := 0 to TCustomSslWSocket(Sender).SslCertChain.Count -1 do
> TCustomSslWSocket(Sender)
Attached cert file-BEGIN CERTIFICATE-
MIIKYjCCBkqgAwIBAgIJAMvPXQVBsjM2MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJGUjEPMA0GA1UEBwwGUmVubmVzMREwDwYDVQQIDAhCcml0dGFueTEMMAoG
A1UECgwDSUhFMQwwCgYDVQQLDANJSEUxFTATBgNVBAMMDFBvaXNlYXUgRXJpYzEk
MCIGCSqGSIb3DQEJARYVZXJpYy5wb2lzZWF1QGlucmlhLmZyMB4XDTEwMD
I have updated the SslHandshakeDone(Sender: TObject; ErrCode: Word; PeerCert:
TX509Base; var Disconnect: Boolean); event as you mentioned and I used
SslVerifyDepth = 15 and
for I := 0 to TCustomSslWSocket(Sender).SslCertChain.Count -1 do
TCustomSslWSocket(Sender).SslCertChain[I].SaveToPemFil
marius gabi wrote:
> Arno, in this moment the client sends the entire certificates chain:
> 1. its client certificate issued by the intermediary CA (2 from
> bellow)
> 2. intermediary certificate issued by the root CA
> 3. root CA
OK.
>
> The only certificate that is common between our server c
Arno, in this moment the client sends the entire certificates chain:
1. its client certificate issued by the intermediary CA (2 from bellow)
2. intermediary certificate issued by the root CA
3. root CA
The only certificate that is common between our server chain and client chain
is (3) root CA.
Arno Garrels wrote:
> Usually all CA certificates issued by a root
> CA are available for download as well.
Correction: That is mostly true if they have been
issued to their own organizition.
> In your case the URL is
> http://sumo.irisa.fr/html/pki/ but their server currently fails
> with error
marius gabi wrote:
> Thank you for your prompt response. We already tried your solution
> and seems to be working. The issue is as follows: I do not have
> (access to) the client's certificate (application not developed by
> me) in order to compose the chains you mentioned.
You do not need client
Thank you for your prompt response. We already tried your solution and seems to
be working. The issue is as follows: I do not have (access to) the client's
certificate (application not developed by me) in order to compose the chains
you mentioned. Furthermore I aspect that other clients that hav
marius gabi wrote:
> Thank you for your feedback.In my current scenario the certificate
> structure is as follows:
> Server(my application) | Client
> Root certificate -same as- Root certificate
> Intermediary CA-not same as- Intermediary CA
> Server Cert -not same as- Client Cert
>
Thank you for your feedback.In my current scenario the certificate structure is
as follows:
Server(my application) | Client
Root certificate -same as- Root certificate
Intermediary CA -not same as- Intermediary CA
Server Cert -no
Arno Garrels wrote:
> Next create a CAFile that contains both [1] and [2]
> (I think [1] has to be the first, however I always forget the order
> in which they must appear, just play).
The best way to determine what certificates are sent to the peer
requesting certificate verification is to add th
marius gabi wrote:
The certificate you posted in your previous messages doesn't use
unsupported signature algorithms as I was guessing previously.
Since its verify depth is "2" and it seems to be the root certificate,
I think the complete chain of the client certificate consists of three
certifica
Sorry! Please find attached the log content for Cert.GetRawText.Certificate:
Data:
Version: 3 (0x2)
Serial Number:
cb:cf:5d:05:41:b2:33:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, L=Rennes, ST=Brittany, O=IHE, OU=IHE, CN=Poiseau
Eri
ith:
Cert.GetRawText;
That would show you / us the *Signature Algorithm*.
Since there's a "certificate signature failure" it is my guess
that an unsupported algorithm is used.
--
Arno Garrels
> --- On Mon, 5/2/11, Arno Garrels wrote:
>
> From: Arno Garrels
> Sub
result: certificate signature
failure Verify depth: 2
Currently I'm not setting a specific value for the SslVerifyDepth. Regarding
the OpenSSL DLL version I tried with 0.9.8e and 0.9.8h.
--- On Mon, 5/2/11, Arno Garrels wrote:
From: Arno Garrels
Subject: Re: [twsocket] SSL Certificates check
Arno Garrels wrote:
> marius gabi wrote:
>
>> I'm receiving the following message
>> in the SSLVerifyPeer event: Error = 7 (certificate signature
>> failure).
>
> In the OnSslVerifyPeer event please do the following logging and
> post the result:
>
> Log('Received certificate'#13#10 +
>
marius gabi wrote:
> I'm receiving the following message
> in the SSLVerifyPeer event: Error = 7 (certificate signature
> failure).
In the OnSslVerifyPeer event please do the following logging and
post the result:
Log('Received certificate'#13#10 +
'Subject: "' + Cert.Subje
Currently I'm facing an issue in a Server application that
uses TSSLWSocketServer. I'm setting to the SSLContext a server certificate
identified in code as SSLContext.SslCertFile, with the correct private key file
identified as SSLContext.SslPrivKeyFile and a password. Also I'm adding a
CAFile
23 matches
Mail list logo
