I'm thinking more in terms of a CTX parameter passed to a different API.
The problem with many caching ideas and the current ASN1 library is that
things could be modified and the cache have no way of determining that
it is now invalid. Some parts are modified using a structured API
This makes me wonder whether a) perhaps a native C++ interface is in order
(with the inherent advantages and disadvantages); and b) should
My vote is to keep things in C.
object-oriented terminology be used in the documentation, as a pedagogical
tool? In other words (for the latter),
Gary Feldman schrieb:
specified in C. You can implement your own particular BIO (analogous to
deriving an implementation class from an abstract class), by providing the
following functions (i.e. methods). Since this is C and not C++, you have
to make the methods available as follows,
Here enclosed a drop-in tar replacing Makefiles and making Sun's new cc
compiler happy.
Fully tested and working, even in shared library version.
Enjoy.
--
** Dr. Pietro Princi
** zone-c: PP787-RIPE
** Universita' di Messina - Viale Annunziata - 98100 MESSINA - ITALY
** tel: +39-90-6766459 fax:
Alicia da Conceicao wrote:
My contacts at Netscape mentioned that a few CA'a like Versign have
issued new root CA certs that support the new OCSP (Online Cert Status
Protocol), specified in RFC 2560. He also mentioned that OCSP support
will not only be included in future Netscape
You can do this via the authority information access extension. The
format is undocumented but something like:
authorityInfoAccess= OCSP;URI:http//some.oscp.server/whatever/path
Dear Steve:
Do you have the object identifers for this? Do you know of any sources
of info I can look at about
Hi Alicia,
You don't need to add any special extensions to root
certificates to say that the CA does OCSP. You basically need to
add the AIA extension in the end entity (EE)/CA certs that you issue,
to tell relying parties (RP) where to look for the OCSP server to
find the status of the EE
Hi,
I'm currently porting OpenSSL to a platform that lacks a gmtime
eqivalent. I do however have access to a localtime. How would the OpenSSL
library be affected if I switched the gmtime()'s to the localtime equivalent
available to me? My hope is that the gmtime is only being used to