Why do you have to trust root CAs? Why can't you trust at a lower level,
e.g. an intermediate CA or even a leaf certificate that is not a CA at all?
Allowing this should inject no security issue and in fact enhance security
by allowing you to be more restrictive in what you are willing to trust.
I was curious about the function ecp_nistz256_neg. This function seems
to work exactly how I expect for reduced inputs; i.e. inputs in the
range [0, P). And, it also seems to work how I expect for P:
ecp_nistz256_neg(P) == ecp_nistz256_neg(0) == 0. So, everything seems
fine for inputs in the range
On Tue, 2016-08-09 at 02:08 +, Viktor Dukhovni wrote:
> On Tue, Aug 09, 2016 at 01:45:24AM +, William M Edmonds via RT wrote:
>
> >
> > If I specify a CAfile that includes the leaf certificate and/or
> > intermediate CA certificates, but not the root certificate, then
> > verification
I think this question is better directed at Cavium support centre.
>I wanted to ask whether we can install Cavium OPENSSL Toolkit on
>Linux OS (on Cavium hardware), just as we install a standard OPENSSL?
Yes. You can install it as normal OpenSSL on Linux OS and all your
applications should work
On Mon Aug 08 13:52:12 2016, Stephen Henson wrote:
>> for some engine-implementations one needs the possibility to change
>> the EVP_MD used in signctx_init and verifyctx_init.
>> (because different EVP_MD are needed for standalone calculating of the
>> digest and calculating the digest during
Closing per original poster.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4643
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Tue, Aug 09, 2016 at 10:53:59AM +0100, David Woodhouse wrote:
> > As expected, unless you use the "-partial" flag in the command-line
> > utilities, or use the X509_VERIFY_PARAM_set_flags() to set the
> > X509_V_FLAG_PARTIAL_CHAIN flag when using the API.
>
> Is there an equivalent for 1.0.1?
Hi,
As I obviously needed to improve my test program,
I am now encrypting and decrypting files trying all ciphers in all their
available modes.
( ChaCha20, AES-128, AES-192, AES-256, Blowfish, Cast5, Camellia-128,
Camellia-192, Camellia-256, IDEA, Seed, 3 Keys Triple-DES, 2 Keys Triple-DES
)
(
> On Aug 9, 2016, at 2:52 PM, Salz, Rich via RT wrote:
>
> As Viktor pointed out, this doesn't work in 1.0.1
The story is a bit more complicated. What's really going on is that
root (self-signed) CAs in the trust store are backwards-compatible
implicit trust-anchors for all
> Why do you have to trust root CAs? Why can't you trust at a lower level, e.g.
> an intermediate CA or even a leaf certificate that is not a CA at all?
I said CA's, not root CA's.
As Viktor pointed out, this doesn't work in 1.0.1
--
Ticket here:
10 matches
Mail list logo