Updated details. If we do compare the two requests (one failing because of not
enough data, one working fine), there are obvious differences in receiving the
response.
Working fine:
[Tue Jul 07 14:32:24 2009] [debug] ssl_util_ocsp.c(104): [client 10.200.48.140]
sending request to OCSP
Dear list,
another update - we got it.
[Fri Jul 10 10:28:39 2009] [error] [client 172.30.64.154] MWDE/nm: OCSP
response line unstripped: HTTP/1.1 200 OK
[Fri Jul 10 10:28:39 2009] [debug] ssl_util_ocsp.c(217): [client 172.30.64.154]
OCSP response header: Date: Fri, 10 Jul 2009 09:29:06 GMT
Hello everyone! I have a couple of questions regarding certificate chains that
I hope can be answered. The certificate chain goes something like this: root
CA - subordinate CA - endpoint.
1) Must each endpoint have access to the root CA certificate in order to
establish client TLS
To close out this issue in the hopes that this will be of use to someone
in the future, Dr. Henson greatly helped in tracking the problem down to
a PHP extension that was calling EVP_cleanup().
When you have a shared library using OpenSSL and multiple applications
things like algorithm tables
i was given a small ecsign.exe program that takes some ECC parameters, the
private key, a random number, and outputs a signature of the specified binary.
i'm trying to ditch this program in favor of the openssl suite (for obvious
practical reasons).
for example, the parameters file looks like
Mike Frysinger vap...@gentoo.org writes:
[...]
ive been trying to figure out exactly how to invoke openssl to get the
equivalent behavior.
It's beyond me, I'm afraid. But a couple of things do suggest
themselves...
[...]
i'm creating the parameters file with:
openssl ecparam -name
Hello!
I need to issue a few certificates with custom fields, with the
customers more thoroughly identified, including Full name, Address,
Telephone number, blablabla, and even a picture of the poor guy.
Can this be done with one of the standards which uses openssl, or
would I have to make one of
On Fri, Jul 10, 2009 at 10:04:45PM +0200, Akos Vandra wrote:
Hello!
I need to issue a few certificates with custom fields, with the
customers more thoroughly identified, including Full name, Address,
Telephone number, blablabla, and even a picture of the poor guy.
A certificate is not a
Thank you, the certificate was verified as valid.
As far as the CAPATH command, is it literally called CAPATH? because I
couldn't find any reference to it in the openssl documentation.
Carlo
-Original Message-
From: owner-openssl-us...@openssl.org
Before just criticizing anything without any arguments whatsoever,
just stating that something is wrong, please think for a while.
Critiques are very important too, but if you do decide to criticize
something, make it useful.
The parties involved here are not connected to the internet, and thus
to a central database, that is
2009/7/10 Akos Vandra axo...@gmail.com:
Before just criticizing anything without any arguments whatsoever,
just stating that something is wrong, please think for a while.
Critiques are very important too, but if you do decide to criticize
something, make it
Victor Duchovni wrote:
On Fri, Jul 10, 2009 at 10:04:45PM +0200, Akos Vandra wrote:
Hello!
I need to issue a few certificates with custom fields, with the
customers more thoroughly identified, including Full name, Address,
Telephone number, blablabla, and even a picture of the poor guy.
On Fri, Jul 10, 2009 at 11:11:48PM +0200, Akos Vandra wrote:
The parties involved here are not connected to the internet, and thus
don't have any access to a (this is an embedded project), and they
must confirm eachother's identity based on the CA-signed certificates.
Well, my address is
Thank you, this was much more helpful.
2009/7/10 Victor Duchovni victor.ducho...@morganstanley.com:
On Fri, Jul 10, 2009 at 11:11:48PM +0200, Akos Vandra wrote:
The parties involved here are not connected to the internet, and thus
don't have any access to a (this is an embedded project),
On Fri, Jul 10, 2009 at 11:50:33PM +0200, Akos Vandra wrote:
If the subject participates in a protocol in which the certificate
authenticates its private key, generally a unique identifier for
each subject is sufficient to support per-subject ACLs, ...
If this is something akin to a
Akos Vandra wrote:
Thank you, this was much more helpful.
2009/7/10 Victor Duchovni victor.ducho...@morganstanley.com:
On Fri, Jul 10, 2009 at 11:11:48PM +0200, Akos Vandra wrote:
The parties involved here are not connected to the internet, and thus
don't have any access to a (this is an
Hello all,
Trying to connect to an Exchange 2003 SP2 Virtual SMTP Server with
s_client but get the following (OpenSSL 0.9.8g):
openssl s_client -connect mail.somehost.com:587 -state
CONNECTED(0003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
17 matches
Mail list logo