Good day,
The following is a question re: openssl verify.
In the openssl docs, I have found that no chain verification is done if the
option -purpose is not set. I just checked with a few test cases (certs
from HTTPs server, chain length at least 3) and found that the output of
verify seems to
If your service uses my in order to retrieve certificate it only reads
its certificate (service launcher UserA), you can save certificate for
LocalMachine but your service must
use local machine store to retrieve certificate and not my (personal)
store.
Da:
2011/3/9 Dave Thompson dthomp...@prinpay.com
From: owner-openssl-us...@openssl.org On Behalf Of ikuzar
Sent: Tuesday, 08 March, 2011 13:02
I am going to explain below what I HAVE TO do :
a) I have to store certificates in a map which is a shared memory.
( I have
On Wed, Mar 09, 2011, Ralph Holz wrote:
Good day,
The following is a question re: openssl verify.
In the openssl docs, I have found that no chain verification is done if the
option -purpose is not set. I just checked with a few test cases (certs
from HTTPs server, chain length at least
On Tue, Mar 08, 2011, Collins, Jerry wrote:
Hello,
My company recently decided to upgrade to the latest FIPS release
1.2.2. I've read the Security and User Manual. According to them, the
only command we can give is ms\do_fips no-asm.
Well for Vista you'd be better with ms\do_fips or
Hi Steve,
On 9 March 2011 13:03, Dr. Stephen Henson st...@openssl.org wrote:
Am I correct in surveying that openssl verify uses a default of
sslserver
for -purpose?
No it just means that most certificates could (in theory) be use as SSL
server
certificates. If you had appropriate
Hi,
I've got an interrogation on .so file !
I'm compiling the 0.9.8r file of openssl using the config command with
those threads shared zlib-dynamic options ... All is going fine
My question is :
Why i'm not finding the version in the openssl/lib/libcrypto.so.0.9.8
when i'm using the
On Wed, Mar 09, 2011, Ralph Holz wrote:
Hi Steve,
On 9 March 2011 13:03, Dr. Stephen Henson st...@openssl.org wrote:
Am I correct in surveying that openssl verify uses a default of
sslserver
for -purpose?
No it just means that most certificates could (in theory) be use as SSL
Hi,
Do you mean i should install client certificate into trusted root
certificate?
// Harshvir
On Wed, Mar 9, 2011 at 5:05 AM, Francesco Petruzzi
francesco.petru...@innovery.it wrote:
If your service uses “my” in order to retrieve certificate it only reads
its certificate (service
Hi,
No it just means that most certificates could (in theory) be use as SSL
server
certificates. If you had appropriate extensions restrictions (e.g.
extended
key usage or the deprecated netscape certificate type) you'd notice the
difference.
Thanks for the quick answer.
You can create your own certificate store under local machine, or use an
existent one.
See http://msdn.microsoft.com/en-us/library/aa388136(v=vs.85).aspx for
details about where store are located and access right.
I can suppose userA and userB as affiliated to the same group users.
Da:
add to previous post, I 'd like to know what is the best format for storing
item in map. Item is here a struct which encapsulated certificate object (
as shown in previous message ).
I think about DER format ... is it a good idea ?
2011/3/9 ikuzar razuk...@gmail.com
2011/3/9 Dave Thompson
On Wed, Mar 09, 2011, Ralph Holz wrote:
Sorry again, but this is somewhat confusing. Your words seem to imply that
the correctness of the chain leading up to the root CA is indeed evaluated
(else why bother about the CA cert?). Yet the docs say about -purpose:
Without this option no chain
Thanks Stephen
I have modified fipsld to compile only fips_premain.c with gcc and my rest
of the application is still using g++ for compilation and linking. But I am
not able to sort out exactly how to modify the part that will result in
embedding signature of exact 40 characters, in case I want
On Wed, Mar 09, 2011, raghib nasri wrote:
Thanks Stephen
I have modified fipsld to compile only fips_premain.c with gcc and my rest
of the application is still using g++ for compilation and linking. But I am
not able to sort out exactly how to modify the part that will result in
embedding
Stephan,
Maybe I'm confused, and it's been two years since I dealt with this,
but I thought the libeayfips32.lib was built as part of the fips build,
not as a follow on step. Also, the libeay32.lib that is built by the
ms\do_fips no-asm doesn't give me an option of whether to build a DLL or
On Wed, Mar 09, 2011, Collins, Jerry wrote:
Stephan,
Maybe I'm confused, and it's been two years since I dealt with this,
but I thought the libeayfips32.lib was built as part of the fips build,
not as a follow on step. Also, the libeay32.lib that is built by the
ms\do_fips no-asm
Now I don't think its possible. I am statically linking application with
object module and library and if you have observed fipsld, first time its
compiling and linking the application without any preprocessor symbol. At
that time fips_premain.c observes that no HMAC defined and generates the 40
18 matches
Mail list logo