Bonjour,
Le 24/09/2012 21:03, Jakob Bohm a écrit :
Does that work with any other serious X.509 validation toolkit?
It should.
When trying to build a valid certification path, all possibilities have
to be tested until one of them succeeds. If a CA gives a good signature,
but fails for
Just for the records: my workaround was to check the expiration date
while dumping the certificates into the file, and skipping the expired
ones. Further, I dump the certificates once a day to avoid issues with
certificates expired after doing the dump.
regards
Klaus
On 13.09.2012 17:09,
On 24.09.2012 23:56, Alex Chen wrote:
Sorry I did not use new mail command to start a new topic. Let me start
over again.
I remember seeing somewhere that OpenSSL supports Intel AES instruction
set. If so, which release is that and what flag is needed to enable it.
Does the 'no-asm' flag in
Hi,
I am writing a soap request and I am using SSL_VERIFY_NONE flag mode
because that was the only way that I could actually do the request to the
server.
I tried the others mode flags (SSL_VERIFY_PEER,
SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE) but none of
them worked. I got the
On 9/25/2012 11:11 AM, Erwann Abalea wrote:
Bonjour,
Le 24/09/2012 21:03, Jakob Bohm a écrit :
Does that work with any other serious X.509 validation toolkit?
It should.
When trying to build a valid certification path, all possibilities have
to be tested until one of them succeeds. If a CA
Hi,
I have compiled OpenSSL 1.0.1c. After compilation libs which are generated
contains version number as 1.0.0.
For example: libssl.so.1.0.0, libcrypto.so.1.0.0
Is this a defect with OpenSSL 1.0.1c? Ideally library names should have been
libssl.so.1.0.1, libcrypto.so.1.0.1
Thanks,
Praveen
Hello,
I'm trying to get FIPS enabled openssl 0.9.8x for iOS (armv7), but all my
attempts do not succeed. There is a very good guide how to build FIPS Object
Module for iOS at http://www.openssl.org/docs/fips/UserGuide-1.2.pdf, but it
does not describe how to build openssl with FIPS enabled
Hi Praveen,
In linux you would expect extension to so files as such
you have received. I think when we use system.loadlibrary method will get
errors so have to execute using system.load method.
Regards,
kondlada
On Tue, Sep 25, 2012 at 10:23 AM, Thakur, Praveen Kumar
What is the code in x509v3.h in the vicinity of lines 180 to 200?
My line 192 does not have a ')' in it.
Do you get any errors *preceding* the errors in x509v3.h?
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of david preetham
Sent:
Bonjour,
Le 25/09/2012 14:16, Jakob Bohm a écrit :
On 9/25/2012 11:11 AM, Erwann Abalea wrote:
Le 24/09/2012 21:03, Jakob Bohm a écrit :
Does that work with any other serious X.509 validation toolkit?
It should.
And in fact, OpenSSL works correctly, at least versions 1.0.1 (Ubuntu),
and
Is the AES-NI support enabled by default for x84/x86_64 architecture or do we
need to set specific flags to 'Configure' to enable the support?
I found a link from Intel:
http://software.intel.com/en-us/articles/boosting-openssl-aes-encryption-with-intel-ipp/
What does it offer that is
On 9/25/2012 6:12 PM, Erwann Abalea wrote:
Bonjour,
Le 25/09/2012 14:16, Jakob Bohm a écrit :
On 9/25/2012 11:11 AM, Erwann Abalea wrote:
Le 24/09/2012 21:03, Jakob Bohm a écrit :
Does that work with any other serious X.509 validation toolkit?
It should.
And in fact, OpenSSL works
I remember seeing somewhere that OpenSSL supports Intel AES instruction
set. If so, which release is that and what flag is needed to
enable it.
Does the 'no-asm' flag in 'Configure' disable the use of these
instructions?
Look on the Contribution page.
http://openssl.org/contrib/
Look at
Can you figure out a way to do it from the v1 fields? keyUsage is an
extension requiring v3.
-Kyle H
On Sep 24, 2012 11:28 PM, sanjaya joshi joshi.sanj...@gmail.com wrote:
Hi,
We can conclude an X509 V1 certificate to be a root ca using
(EXFLAG_V1|EXFLAG_SS).
Similarly, is there a way to
I've been using openssl-fips for a couple of years. I'm looking to
upgrade to 2.0 because of the slow (~10 seconds) integrity check on my
platforms when using version 1.2 when I call FIPS_mode_set().
I've got the FIPS canister built, and I've got the openssl 1.0.1c
libraries all compiled, and
On Tue, Sep 25, 2012, blaan...@rockwellcollins.com wrote:
I've been using openssl-fips for a couple of years. I'm looking to
upgrade to 2.0 because of the slow (~10 seconds) integrity check on my
platforms when using version 1.2 when I call FIPS_mode_set().
I've got the FIPS canister
On Tue, Sep 25, 2012, sanjaya joshi wrote:
We can conclude an X509 V1 certificate to be a root ca using
(EXFLAG_V1|EXFLAG_SS).
Similarly, is there a way to know whether an X509 V1 certificate is an
intermediate CA or end-entity certificate ?
You can't: there is nothing in a V1
On Tue, Sep 25, 2012, david preetham wrote:
am trying to build wpa_supplicant which is referencing openssl header file
x509v3.h on Visual studio 2005. while i am building compiler hitting
x509v3.h header file and finding hell lot of errors. Can anybody please
help me.
I'll send you my exact VS 2010 .h sequence tomorrow.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
Dr. Stephen Henson st...@openssl.org wrote:
On Tue, Sep 25, 2012, david preetham wrote:
am trying to build wpa_supplicant which is referencing openssl header file
x509v3.h on
Since I have access to these messages with Gmane, I surely don't need the
email as well. Does anyone have a clue how I can stop getting the email sent
to my account? It is the busiest of them by far. Thanks.
-Original Message-
From: owner-openssl-us...@openssl.org
From: owner-openssl-us...@openssl.org On Behalf Of Gloria Binette
Sent: Tuesday, 25 September, 2012 07:42
I have been tasked with using OpenSSL to create certificates and
then use them with Glassfish. I have created the CA, CSRs and CRTs,
have tried various ways to import them into
From: owner-openssl-us...@openssl.org On Behalf Of David William
Sent: Tuesday, 25 September, 2012 07:07
I am writing a soap request and I am using SSL_VERIFY_NONE flag mode
because that was the only way that I could actually do the request
to the server.
I tried the others mode flags
The following compiles without error in MS VS 2010 C++. Yes, I know string
is in there twice: no reason, it just is.
#include targetver.h
// Watch out! winsock2 and friends has to be ahead of most things
#include Ws2tcpip.h
// Ws2tcpip always needs Ws2_32.lib. You can put it here or in the
Oh! Also,
1. whenever I have problems with VS I *always* suspect precompiled header
issues. Try turning off pre-compiled headers, do a Clean, and a Rebuild, and
see if the problems go away.
2. Watch out for Unicode issues. This project is compiled Use multi-byte
character set which is MS-speak
That shouldn't be happening at all. The translation of OpenSSL calls to
the
FIPS_* form should only occur in the FIPS module itself, the FIPS capable
OpenSSL should have the same functionality as normal but it will call the
FIPS_* functions when necessary.
Thanks for the heads up. I sort
Hi steve,
Thanks. Got it.
That means we can't differentiate between CA and end-entity in case of V1
certificate.
We can only find out if the V1 cert is a self-signed certificate or not.
Correct ?
Regards,
Sanjaya
On Wed, Sep 26, 2012 at 2:36 AM, Dr. Stephen Henson st...@openssl.orgwrote:
On
26 matches
Mail list logo