Thanks for reply, Jakob.
Your are probably right. Microsoft CAPI essentially treats all its key
storages like physical smart cards, which means that by default, you cannot
extract the private key using any documented method (if at all),
...
It's confusing... OpenSSL provides an API that
On 12/07/2012 11:05 AM, LN wrote:
I have a feeling it does so because I tried to save that returned
EVP_PKEY to a PEM file with PEM_write_bio_PrivateKey and then to load it
back from the same file with PEM_read_bio_PrivateKey.
Saving worked, but loading failed (with some decoding error
Hi,
Yes, that clarifies the issue for me.
One thing I am wondering about now (as a user) would be how to get
openssl to disregard any local trusted cert list - i.e. how do I get it
to act on the provided CAFile only?
Do I need to remove the complete local root store? Or can I set the
CAPath to
Inline.
--
Erwann ABALEA
Le 07/12/2012 11:26, Ralph Holz a écrit :
Hi,
Yes, that clarifies the issue for me.
One thing I am wondering about now (as a user) would be how to get
openssl to disregard any local trusted cert list - i.e. how do I get it
to act on the provided CAFile only?
On Fri, Dec 7, 2012 at 5:05 AM, LN lnicu...@yahoo.com wrote:
...
MS CAPI has an option to mark a private key as exportable when you
create or install it, which means that the private key can then be read
anyway, but I don't know if that feature is used by the OpenSSL CAPI
Engine. It is
Dave Thompson said:
The problem is not in accepting the cert, the problem is you received no
response (serverhello) at all, much less a cert.
When I try with vanilla 1.0.1c it works, but only TLSv1.0.
There have been reports of some server software failing because the
clienthello for