On Tue, Mar 05, 2013, Geoff Swan wrote:
Hi,
I have an ocsp response in memory. The response may contain 1 or more
(probably about 20) ocsp responses for certificates based on the same
issuer name and issuer key.
I need to locate the response that is relevant for the certificate of
I need to locate the response that is relevant for the certificate of
interest Is the usual method
to parse each response and match the cert serial number to find the index to
the correct ocsp response?
Yes.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Hi,
I have an ocsp response in memory. The response may contain 1 or more
(probably about 20) ocsp responses for certificates based on teh same
issuer name and issuer key.
I need to locate the response that is relevant for the certificate of
interest. Is the usual method to parse each response
I can't seem to find more detailed information on what is going on when
generating a CSR. I would like to learn more in detail how the private key
is used to create a CSR beside just matching the public key.
When generate a CSR using OpenSSL you have two options:
1) Generate a Private key when
The Certification Request has a signature field generated by running the RSA
sign operation against the fields in the request. This signature is used to
perform an RSA verify using the public key in the request. The signature must
be valid for most CAs to accept the request. The cryptographic
Hi Steve,
I am also facing the same issue.
If I want to to fix this bug, should the code for SSL_get_certificate() be
restored to previous state? Is there any other place to be fixed?
Thanks,
-Vimol
On Mon, Feb 11, 2013 at 10:21 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Mon, Feb 11,
Ø Hypothetically, what if i have TWO key pairs (PubKey1, PrivKey1, PubKey2,
PrivKey2). First thing
Ø i do is move PrivKey1 to another place. Is there a way where I can use
PubKey1 to make the CSR
Ø (Without access to PrivKey1), but sign it with PrivKey2 to preserve
integrity?
If you can
On Mon, Mar 4, 2013 at 9:33 PM, Steven Funasaki
thegreatste...@gmail.com wrote:
Does the CSR need to be signed with the matching private key for the CA to
validate it?
Of course. That demonstrates proof of possession of the private key.
Otherwise there is no binding of an entity to a keypair,
On Tue, Mar 05, 2013, Vimol Kshetrimayum wrote:
Hi Steve,
I am also facing the same issue.
If I want to to fix this bug, should the code for SSL_get_certificate() be
restored to previous state? Is there any other place to be fixed?
Effectively yes. The fix is here:
On Mon, Mar 4, 2013 at 11:19 PM, Jeffrey Walton noloa...@gmail.com wrote:
Hi All,
OpenSSL 1.0.1e is not loading Intel's hardware random number
generator. ENGINE_load_rdrand() silently fails:
/*** eng_rand.c ***/
void ENGINE_load_rdrand (void)
{
extern unsigned int OPENSSL_ia32cap_P[];
Hi all,
I want to insert/modify the mlExpansionHistory attribute in a SMIME email
using the openssl API.
Thanks
--
View this message in context:
http://openssl.6102.n7.nabble.com/mlExpansionHistory-attribute-tp44086.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
On 5 Mar 2013, at 6:57 AM, Greg Keene wrote:
Is there an API that will allow me to read an encrypted file directly into
memory? If possible I would like to bypass decrypting the file and writing
it back out to the hard drive.
What format is the encrypted file in? If it's just (for
I upgraded my Apache and OpenSSL bits in /usr/local to 2.4.4 and 1.0.1e and
then
ran in test mode for about a week. All seems well enough.
I then made a big tarball and moved the entire pile from /usr/local over to
another
Solaris server. In fact, a zone on the same server.
It starts up
On 5/03/2013 10:56 PM, Dr. Stephen Henson wrote:
On Tue, Mar 05, 2013, Geoff Swan wrote:
Hi,
I have an ocsp response in memory. The response may contain 1 or more
(probably about 20) ocsp responses for certificates based on the same
issuer name and issuer key.
I need to locate the
Hi all,
Are RAND_seed(), RAND_add() NIST SP 800-151A compliant ?
NIST SP 800-151A compliant enforces that
RBGs specified in SP 800-90 (HASH, HMAC, CTR, DUAL_EC) and ANS X9.62-2005
(HMAC) are acceptable standards
I think this depends on the engine being loaded. HOwever, not sure what
engine is
The role of the private key in the CSR is for a proof of possession (POP).
You can use crypto and non-crypto methods to provide a proof of possession of
private key to a CA. Without a crypto method, I am not sure whether you can
provide a POP without disclosing the private key to the CA.
If
16 matches
Mail list logo
