hi
I am trying to figure out how to compile libcryto library for smart watches
such as Pebble Watch.
If anyone has done it please share the steps.When I download the source
folder it has lot of files and I am not sure which one is required and
which one is not required.
Thanks
Tapas
I'm having trouble figuring out how to get a CRL I created working. I'll start
from the beginning, apologies for length.
First, I created my own CA with OpenSSL (1.0.1h) on my server machine,
consisting of 3 certificates: root - serverCA - serverI successfully opened
connections from my client
It appears this is resolved already, sort of. It appears the one thing I did
not try after revoking the serverCA certificate with my root was to concatenate
the new CRL to the root cert on the client machine. When I did that, my client
got a certificate revoked error.
However, I do have a
However, I do have a question. Is there any way around this requirement? The
requirement of apending the root certificate and CRL files on the client
machine in /etc/ssl/crls?
It totally depends on the client program that you are using. So, which client?
The validation code won't, on
Rich-
Thanks for your response. The client is my own Linux client using OpenSSL. So
are you saying that I need to do certificate validation on my own, at least as
far as checking for revocation? That's assuming the solution isn't to
concatenate the files as described previously. I am not
No, I'm saying that putting the CRL's into the local directory is okay, and
OpenSSL will parse them. How you get them there is your issue :)
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
OK, maybe I'm confused. I can get the CRL to my client machine OK, that's not
an issue. What I'm saying is, placing the CRLs into the local directory alone
is not OK, revocation check will not work. In order for that to work, I need to
append the CRL to the root certificate in /etc/ssl/crls.
So
No, I was confused; when you said append to the root cert I thought you meant
copying it into the local directory. You meant literally appending it to the
cert. I suppose you could create a new file with a similar name...
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM:
OK. So as far as you're aware, there's not a way to avoid the requirement of
the combined root cert/CRL file when checking for revoked certificates? I would
prefer to just have to deal with the CRL in PEM format, but the CRL file must
always be the CRL appended to the root cert, as far as I can
Yes, but as far as I'm aware doesn't go very far into that part of the code.
See what happens when other devs (in timezones closer to GMT) reply.
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
Take a look at the file INSTALL in the top level of the source package to learn
what development tools are required and what the basic procedure is and it
might be useful to do a build on a standard platform like a Linux virtual
machine to see how it works.
From:
On Wed, Jul 30, 2014, Jason Schultz wrote:
OK. So as far as you're aware, there's not a way to avoid the requirement of
the combined root cert/CRL file when checking for revoked certificates? I
would prefer to just have to deal with the CRL in PEM format, but the CRL
file must always be the
Dr Henson-
The first message in this thread had the relevant code, copied again below. I
have tried a few tweaks on setting up for CRL checking, but this is what I have
now:
Reading the file in; I have edited out a lot of error checking, etc, but the
CRL is read in successfully:
X509_STORE
I have been having a discussion with some friends of mine on this.
They were thinking that the problem from the recent random number issue
is a real problem in older 32 bit systems. I was thinking it is not as
bad as they are thinking. Since I was looking into this with the old
bitcoin code I
Thanks Steve,
I have been having a discussion with some friends of mine on this.
They were thinking that the problem from the recent random number issue
is a real problem in older 32 bit systems. I was thinking it is not as
bad as they are thinking. Since I was looking into this with the old
On Wed, Jul 30, 2014 at 5:54 PM, dave paxton dpax...@me.com wrote:
...
They were thinking that the problem from the recent random number issue
is a real problem in older 32 bit systems. ... One suggestion is they
used a get milli command to fill the 64 bits. I thought that was
silly. So I
16 matches
Mail list logo
