Re: [openssl-users] Unable to install OpenSSL

On 04/05/2018 02:16, Lunessia wrote: Hello everyone, I've been having various troubles with installing and compiling OpenSSL. I started with 1.1.1-pre6, and my Perl client will tell me that I don't have NASM even if I have it installed (If I use VC-WIN64A) or output "If you want to report a

[openssl-users] Unable to install OpenSSL

Hello everyone, I've been having various troubles with installing and compiling OpenSSL. I started with 1.1.1-pre6, and my Perl client will tell me that I don't have NASM even if I have it installed (If I use VC-WIN64A) or output "If you want to report a building issue, please include the output

Re: [openssl-users] Building FIP enabled OpenSSL fails in Yocto-ARM build

Hi All, In addition to the my previous mail, this is additional info objdump -t libcrypto.so.1.0.0 | grep FIPS_signature 001ad8b0 l O .data 0014 FIPS_signature readelf -a libcrypto.so.1.0.0 | grep FIPS_signature 11812: 001ad8b020 OBJECT LOCAL DEFAULT 23

Re: [openssl-users] How to prove a Certificate is Signed or not

> On May 3, 2018, at 3:06 AM, Anil kumar Reddy > wrote: > > The issue is: > I am unable to find out the exact command lines or c/c++ program functions to > prove the SignedCertificate.pem is signed or not. I have spent more than one > day on researching, but I

[openssl-users] Building FIP enabled OpenSSL fails in Yocto-ARM build

Hi All, I am building FIPS supported OpenSSL in yocto for ARM architecture. I tried using openssl-fips-2.0.13 and openssl-fips-2.0.4 I am building FIPS externally with the below environmental settings

Re: [openssl-users] How to prove a Certificate is Signed or not

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of morthalan > Sent: Thursday, May 03, 2018 05:51 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] How to prove a Certificate is Signed or not > > But In my case, I do not have any root certificate. I have

Re: [openssl-users] How to prove a Certificate is Signed or not

I got two Ideas. I can verify the certificate by comparing the issuer name char *s = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *i = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); int rc = strcmp(s, i); verifying with public key EVP_PKEY *caPubkey =

Re: [openssl-users] How to prove a Certificate is Signed or not

You could: - Check subject and issuer for sameness. - Verify the signature with the certificate’s own key. A positive verification indicates self-signed. > On May 3, 2018, at 7:18 AM, Salz, Rich via openssl-users > wrote: > > > > On 5/3/18, 4:24 AM, "morthalan"

Re: [openssl-users] How to prove a Certificate is Signed or not

>After the generation of SignedCertificate.pem. I would like to write function to verify the SignedCertificate.pem, whether it is signed or not. That is still not an accurate description. By definition, a certificate is *signed data.* It appears as a bitstring in the X509 data

Re: [openssl-users] How to prove a Certificate is Signed or not

Sorry for the insufficient explanation on what I did. I have implemented one c++ code(csrReq.cpp) to generate certificate signing request(certReq.pem) along with private key(csrPkey.pem). Another c++ code (signcode.cpp)is to read the user data from certReq.pem and generate the Signed

Re: [openssl-users] How to prove a Certificate is Signed or not

On 5/3/18, 4:24 AM, "morthalan" wrote: No, technically not. I am just searching for a simple method just to check a certificate is signed by CA or not. Because. Something like signing check, I am not quite sure, I do not have proper knowledge on

Re: [openssl-users] How to prove a Certificate is Signed or not

a root cert is the self signed cert. On Thu, May 3, 2018 at 2:50 AM, morthalan wrote: > But In my case, I do not have any root certificate. I have only one signed > certificate (SignedCertificate.pem) and one certificate signing request > (certReq.pem) . So when I

Re: [openssl-users] How to prove a Certificate is Signed or not

But In my case, I do not have any root certificate. I have only one signed certificate (SignedCertificate.pem) and one certificate signing request (certReq.pem) . So when I use it as below openssl verify -CAfile SignedCertificate.pem SignedCertificate.pem I am getting error "error 20 at 0 depth

Re: [openssl-users] How to prove a Certificate is Signed or not

openssl verify -CAfile your_ca_cert.pem SignedCertificate.pem Hope that helped Cheers, Richard In message <1525335799770-0.p...@n7.nabble.com> on Thu, 3 May 2018 01:23:19 -0700 (MST), morthalan said: morthalaanilreddy> No, technically not. I am just searching for

Re: [openssl-users] How to prove a Certificate is Signed or not

Or using the javascript interface https://www.npmjs.com/package/sack.vfs#interface https://github.com/d3x0r/sack.vfs/blob/master/tests/tlsTest.js#L28 if( vfs.TLS.validate( {cert:signedCert3, chain:signedCert2+cert} ) ) console.log( "Chain is valid." ); On Thu, May 3, 2018 at 12:36 AM, J

[openssl-users] disable session id reuse

Hi, While doing a openssl s_time command I find that by default it tries for Session Id Reuse. "Now timing with session id reuse." In case if we don't want openssl to reuse session id's how can we configure openssl in the application for the same. The application here is acting as a server.

Re: [openssl-users] How to prove a Certificate is Signed or not

No, technically not. I am just searching for a simple method just to check a certificate is signed by CA or not. Because. Something like signing check, I am not quite sure, I do not have proper knowledge on Openssl. d3x0r wrote >

Re: [openssl-users] How to prove a Certificate is Signed or not

https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 this routine does cert validation but I don't thkn that's what you want this verified on a connection https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 which boils down to

[openssl-users] How to prove a Certificate is Signed or not

Hi everyone, I am new to opennssl and now I am completely confused. Please help me out to solve my issue. I have implemented a code to sign the given CSR certificate (certReq.pem), then generate openssl signed Certificate (SignedCertificate.pem) using the details of certReq,pem. The code is