, the AuthorityKeyIdentifier
extension, and suchlike?
Also, you'll get more replies if you post a fresh message to the list
when you have a fresh question, rather than replying to a mesasge deep
in an unrelated topic chain that people might be ignoring.
cjs
--
Curt Sampson c...@cynic.net +81
, that's two threads concurrently
using one connection.
And underneath the covers, as it were, both threads may be both
reading and writing, since a read or write to an OpenSSL handle can
translate to both reads and writes on the underlying TCP handle.
cjs
--
Curt Sampson c...@cynic.net
handle a simultaneous read on
one thread and write from a different thread.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
It is easier to write an incorrect program than understand a correct one.
--Alan Perlis, Epigrams on Programming (#7
, and
as well as similarly long-running connections, I'm wondering what, if
anything, I need to do about re-seeding OpenSSL's PRNG. How long is
it safe to leave it running in a moderately busy system (several TLS
connections per second), and is that even the metric one should use?
cjs
--
Curt Sampson
need to give an OpenSSL
function (outside of trivial accessors) an X509*?
Also, is there any documentation on how memory management for this sort
of stuff is working in general in the OpenSSL library? The code is
heavily macro-driven and I'm finding it rather confusing.
cjs
--
Curt Sampson
.
It depends on what you put in the certificate. OpenSSL 0.9.7a certainly
capable of producing RFC-5280-compliant certificates, but you can also
easily produce non-compliant certificates as well.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
Then I ducked into Burger King
that.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
Then I ducked into Burger King to scarf down a whopper with 45 pieces of
bacon on it! Oh, oh!--JayDogg
__
OpenSSL Project
On 2012-05-23 13:26 +0900 (Wed), Curt Sampson wrote:
The application I'm concerned with
Oh, one more thing I forgot about the application: we're using our own
means of certificate and CRL distrubution and storage, so in generally
we have DER representations of this stuff in memory, rather
systems. That said,
I've only looked at it, not used it.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
Then I ducked into Burger King to scarf down a whopper with 45 pieces of
bacon on it! Oh, oh!--JayDogg
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
telephone. --Bjarne Stroustrup
, please feel free to correct me if I'm wrong, but this is
basically what I've gotten from many hours of study on this over the
last few months in preparation for setting up my own PKI.)
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling
which is well documented; if you want a real challange read up on the
NetBSD issues and try a conversion yourself.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my
Enterprise Codes, but I gather that others use this for pretty much
anything where they need a unique OID.)
[1]: http://www.iana.org/assignments/enterprise-numbers
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished
move that direction.
Thanks again for your help.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out
something where you want to read encrypted data at a later date
(e.g., S/MIME e-mail messages), tossing the keypair you need to read
this these is kind of a bad idea
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always
by the master CA rather than a
client CA.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
implications.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
telephone. --Bjarne Stroustrup
the CPU for RC4-MD5).
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
telephone
authentication of our data
entirely. I'd be interested in ideas about how to avoid doing this.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my telephone;
my wish has come true
private CA only (so a Comodo incident will not affect it).
Yes, my PKI is entirely private, with no connection to any other PKI.
The certificates aren't even compatible.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling-software.com/
I have always
we're at it, can someone point me to a reference on the OIDs
used for the various field names (CN etc.) used within distinguished
names? This didn't really seem to be mentioned in the X.501 spec.
cjs
--
Curt Sampson c...@cynic.net +81 90 7737 2974
http://www.starling
21 matches
Mail list logo
