Hello,
I want to be able to access the certificates for Windows that the
certificate manager looks after (the trusted CA's that come with Windows),
there does Windows store these certificates, and in what format?
Tat.
__
0x400
#define OCSP_NOTIME 0x800
What are they?
Tat.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dr S N Henson
Sent: 11 December 2001 18:21
To: [EMAIL PROTECTED]
Subject: Re: OCSP_basic_verify
Tat Sing Kong wrote
That's me told then, so to authenticate a certificate you need the whole
chain of certs going from the cert to authenticate all the way to a
trusted CA.
The application I am writing is presented with certs to authenicate from an
external source, and the configuration has to hold a pool of
Hi,
I have been trying to figure out what the flags are for this function and
have come up with the following, can someone verify?
int OCSP_basic_verify(OCSP_BASICRESP *bs, // the OCSP response
STACK_OF(X509) *certs, // intermediate signing certs
Here's what I did:
from openssl dir:
perl util\mk1mf.pl VC-NT dll ms/ntdll.mak
then nmake -f ms\ntdll.mak
If you look in ms\README, it tells you this; in a kind of
cryptic-around-the-houses type way.
Tat.
thanks for all the help everybody,but now i'll get path errors,i
will download
Hello,
If you have a signing hierarchy of A signs B, B signs C, and C signs D, so
that A is your root CA and D is the end user certificate. If I want to
check that D is signed by A, does that mean that intermediate signers B and
C also have to be present in the certificate stack, or what
I'm sure I heard of one a while back called SSLava or something, but there
definitely is one.
Tat.
Hi,
i tried to find a toolkit that can handle C and Java to make sure
being 100% compatible,because we have a networkclient
application written in C,and also a Browser application written in
Hello,
I am looking at verifying the OCSP responses, in regard to verifying the
OCSP signer certificate. I have been looking at OCSP_basic_verify, but
can't figure it out, and there's no documentation. Can anyone shed any
light?
Also, are there any code examples of walking up a CA chain and
I generally re-post this onto the newgroup every couple of weeks, but
here's a newbie document:
http://www.consegna.co.uk/exchangeCentre.html
Hope this helps.
Tat.
Søren Erland Vestø wrote:
Hi,
I'm currently developing an application where I need to secure the
communication between the
I've written a document as part of my own openSSL notes that describes
how to code an SSL client and server using the openSSL libraries. It's
a bit noddy but it does the job.
These might be useful for people just starting (I know I was looking for
such a document when I started).
]
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
+---
| Tat Sing Kong Bsc
PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
+-------
| Tat Sing Kong Bsc(Hons)
| Senior Technical Architect
| Consegna Advanced Technologies Ltd
| 1st Floor, 30-32 Thomas Street
| Manchester, M4 1
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
+---
| Tat Sing Kong Bsc(Hons)
| Senior
I've written a document as part of my own openSSL notes that describes
how to code an SSL client and server using the openSSL libraries. It's
a bit noddy but it does the job.
These might be useful for people just starting (I know I was looking for
such a document when I started).
The last
absolutely want to :)
Good luck!
Tat.
--
+---
| Tat Sing Kong Bsc(Hons)
| Senior Technical Architect
| Consegna Advanced Technologies Ltd
| 1st Floor, 30-32 Thomas Street
| Manchester, M4 1ER, United Kingdom
Anyone using the OCSP beta stuff in the snapshot of openSSL? I am
getting memory leaks for it, but when I do add the free'ing code it
crashes. Here's the sequence
OCSP_REQUEST_free(pOCSPRequest);
OCSP_RESPONSE_free(pResponse);
// Next line crashes
OCSP_BASICRESP_free(pOCSPBasic);
I've written a document as part of my own openSSL notes that describes
how to code an SSL client and server using the openSSL libraries. It's
a bit noddy but it does the job.
These might be useful for people just starting (I know I was looking for
such a document when I started), so if you
http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
+---
| Tat Sing Kong Bsc(Hons)
| Senior Technical Architect
Hello everybody,
I've written some C++ stuff, and some wrappers for OpenSSL which compile
fine on VC++ 6.0, however when I put them together the compiler is
complaining because openSSL uses variable names like "modulus" and
"list" which are also used by the STL stuff.
Anyone know a way around
tomated List Manager [EMAIL PROTECTED]
--
+-------
| Tat Sing Kong Bsc(Hons)
| Senior Technical Architect
| Consegna Advanced Technologies Ltd
| 1st Floor, 30-32 Thomas Street
| Manchester, M4 1ER, United Kingdom
http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
+---
| Tat Sing Kong Bsc(Hons)
| Senior Technical Architect
Verisign have issued Microsoft certs by accident. Could pose serious
security breach.
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
Tat.
__
OpenSSL Project
Anyone know when this is due?
I would like to use some of the OCSP stuff, but I am a bit worried
because I had to mangle some of the source files to compile it.
Tat.
begin:vcard
n:Kong;Tat Sing
tel;fax:+44 (0)161 833 3636
tel;work:+44 (0)161 833 3777
x-mozilla-html:FALSE
: Tat Sing Kong [EMAIL PROTECTED]
tsk Anyone know when this is due?
No. In the mean time, it would be really helpful if you would tell us
exactly what kind of mangling you need to do. That might help make it
work properly on your platform...
tsk I would like to use some of the OCSP stuff
I've got apps\ocsp.c, but does anyone have any nice documentation on the
OCSP API part of openssl?
Tat.
begin:vcard
n:Kong;Tat Sing
tel;fax:+44 (0)161 833 3636
tel;work:+44 (0)161 833 3777
x-mozilla-html:FALSE
url:www.consegna.co.uk
org:Consegna Advanced Technlogies Ltd
version:2.1
This is how I do it, I stole it from the examples.
X509 *pCert;
X509_gmtime_adj(X509_get_notBefore(pCert),0); // valid from
X509_gmtime_adj(X509_get_notAfter(pCert),(long)60*60*24*expiryYears*365);
//valid to
How do i set the "Valid from" and/or "Valid to" parameters in the
certificate?
, Inc.
[EMAIL PROTECTED]
_
- Original Message -
From: "Tat Sing Kong" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 23, 2001 11:59 AM
Subject: Protocol messages
According to my SSL book, a clientHello
According to my SSL book, a clientHello looks like this:
(decimal values)
22 3 0 len len 1 len len len 3 0 random 32 bytes id
session id ciphers compress
But what I get from my SSL client is this:
(in hex)
80 5b 01 03 01 00 42 random 32 bytes ...
Which looks nothing like the book says, but
Using my SSL server, I have connected to it using the Netscape LDAP
SDK. Here is the console:
SSL_accept:before SSL initalisation
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
Has anyone successfully got the Netscape LDAP SDK to talk to an SSL
server written using openssl.
On my server I have done...
SOCKET sock;
m_pSSLContext = SSL_CTX_new( SSLv23_client_method());
m_pSSL = SSL_new(m_pSSLContext))
SSL_set_fd(m_pSSL, sock);
SSL_accept(m_pSSL);
On my client...
I've seen it, and fixed it. Rather unhelpfully, I can't fully remember
how.
C/C++ - Code Generation - (Debug) Multi-threaded DLL
Make sure that you are consistent with your use of this DLL in making
your lib, and then .exe
hth
Tat.
Matthieu Ludinard wrote:
Hi,
We developpe an
it.
Thank you
Joo Andras
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
+-------
| Tat Sing Kong Bsc
Don't you just take the existing key pair (don't forget; key pairs never
expire, certs do), and re-submit a cert request?
Tat.
Song Yi wrote:
Thanks in advance.
__
OpenSSL Project
I am trying to proxy an SSL connection for a number of SSL servers, so
therefore a client
needs to negotiate with me before I can decide with real SSL server to
connect to.
If we assume that none of the SSL Server Certificates are related, i.e.
they don't have the same CA. Then the proxy will
I find some of the example stuff pretty mind blowing, what I would like
to see is something
like...
First of all set this up
Wait for a connection
Do a bit of handshaking
Send some data
Clean up
With all the function calls involved.
One of the things I don't understand is what is the difference
35 matches
Mail list logo
