).
Hence, server cert renew or reky is transparent to client.
Erwin
--
From: Dinh, Thao V CIV NSWCDD, K72 thao.d...@navy.mil
Sent: Thursday, April 12, 2012 7:56 AM
To: openssl-users@openssl.org
Subject: RE: expired ssl certificate
Thank You very
On Thu, Apr 12, 2012, Ashok C wrote:
Hi,
I had almost the same requirement and eventually achieved it by patching my
openssl package's x509_verify code to do the check_cert_time() method
optionally depending on some conditions. Ideally I feel openSSL should
provide a validation flag like
: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Erwin Himawan
Sent: Wednesday, April 11, 2012 2:57 PM
To: openssl-users@openssl.org
Subject: Re: expired ssl certificate
Reading Nou's proposal, I have the impression that the client needs to be
modified
On Thu, Apr 12, 2012, Dinh, Thao V CIV NSWCDD, K72 wrote:
Thank You very, very much for all for help. I have a couple more questions:
1) what is max time you can have on expiration ??
Technically the 31st December but you have to consider the security
strength of the key used and how
Thao Dinh
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Nou Dadoun
Sent: Tuesday, April 10, 2012 3:15 PM
To: openssl-users@openssl.org
Subject: RE: expired ssl certificate
You can use a verification callback to look
???
Thank You
Thao Dinh
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Nou Dadoun
Sent: Tuesday, April 10, 2012 3:15 PM
To: openssl-users@openssl.org
Subject: RE: expired ssl certificate
You can use a verification callback
Subject: RE: expired ssl certificate
Hi Nou
Please help me understand more about this subject ( I am new to Openssl)
1. What happen if the peer presents an expired certificate and we do not
implement callback using SSL_CTX_set_verify with SSL_VERIFY_PEER flag set,
will the SSL_connect
, Thao V CIV NSWCDD,
K72
Sent: April 11, 2012 4:19 AM
To: openssl-users@openssl.org
Subject: RE: expired ssl certificate
Hi Nou
Please help me understand more about this subject ( I am new to Openssl)
1. What happen if the peer presents an expired certificate and we do not
implement callback
You can use a verification callback to look at the certificate after the
standard verify operation has been performed to decide whether or not to allow
the certificate anyway.
Look at the O'Reilly book
(http://doc.hackbbs.org/Reseaux/O_Reilly_-_Network_Security_with_OpenSSL.pdf )
page 132 or