Hi,
What is the function to use to clear any error in X509_STORE_CTX
Thanks,
Arun
This is a suggested configuration. -D stands for preprocessor define.
/home/sambuild/OpenSSL ./config -h
Usage: config [options]
-d Add a debug- prefix to machine choice.
-t Test mode, do not run the Configure perl script.
-h This help.
Any other text will be passed to the
Extra -DXXX does not heart the preprocessor :-)
This OpenSSL 0.9.8
-Original Message-
From: William A. Rowe Jr. [mailto:wr...@rowe-clan.net]
Sent: June 2, 2010 5:11 PM
To: Alona Rossen
Cc: openssl-users@openssl.org
Subject: Re: unable to build dynamic library on HP-UX RISC and Itanium
Hi,
Given a CRL file, how to detect its format. whether it is in PEM encoded
format or ASN1.
Thanks,
Arun
Hi,
One simple and efficient method to distinguish between PEM and DER
encoding for a CRL or a certificate is to read the first byte : if it's
equal to 0x30 then this DER (this is the start of an ASN.1 Sequence) ,
otherwise it is PEM encoded.
This works ONLY if you are sure that the given
--- On Wed, 6/2/10, Eisenacher, Patrick patrick.eisenac...@bdr.de wrote:
-Original Message-
From: Vieri
--- On Tue, 6/1/10, Dave Thompson wrote:
CN doesn't need to be hostname or domainname for
a CA
cert.
Technically not required on entity cert either,
but on WWW
On Thu, Jun 03, 2010, Mounir IDRASSI wrote:
Hi,
One simple and efficient method to distinguish between PEM and DER encoding
for a CRL or a certificate is to read the first byte : if it's equal to
0x30 then this DER (this is the start of an ASN.1 Sequence) , otherwise it
is PEM encoded.
Thanks!
On Thu, Jun 3, 2010 at 4:54 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Thu, Jun 03, 2010, Mounir IDRASSI wrote:
Hi,
One simple and efficient method to distinguish between PEM and DER
encoding
for a CRL or a certificate is to read the first byte : if it's equal to
0x30
Hi,
Is setting X509_STORE_CTX-get_crl to my-call-back-function a right way of
getting a call back to load the crl for the X509 certificate.
Thanks,
Arun
I have an example, detailed below, that specifies permitted and excluded
subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
requests adhering to and violating the name constraints both, even
though the nameConstraints are marked as critical.
Is this OpenSSL misbehaving or did
On Thu, Jun 03, 2010, jeff wrote:
I have an example, detailed below, that specifies permitted and excluded
subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
requests adhering to and violating the name constraints both, even
though the nameConstraints are marked as
That's a long-superseded OpenSSL release from 5 years ago; it's unlikely that
anyone will be able to remember issues building for HP-UX on IA64 with that
release, especially when they're required to guess or mind-read most of what
you're doing and what problem you're seeing.
In another message
On Thu, Jun 03, 2010 at 09:36:56AM -0400, jeff wrote:
I have an example, detailed below, that specifies permitted and excluded
subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
requests adhering to and violating the name constraints both, even
though the nameConstraints
On Thu, Jun 03, 2010, Victor Duchovni wrote:
Generally, OpenSSL does not verify peer names, only the certificate
trust chain, and peername checks are left up to applications. Does
OpenSSL trust chain validation include any checks on name constraints?
OpenSSL 1.0.0 does, sufficient to
On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
I would expect such constraints to only apply when
certificates are being *verified*. There seems to be
little point in preventing a CA from attempting to sign
violating certificates.
Yes I later tried to verify and I still
Hodie III Non. Iun. MMX, Victor Duchovni scripsit:
On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
I would expect such constraints to only apply when
certificates are being *verified*. There seems to be
little point in preventing a CA from attempting to sign
violating
On Thu, Jun 03, 2010 at 09:45:36PM +0200, Erwann ABALEA wrote:
Hodie III Non. Iun. MMX, Victor Duchovni scripsit:
On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
I would expect such constraints to only apply when
certificates are being *verified*. There seems to be
the code below works fine if signed = true.
If signed = false, i2d_CMS_bio_stream seg faults.
I've looked through the code inside CMS_sign and didn't see anything else
obvious that I should call.
any suggestions on what I'm missing for an unsigned CMS?
--
Chris Bare
ch...@bareflix.com
On Thu, Jun 03, 2010, Chris Bare wrote:
the code below works fine if signed = true.
If signed = false, i2d_CMS_bio_stream seg faults.
I've looked through the code inside CMS_sign and didn't see anything else
obvious that I should call.
any suggestions on what I'm missing for an unsigned
On Thu, Jun 03, 2010, Victor Duchovni wrote:
On Thu, Jun 03, 2010 at 09:45:36PM +0200, Erwann ABALEA wrote:
Hodie III Non. Iun. MMX, Victor Duchovni scripsit:
On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
I would expect such constraints to only apply when
On Thu, 2010-06-03 at 13:47 -0400, Victor Duchovni wrote:
Generally, OpenSSL does not verify peer names, only the certificate
trust chain, and peername checks are left up to applications.
Which is a shame... I'm far too stupid to be writing code like
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Wednesday, 02 June, 2010 03:48
Amazingly IE7 on testing likes even CA:false, which is crazy.
What store did the cert get put in? Was it the Trusted Root
Certification Authorities? If you let Windows automatically select
From: owner-openssl-us...@openssl.org On Behalf Of Vieri
Sent: Thursday, 03 June, 2010 06:42
To: openssl-users@openssl.org
Subject: RE: self-signed SSL certificates and trusted root certificate
How does one issue a cert for multiple CN?
Subject alternative name is one possibility. ...
On Fri, Jun 04, 2010 at 01:19:52AM +0100, David Woodhouse wrote:
On Thu, 2010-06-03 at 13:47 -0400, Victor Duchovni wrote:
Generally, OpenSSL does not verify peer names, only the certificate
trust chain, and peername checks are left up to applications.
Which is a shame... I'm far too
Hello,
I have a question about the apache SSL,please help me.
Thanks.(httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi)
Operation:
1、I made a SSL certification files by myself, and start the openssl s_server;
OpenSSL s_server -cert server.pem -key server_nokey.pem -accept -state
-debug
25 matches
Mail list logo