Can SSL library be used in Linux kernel mode?
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
What I am trying to achieve is to allow some minor certificate chain validation
errors, e.g. "CRL unavailable", based on my per-session configuration. I am
think of using my verify callback to record the errors.
void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int,
X509_STORE_CTX
I am using the following link ssl to my container structure, so is it possible
to get ssl from x509_ctx in verify_callback?
SSL_set_app_data(ssl, this);
int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
From: Lei Kong <leik...@msn.
Can processes running with TLSv1_2_method talk to processes running with
something older, e.g. TLSv1_1_method? Along the same lines, will new TLS
versions be backward compatible with TLSv1_2_method ?
I would like to make my code proof, is there something like TLS_latest_method()?
I have a
I am using 1.0.2g. CRL checking works fine on my certificate when I download
and save CRL in PEM format locally.
I noticed that “openssl verify” has this option:
-crl_download
Attempt to download CRL information for this certificate.
But it does not work for me. The CRL URL embedded
When validating a certificate issued by an intermediate certificate authority,
I noticed that I need to install both the root and the intermediate CA
certificate locally (with update-ca-certificates on ubuntu 16.04). Verification
fails if only root CA cert is installed (intermediate is not
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_use_certificate.html
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_add_extra_chain_cert.html
The linked documents didn’t say the APIs must be called on *client* side, and
it works fine in my code on both client and server side.
I am under the
ssl-users@openssl.org>
Subject: Re: [openssl-users] Certificate chain validation
On 21/04/2017 03:37, Lei Kong wrote:
>
> When validating a certificate issued by an intermediate certificate
> authority, I noticed that I need to install both the root and the
> intermediate CA certificate
SSL_CTX_load_verify_locations<https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html>.”
From: Lei Kong<mailto:leik...@msn.com>
Sent: Friday, April 21, 2017 2:10 PM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: RE: [openssl-users]