Hello.
How can I verify and test that a given openssl binary
installation supports zlib compression?
Can I simply [un]compress a file with openssl and
do the reverse with gzip as a command line test?
s_client and s_server?
Are the zlib and zlib-dynamic options intended to be
exclusive?
Or is zlib
Hello,
I have a question about the apache SSL,please help me.
Thanks.(httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi)
Operation:
1、I made a SSL certification files by myself, and start the openssl s_server;
OpenSSL> s_server -cert server.pem -key server_nokey.pem -accept -state
-debug
On Fri, Jun 04, 2010 at 01:19:52AM +0100, David Woodhouse wrote:
> On Thu, 2010-06-03 at 13:47 -0400, Victor Duchovni wrote:
> > Generally, OpenSSL does not verify peer names, only the certificate
> > trust chain, and peername checks are left up to applications.
>
> Which is a shame... I'm far to
> From: owner-openssl-us...@openssl.org On Behalf Of Vieri
> Sent: Thursday, 03 June, 2010 06:42
> To: openssl-users@openssl.org
> Subject: RE: self-signed SSL certificates and trusted root certificate
> > > How does one issue a cert for multiple CN?
> > Subject alternative name is one possibilit
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Wednesday, 02 June, 2010 03:48
> > Amazingly IE7 on testing likes even CA:false, which is crazy.
> What store did the cert get put in? Was it the Trusted Root
> Certification Authorities? If you let Windows automatically s
On Thu, 2010-06-03 at 13:47 -0400, Victor Duchovni wrote:
> Generally, OpenSSL does not verify peer names, only the certificate
> trust chain, and peername checks are left up to applications.
Which is a shame... I'm far too stupid to be writing code like
http://git.infradead.org/users/dwmw2/openco
On Thu, Jun 03, 2010, Victor Duchovni wrote:
> On Thu, Jun 03, 2010 at 09:45:36PM +0200, Erwann ABALEA wrote:
>
> > Hodie III Non. Iun. MMX, Victor Duchovni scripsit:
> > > On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
> > >
> > > > > I would expect such constraints to only apply when
On Thu, Jun 03, 2010, Chris Bare wrote:
> the code below works fine if signed = true.
> If signed = false, i2d_CMS_bio_stream seg faults.
> I've looked through the code inside CMS_sign and didn't see anything else
> obvious that I should call.
>
> any suggestions on what I'm missing for an unsign
the code below works fine if signed = true.
If signed = false, i2d_CMS_bio_stream seg faults.
I've looked through the code inside CMS_sign and didn't see anything else
obvious that I should call.
any suggestions on what I'm missing for an unsigned CMS?
--
Chris Bare
ch...@bareflix.com
___
On Thu, Jun 03, 2010 at 09:45:36PM +0200, Erwann ABALEA wrote:
> Hodie III Non. Iun. MMX, Victor Duchovni scripsit:
> > On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
> >
> > > > I would expect such constraints to only apply when
> > > > certificates are being *verified*. There seems t
Hodie III Non. Iun. MMX, Victor Duchovni scripsit:
> On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
>
> > > I would expect such constraints to only apply when
> > > certificates are being *verified*. There seems to be
> > > little point in preventing a CA from attempting to sign
> > >
On Thu, Jun 03, 2010 at 02:32:10PM -0400, jeff wrote:
> > I would expect such constraints to only apply when
> > certificates are being *verified*. There seems to be
> > little point in preventing a CA from attempting to sign
> > violating certificates.
>
> Yes I later tried to "verify" and
On Thu, Jun 03, 2010, Victor Duchovni wrote:
>
> Generally, OpenSSL does not verify peer names, only the certificate
> trust chain, and peername checks are left up to applications. Does
> OpenSSL trust chain validation include any checks on name constraints?
>
OpenSSL 1.0.0 does, sufficient to
On Thu, Jun 03, 2010 at 09:36:56AM -0400, jeff wrote:
> I have an example, detailed below, that specifies permitted and excluded
> subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
> requests adhering to and violating the name constraints both, even
> though the nameConstrai
That's a long-superseded OpenSSL release from 5 years ago; it's unlikely that
anyone will be able to remember issues building for HP-UX on IA64 with that
release, especially when they're required to guess or mind-read most of what
you're doing and what problem you're seeing.
In another message
On Thu, Jun 03, 2010, jeff wrote:
> I have an example, detailed below, that specifies permitted and excluded
> subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
> requests adhering to and violating the name constraints both, even
> though the nameConstraints are marked as cr
I have an example, detailed below, that specifies permitted and excluded
subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
requests adhering to and violating the name constraints both, even
though the nameConstraints are marked as critical.
Is this OpenSSL misbehaving or did
Hi,
Is setting X509_STORE_CTX->get_crl to my-call-back-function a right way of
getting a call back to load the crl for the X509 certificate.
Thanks,
Arun
Thanks!
On Thu, Jun 3, 2010 at 4:54 PM, Dr. Stephen Henson wrote:
> On Thu, Jun 03, 2010, Mounir IDRASSI wrote:
>
> > Hi,
> >
> > One simple and efficient method to distinguish between PEM and DER
> encoding
> > for a CRL or a certificate is to read the first byte : if it's equal to
> > 0x30 then
On Thu, Jun 03, 2010, Mounir IDRASSI wrote:
> Hi,
>
> One simple and efficient method to distinguish between PEM and DER encoding
> for a CRL or a certificate is to read the first byte : if it's equal to
> 0x30 then this DER (this is the start of an ASN.1 Sequence) , otherwise it
> is PEM encod
--- On Wed, 6/2/10, Eisenacher, Patrick wrote:
> > -Original Message-
> > From: Vieri
> >
> > --- On Tue, 6/1/10, Dave Thompson wrote:
> >
> > > CN doesn't need to be hostname or domainname for
> a CA
> > > cert.
> > > Technically not required on entity cert either,
> but on WWW
> > > m
Hi,
One simple and efficient method to distinguish between PEM and DER
encoding for a CRL or a certificate is to read the first byte : if it's
equal to 0x30 then this DER (this is the start of an ASN.1 Sequence) ,
otherwise it is PEM encoded.
This works ONLY if you are sure that the given file
Hi,
Given a CRL file, how to detect its format. whether it is in PEM encoded
format or ASN1.
Thanks,
Arun
Extra -DXXX does not heart the preprocessor :-)
This OpenSSL 0.9.8
-Original Message-
From: William A. Rowe Jr. [mailto:wr...@rowe-clan.net]
Sent: June 2, 2010 5:11 PM
To: Alona Rossen
Cc: openssl-users@openssl.org
Subject: Re: unable to build dynamic library on HP-UX RISC and Itanium
This is a suggested configuration. -D stands for preprocessor "define".
/home/sambuild/OpenSSL> ./config -h
Usage: config [options]
-d Add a debug- prefix to machine choice.
-t Test mode, do not run the Configure perl script.
-h This help.
Any other text will be passed to the Confi
25 matches
Mail list logo