I've made a PATCH to address this issue but may or may not be the correct
way to go about it.
If you sign a digest with a certificate and want to verify this later on,
the current library does not support being able to set the time for
verification in the X509 cert store when verifying the
I have had problems with the C++ compiler for solaris forte developer 6 U2.
Some macros in safestack.h pass in void* and do not cast the values first.
Patch details:
--- ../../../../openssl-orig/crypto/stack/safestack.h Tue Oct 14 20:00:13
2008
+++ safestack.h Tue Dec 2 15:01:48
Hi,
I'm not very familiar with OpenSSL internals, so I'll just state the
case as I see it and refrain from copying the public forum in my
responses. I accept that your suggestion could be correct with respect
to the usage model of safestack in the OpenSSL source, and that my
view of it is
On Mon, Dec 1, 2008 at 8:53 PM, David Schwartz [EMAIL PROTECTED] wrote:
Problem Description:
When a digest has been signed and a response is produced,
the current version of openssl will not verify the contents
correctly if the certificate used to sign the digest has expired.
Solution:
When
On Mon, Dec 1, 2008 at 9:13 PM, Brad Mitchell [EMAIL PROTECTED] wrote:
I don't think there is anything in the openssl (ts) functions to accept
revocation to make this decision anyway.
External daemons do exist, such as (e.g.)
http://www.carillon.ca/tools/pathfinder.php
At the end of the day,
I agree with pretty much all of this. As far as the verification process
goes in openssl, the certificate is verified before the token is I think
which means you will need the date/time at which the digest was signed prior
to validating the token.
Brad
-Original Message-
From: [EMAIL
Hi,
It was noticed that openssl-0.9.8 had performance improvement changes in
RSA blinding code. This improves the handshake performance quite decently,
as per a quick and dirty whitebox test run against that code. I have 2
questions arising out of this work:
(a) Have additional performance
(re-sent with attachments moved onto tarball on server -- apologies
if you receive more than one copy of this mail.)
Folks:
I'm trying to build a native win32 openssl-0.9.8i using cygwin gcc
(this is a kind of cross-compilation). The goal is to build a binary
distribution of the