The only certificates that must be sent are the server identification
and the certs up to (but not including) the trust anchor. (Since the
client already has the trust anchor, it will verify against its local
copy of the root CA, not the copy of the root CA that came from the
connection.)
Hi,
This question might be slightly silly and out of place but this
conversation brought it up to me. I don't remember seeing the answer...
Is it possible to send several chains, each rooted by a different CA ?
And then let the client determine if he trusts one of those CAs.
Cheers,
-
Thanks Nils and Andrew for the replies.
-JBOn 2/27/06, Nils Larsch [EMAIL PROTECTED] wrote:
Jagannadha Bhattu G wrote: Hi, Can I call SSL_library_init multiple times in my code under different threads?as SSL_library_init() initializes global tables it should onlybe called from one thread a time
Actually, there's a paper that was pointed out to me not too long ago
(by Philipp Gühring of CAcert.org) -- it /should/ be possible, however
there's a severe lack of support in the current implementations.
http://www.dfn-pca.de/bibliothek/reports/pki-linking/report-linking-final-1.0.2.pdf
Hello guys,
I'm started to dig into mobile PKI and have stated, what openssl does not
support WTLS / x9.68 standards. Don't want to invent another one bicycle, so
can somebody point me to any available solution to generate WTLS or (better)
x9.68 certificate?
Thanks in advance.
Regards,
Dmitrij
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think that part of the difficulty here is the words used. Our
experience in other areas is overwhelmingly in favor of serial number
being a sample from a counter that starts at 0 or 1 and is incremented by
1 every time it's consulted. So we see a
The first sentence of the explanation below
seems to infer that its ok to call ssl_library_init() from each thread that
might want to access the SSL library.
I dont think thats what was
intended.
I think the last sentence is more accurate
if you have a multi-threaded application,
Bonjour,
Hodie pr. Kal. Mar. MMVI est, Mark H. Wood scripsit:
I think that part of the difficulty here is the words used. Our
experience in other areas is overwhelmingly in favor of serial number
being a sample from a counter that starts at 0 or 1 and is incremented by
1 every time it's
I am upgrading from 0.9.7a to 0.9.7i on fedora 3 core with apache 1.3.33. The
make process was successful but I have a few questions before I run make
install.
Will there be any concerns with installing openSSL 0.9.7i on Fedora 3 with a
current installation of 0.9.7a using Apache 1.3.33. Will I
Hello,
I just wanted to point out that in the bio.h header file there is a define
called __attribute__ in version openssl-0.9.8a that conficts with a similiar
define in the apr.h header file that is in the newest apache httpd server
(httpd-2.2.0). To compile apache, I edit bio.h to comment
Hey guys,
I've tried a precompiled windows version of 0.9.7.c openssl and it was
lacking symbols for these 3 fnc :
ERR_print_errors_fp
BIO_new_socket
OPENSSL_add_all_algorithms_noconf (or conf)
Then I've decided on compiling my own version using mingw... which worked.
But it's still lacking
This brings up a really interesting point.
What is the appropriate separation of functions? What can I presume
is in each library? (eay32 is crypto stuff. ssl32 should be the BIO
and SSL session management stuff?)
-Kyle H
On 2/28/06, Chandi Bernier [EMAIL PROTECTED] wrote:
Hey guys,
I've
On Tue, Feb 28, 2006, Kyle Hamilton wrote:
This brings up a really interesting point.
What is the appropriate separation of functions? What can I presume
is in each library? (eay32 is crypto stuff. ssl32 should be the BIO
and SSL session management stuff?)
libssl or its equivalent is
Hi
My application written (in cpp) using openssl 0.9.7e is having some memory
leaks. I try the standard way to find the memory leak using
//In the Beginning
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
//In the End
Hi All,
I have a quick question.
How can I get To-Be-Signed portion of certificate with openssl api ?
In case of using JDK, X509Certificat class and getTBSCertificate() method
seem to be available for the same purpose.
I'm not familiar with the openssl api, and I couldn't find the appropriate
You're looking for X.509 encoding of the CSR. Thus, you'd be looking
at the X509_* series of functions.
Since it's a request, the subset of functions would be X509_REQ_*. To
decode it, you want d2i_X509_REQ_{bio|fp}().
I have to doublecheck the functions that can be used to get info out
of it,
16 matches
Mail list logo
