Hi,Can anyone please help me on the below question?Thanks,Ravi.On 8/3/06, ravi shankar [EMAIL PROTECTED]
wrote:Hi,I am new to openssl. How do we tell the SSL client to trust the server certificate in advance using openssl APIs. For example, when we have the trusted root from the webserver, we can
Hello,
Can anyone please help me on the below question?
Thanks,
Ravi.
On 8/3/06, ravi shankar [EMAIL PROTECTED] wrote:
Hi,
I am new to openssl. How do we tell the SSL client to trust
the server certificate in advance using openssl APIs. For
Wouldn't it be sufficient use SSL_CTX_set_verify_locations to point to
the server's certificate itself ?
I thought the verification process would accept the certificate as long
as one of the certificates in the chain is trusted, even if it is the
last one. Or first, depending on how you see
No, I didn't think of using Attribute Certificate not for authentication
per se - but to ascertain certain properties of the authenticated entities.
Your visa example is excellent - it illustrates my point very well.
As for who manages AC - that's a different question, because AT THIS TIME
CA's
Hello,
Wouldn't it be sufficient use SSL_CTX_set_verify_locations to point to
the server's certificate itself ?
I thought the verification process would accept the certificate as long
as one of the certificates in the chain is trusted, even if it is the
last one. Or first, depending on
[I'm not sure if this goes into -users or -dev since the implementation
uses the openssl library, not the command-line tools.]
Can a certificate repository freely convert between PEM and DER formats?
I thought they were simple transcriptions, but I'm not sure since I'm
having problems with a
Can a certificate repository freely convert between PEM and DER formats?
Yes, they are simple transcriptions, so something else is going on.
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL
Can a certificate repository freely convert between PEM and DER formats?
Yes, they are simple transcriptions, so something else is going on.
IIRC the 'trusted' tag on some certs were getting lost when converted back
to PEM. But it's been awhile and could easily have been a problem between
Is it safe to put just SSL_read() and SSL_write() inside the
non-blocking BIO regions and leaving SSL_accept(), SSL_connect(),
SSL_shutdown(), accept(), socket(), bind(), listen(), connect(),
shutdown(), close(), SSL_CTX_new(meth), SSL_new(ctx),
SSL_CTX_free(ctx), etc. in the blocking BIO
Is it safe to put just SSL_read() and SSL_write() inside the
non-blocking BIO regions and leaving SSL_accept(), SSL_connect(),
SSL_shutdown(), accept(), socket(), bind(), listen(), connect(),
shutdown(), close(), SSL_CTX_new(meth), SSL_new(ctx),
SSL_CTX_free(ctx), etc. in the blocking BIO
10 matches
Mail list logo
