> > Verifying that you got the "right certificate" as opposed to a valid
> > certificate is outside the scope of what the SSL layer can do.
> The key issue (pun intended) is possession of the associated private
> key for the identity bound to the public key in the cert. If the
> party posses
--- "Buicliu, Ion VSA:EX" <[EMAIL PROTECTED]>
wrote:
> I am trying to do the following:
> - create a private and public key (self-signed
> certificate)
> - encrypt a file and place on an ftp server
> - the client will pick up the file and decrypt it
> using the PUBLIC key
>
> Here is what I did
David Schwartz wrote:
For example, if you try to connect to 'www.amazon.com' and the resolver
resolvers this to '72.21.206.5', you want to get a certificate for
'www.amazon.com'. A certificate for '72.21.206.5' would not prove to the
user that he reached 'www.amazon.com' because an attac
> Hi,
>
> Does anyone know where in the certificate verification routine that it
> checks the "Common Name" field against the device's interface IP
> address?
You want to check the CN against what the higher-level code intended to
connect to. The SSL library has no idea what the higher-le
Title: File encryption with smime
I am trying to do the following:
- create a private and public key (self-signed certificate)
- encrypt a file and place on an ftp server
- the client will pick up the file and decrypt it using the PUBLIC key
Here is what I did to create the certificate:
On Tue, Aug 15, 2006, Xie Grace Jingru-LJX001 wrote:
> Hi,
>
> Does anyone know where in the certificate verification routine that it
> checks the "Common Name" field against the device's interface IP
> address?
>
> Because the interface ip address may change at run time, it's preferred
> to ha
Hi,
Does anyone know where in the certificate verification routine that it
checks the "Common Name" field against the device's interface IP
address?
Because the interface ip address may change at run time, it's preferred
to have the routine check the CN field against some constant value
instead
On Tue, Aug 15, 2006, [EMAIL PROTECTED] wrote:
> Hi,
>
> this is what I get with
>
> openssl x509 -certopt ext_error -text -noout -in
>
>
> X509v3 Key Usage:
> Digital Signature, Key
Krishna M Singh schrieb:
> Hi
>
> In non-blocking mode, for client we call
> SSL_connect
>
> In case SSL_connect returns -1 with SSL_ERROR_WANT_READ u need to wait
> in Select and once the sock fd is readable, u again need to all
> SSL_connect till the SSL_connect returns success or some other er
Hi,
In the code I am programming, it's required to replace the Common Name
(CN) field at runtime. Does anyone know how to replace one field at
runtime without using Openssl command? Meaning by calling some routing
to change just that one field in a self-signed certificate.
Thanks,
-Grace
On Tue, Aug 15, 2006, [EMAIL PROTECTED] wrote:
> Hi,
>
> this is what I get with
>
> openssl x509 -certopt ext_error -text -noout -in
>
>
> X509v3 Key Usage:
> Digital Signature, Key
Hi,
this is what I get with
openssl x509 -certopt ext_error -text -noout -in
X509v3 Key Usage:
Digital Signature, Key Encipherment
1.3.6.1.4.1.311.21.7:
On Tue, Aug 15, 2006, [EMAIL PROTECTED] wrote:
> Hi,
>
> I have problems displaying a special kind of X509 certificate. X509_print()
> returns without error, but afterwards the error stack contains an error
> 'wrong tag'. The openssl x509 utility has no problems with this
> certificate, neither
13 matches
Mail list logo