Dear Victor,
thanks for your help.
The problem is that I need to understand OpenSSL and its mechanisms and
possibilities in order to find a way to implement the design of the
protocol.
It would be nice if you could help a little bit further still, but I will
understand if you should choose not
On Fri September 25 2009, Michael Prinzinger wrote:
Dear Victor,
thanks for your help.
The problem is that I need to understand OpenSSL and its mechanisms and
possibilities in order to find a way to implement the design of the
protocol.
It would be nice if you could help a little bit
Thank you for your reply.
Maybe we can drill down on the client key exchange message first.
Looking at the rfc I see it should hold:
ECPoint ecdh_Yc;
But for the prime192 curve, I would have expected an uncompressed point
to be only 48 bytes.
The size of the client key exchange message is 66
I have a cert someCA.cer (the root cert) and another, the end-user
cert myenduser.cer in which the issuer is the CA who did
somethingca.cer.
I have both these certs, that's all. when i look at the cert with the
microsoft viewing tool, i see a thumbprint, and a public key and sha1
algorithm type
(OT)
* Dave Thompson wrote on Thu, Sep 24, 2009 at 19:23 -0400:
But 'ca' by default, and thus it appears to me CA.pl
always, also prompt for the CA key passphrase (unless
insecurely clear), and you're not complaining about that.
I think it depends where it is stored if no passphrase is
On 09/23/2009 07:59 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Klaus Heinrich Kiwi
Sent: Wednesday, 23 September, 2009 15:59
I noted that when generating a RSA public key pair using a
non-standard public exponent (particularly, 65538, or 0x01,
0x00,0x02), the
The code below should help you to do what you need. (Assuming that pbCA and
pbEndUserCert pointing to memory locations that your CA and end user certs are
loaded to.) An alternative solution can involve using the function
X509_STORE_load_locations to let OpenSSL load your CA certs for you
On Fri, Sep 25, 2009 at 01:49:25PM +0200, Michael Prinzinger wrote:
Dear Victor,
thanks for your help.
The problem is that I need to understand OpenSSL and its mechanisms and
No you need to understand SSL/TLS in general, and how to make use of
SSL in your protocol. The OpenSSL part will be
Michael Prinzinger:
I wrote a customized check certificate method, that simply compares
the certificate the client offered during the connection build up, to
the certificate we know it should be using. This works fine.
That works so long as you already know the certificate the client should