On 2009.10.19 at 17:40:11 -0400, Victor Duchovni wrote:
On Mon, Oct 19, 2009 at 01:34:38PM -0500, William wrote:
I am looking for the way to read a certificate from disk in C code and
get the hostname (CN) inside that certificate in the C code using the
openssl library.
Sadly, a
On 2009.10.19 at 13:35:32 -0700, John R Pierce wrote:
Matthias G?ntert wrote:
hello guys
is anyone working on a replacement for the text based ca database? It
seems the database functions are defined in apps/ca.c and apps/apps.h,
at least for version 0.9.8k. wouldn't it be nice if we had
On 2009.10.19 at 21:55:09 +0200, Matthias G?ntert wrote:
hello guys
is anyone working on a replacement for the text based ca database? It
There are such projects as XPKI, which use openssl library to generate
certificates and database backend to store them. These projects also
provide nice
A better question is to match a given hostname
against a certificate and determine whether it
obeys the https rules.
There can be multiple hostnames and wild cards.
The code implemented by curl is a complete way to do this.
/PS
Hi,
I want SSL client server communication between OpenSSL Server with Java
Client.
My OpenSSL Server with OpenSSL Client works, Java Server with Java Client
works.
But OpenSSL Server with Java Client fails in SSL_accept().gives
SSL_ERROR_SSL.
I have first created a plain TCP socket, and
Hi,
I want SSL client server communication between OpenSSL Server with Java
Client.
My OpenSSL Server with OpenSSL Client works, Java Server with Java Client
works.
But OpenSSL Server with Java Client fails in SSL_accept().gives
SSL_ERROR_SSL.
I have first created a plain TCP socket, and
Dear All,
I have written a server client application in which im using self
signed ssl certificates .. How can i make sure that only known clients can
connect to my server using ssl connection?
im creating certificates as below
Server Side:
===
Server Side
--
On 2009.10.20 at 10:11:46 +0200, Peter Sylvester wrote:
A better question is to match a given hostname
against a certificate and determine whether it
obeys the https rules.
There can be multiple hostnames and wild cards.
The code implemented by curl is a complete way to do this.
Hmm,
On 2009.10.20 at 16:50:59 +0530, Deepak Mundra wrote:
Dear All,
══ I have written a server client application in which im using self
signed ssl certificates .. How can i make sure that only known clients can
connect to my server using ssl connection?
There is three answers
Have you looked at stunnel with verify options 2 or 3?
Carter
Carter Browne
CBCS
cbro...@cbcs-usa.com
781-721-2890
Deepak Mundra wrote:
Dear All,
I have written a server client application in which im using
self signed ssl certificates .. How can i make sure that only known
Hello.
I am trying to set up an ocsp server.
I have following line:
openssl ocsp -index codesign_intermediate/index.txt -url
http://www.myhost.com:/codesign/ -rsigner root_ca/certs/cacert.crt
-rkey root_ca/private/privkey.pem -CA root_ca/certs/cacert.crt -text
-out
On Tue, Oct 20, 2009, Daniel Marschall wrote:
Hello.
I am trying to set up an ocsp server.
I have following line:
openssl ocsp -index codesign_intermediate/index.txt -url
http://www.myhost.com:/codesign/ -rsigner root_ca/certs/cacert.crt
-rkey root_ca/private/privkey.pem -CA
Hello.
I am trying to set up an ocsp server.
I have following line:
openssl ocsp -index codesign_intermediate/index.txt -url
http://www.myhost.com:/codesign/ -rsigner root_ca/certs/cacert.crt -rkey
root_ca/private/privkey.pem -CA root_ca/certs/cacert.crt -text -out
On Tue, Oct 20, 2009 at 10:11:46AM +0200, Peter Sylvester wrote:
A better question is to match a given hostname
against a certificate and determine whether it
obeys the https rules.
There can be multiple hostnames and wild cards.
The code implemented by curl is a complete way to do this.
It does not support subjectAltName extensions.
SubjectAltName extension is supported since an eternity,
more than 5 years ???
__
OpenSSL Project http://www.openssl.org
User Support Mailing
On Tue, Oct 20, 2009 at 05:46:56PM +0200, Peter Sylvester wrote:
It does not support subjectAltName extensions.
SubjectAltName extension is supported since an eternity,
more than 5 years ???
Oops, sorry, you are right, I failed to notice the code that does this
just above the CN code. So,
I have been trying to generate keys for a ECDSA system that uses a sect163k1 key
pair.
In generating some of the key sets, I notice that the printed length of the keys
differ when using the -text command option. Since openssl is displaying a 163
bits in a byte-wise display, I am trying to figure
Hello Steve.
Dr. Stephen Henson schrieb:
On Tue, Oct 20, 2009, Daniel Marschall wrote:
Hello.
I am trying to set up an ocsp server.
I have following line:
openssl ocsp -index codesign_intermediate/index.txt -url
http://www.myhost.com:/codesign/ -rsigner root_ca/certs/cacert.crt
Hi Doug,
I am trying to figure out where the padding bits
are applied?
...
The two private keys are described in a different
number of bytes. Since the 2nd generated private
key is shown in 20 bytes i.e. 160 bits, is it assumed
that the MS 3 bits are 0?
The public key, also known as the
From: owner-openssl-us...@openssl.org On Behalf Of swapnil kamble
Sent: Tuesday, 20 October, 2009 05:47
(This is almost certainly a -users questions, not -dev.)
I want SSL client server communication between OpenSSL Server
with Java Client.
My
From: owner-openssl-us...@openssl.org Dr. Stephen Henson
Sent: Tuesday, 20 October, 2009 09:15
On Tue, Oct 20, 2009, Daniel Marschall wrote:
18758:error:02006062:system library:bind:Address already in
use:b_sock.c:685:port=''
18758:error:20069075:BIO
Deepak Mundra wrote:
I have written a server client application in which im using self signed
ssl
certificates .. How can i make sure that only known clients can connect to
my
server using ssl connection?
Simply define *precisely* what you mean by known clients and test for
that. If a
22 matches
Mail list logo