Hi,
We are implementing multi-layer support for our openssl-based PKI solution
and had the following query:
Currently our PKI solution supports only single layer CA support and we use
SSL_CTX_load_verify_locations API with the CAFile option, meaning that the
service loads the CA certificate from
Ohh .. ok. But I just want the SSL_connect to succeed because I want to
fetch the certificate of an HTTPS website. So after the success of
SSL_connect() function, I would call SSL_get_peer_certificate().
Since I wait until the SSL_connect() function succeeds I wanted to know if
there is a better ap
Hi All,
I use BIO_new_mem_buf and PEM_read_bio_X509 to convert the certificate in
memory buffer to X509 certificate format. Finally the certificate is then
added to the CA store.
If the buffer contains certificate chain like
-BEGIN CERTIFICATE-
... (CA certificate 1) ...
-END CERT
Thanks Steve, I have a follow-up below - just checking I have it straight.
On Mon, Nov 21, 2011 at 10:11 AM, Dr. Stephen Henson wrote:
> On Fri, Nov 18, 2011, Kevin Fowler wrote:
>
>> Let me first say I have read the User Guide and Security Policy
>> repeatedly, as well as the Incore Tutorial, lo
Hello,
SSL session reuse should improve SSL server performance.
It seems that using "openssl s_time" without triggering http request (
meaning - do only 'ssl connect') -
results are OK and reasonable:
[root@### ~]# openssl s_time -connect 172.22.22.181:443 -time 1
No CIPHER specified
Collect
Hello,
SSL session reuse should improve SSL server performance.
It seems that using "openssl s_time" without triggering http request (
meaning - do only 'ssl connect') -
results are OK and reasonable:
[root@### ~]# openssl s_time -connect 172.22.22.181:443 -time 1
No CIPHER specified
Collect