On 05/18/2012 06:03 AM, kthiru...@inautix.co.in wrote:
Team,
Had a query in the certs that we load,
The CA's provide our certs in .p12 format, which we need to convert to a .pem and load to SSL
structure during initialization.
On converting to .pem, it is in the following format, Private
I am getting the same problem (various SSL errors after a successful
negotiation) with an SMTP server I've written in Ruby, and I'm stuck
with it
I've resorted to tracing through the Postfix SSL/TLS code to see how
they handle it, and it looks like they just keep retrying the
operation until its
Gentle people,
I am encoding some extra fields in the request (and the signed cert). And have
two related puzzels:
1) I had naively expected below construct to create a single sequence of
two object/integers under a single object:
# openssl.cnf snippet.
On Thu, May 17, 2012, Greg Wittmeyer wrote:
Hello all, hope someone can help.
I upgraded from 1.0.0d to 1.0.1c and immediately started getting this error:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
It's a known issue. The latest snapshots could fix it, or apply
Hi Experts,
First time I am using AES-GCM mode to run the NIST test vectors. The API is:
void AES_gcm128_encrypt(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len)
After initialization and encryption, my cipher text matched the one
David:
This is just a quick and dirty superficial guess, but are you copying from
the correct place in memory? I.e., is the value of: ctx.Xi.c, a pointer to
the address that holds the first byte of the tag? If you do a byte-wise
dump of the entire structure and then do visual pattern matching for
On Fri, May 18, 2012, Li, David wrote:
Hi Experts,
First time I am using AES-GCM mode to run the NIST test vectors. The API is:
void AES_gcm128_encrypt(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len)
After initialization
Hey Crypto guys,
I have a basic questions regarding Certificate validation. Basically in a
Server Authentication a TLS client should validate the CN/SN with Host
portion of the ACS.URL. If it matches then handshake will succeed else will
fail. Am I right ?
e.g.
if Host.Url=x.x.x.x then CN (in
Thanks Dave for explanation.
One doubt regarding sentence If a subjectAltName extension of type dNSName
is present, that MUST
be used as the identity(RFC 2818)
What does this line means ?
Does it says if a certificate have different CN in issuer subject field
but SubAltname: x.x.x.x which
