Hi,
You will have to go through Openssl source code.
Have a look at following files:
1. x509_v3.c (around line 74), You will find the following method:
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
int lastpos)
{
ASN1_OBJECT *obj;
obj=OBJ_nid2obj(nid);
if (obj ==
Thank you All
Samples were very useful.
I could create certificates request using RSA keys.
But how to create request usign using GOST keys?
Best Regards
Vladislav
On 24-07-2012 19:31, Nou Dadoun wrote:
Hey folks,
I recently added a facility to our code base to retrieve a certificate and
private key from a windows certificate store (using the windows crypto api) and
converted it to a form usable by openssl. The certificate part was easy, the
key a
On Wed, Jul 25, 2012, Puneet Khunteta wrote:
Hello,
I am an user of openssl library.
I am seeking for a method to get the Extended Key Usage field from the
X509 certificate .
I will be grateful if you can provide me a sample code in c.
You can retrieve a structure representing any
I would ask two questions:
1) Are you using the distributed source from the CD?
2) Is that particular MIPS platform one of the platforms for which the FIPS
qualifications applies?
If 1), you need to do this (not that it will necessarily solve your problem :)
If not 2), then you'll need to get
In 0.9.8f, pkcs7_output_data just copies the input data to the output
bio without examining it if the PKCS7_STREAM flag is not set:
if (!(flags PKCS7_STREAM))
{
SMIME_crlf_copy(data, out, flags);
return 1;
}
/* Partial sign operation */
/* Initialize
-- I have created my self signed CA (cert.pem) using following openssl commands
1) openssl req -config /etc/openssl.cnf -new -x509 -keyout private.key
-out cert.pem -days 8000 -passin pass:abcd -passout pass:abcd
2) openssl ca -updatedb -config /etc/openssl.cnf -keyfile private.key
-key abcd
1) I do not have the source from the CD yet, that is on the way.
2) I've looked, and I do not see a listing of FIPS qualified platforms. I
am compiling with the following specs:
--gcc version 4.4.3
--cross compile mips-openwrt-linux-uclibc
--arch mips32r2
--tune 24kc
Hi,
You will always have to create a certificate request using your private key.
This certificate request is used to sign and create respective certificate.
Hope this helps.
On Wed, Jul 25, 2012 at 2:14 PM, Saurabh Pandya
er.saurabhpan...@gmail.comwrote:
-- I have created my self signed CA
Hi,
I have a tool which calls RAND_bytes() for a length of 16 bytes while
using the CAPI engine and having set it to be used for all purposes. If
I run it in my Visual Studio Debugger in executes perfectly, but if run
from within a command shell, it hangs on this statement (I localized it
On 7/25/2012 3:01 PM, Florian Rüchel wrote:
Hi,
I have a tool which calls RAND_bytes() for a length of 16 bytes while
using the CAPI engine and having set it to be used for all purposes.
If I run it in my Visual Studio Debugger in executes perfectly, but if
run from within a command shell,
I am using the following command inside a Perl program:
$ /opt/openssl/bin/openssl req -passout stdin /tmp/6I0ZLcltuD \
-config CA-default.org/ca-ssl.conf -out CA-default.org/certs/cacert.pem \
-outform PEM -newkey rsa -x509 -batch -verbose
and get the following response, quote:
Using
On Wed 25/07/12 2:16 PM , Jakob Bohm jb-open...@wisemo.com sent:
On 7/25/2012 3:01 PM, Florian Rüchel wrote:
Hi,
I have a tool which calls RAND_bytes() for a length of 16 bytes while
using the CAPI engine and having set it to be used for all purposes.
If I run it in my Visual Studio
Replying to the DSA inquiry yesterday Nou Dadoun
First thing is RSA certificate has RSA keys and DSA certificate has
Diffie-Hellman (DH) keys. In SSL, Diffie-Hellman is done for key exchange to
create in each end a common shared secret. Thereafter, the channel is secure
using the secret not the
Thanks very much for your clearly laid out and informative note; most of this
matches my intuitive understanding of the differences but having it elucidated
backed with experience is invaluable, thanks again ... N
---
Nou Dadoun
ndad...@teradici.com
604-628-1215
-Original Message-
Thanks Jakob! I received the suggestion of using the CAPI engine from this
list when I initially laid out my problem earlier in the year; unfortunately I
couldn't find any documentation on how to use it let alone tailor its
functionality to my requirements (e.g. selecting certificates based on
Hi,
thanks for your responses. It seems this may actually be a heap
corruption after all, as the following function causes the crash:
`heap_first(hentry,hlist.th32ProcessID,hlist.th32HeapID)` on line 521
with version 1.0.1
I will investigate this further tomorrow and hopefully come up with
Hi All
I just subscribed to this list.
I have some familiarity with openssl having used it to generate self
signed keys for testing secured web applications (on Apache 2.2),
prior to deployment, at which time my colleagues would buy a server
certificate from one of the usual CAs, such as
On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers r.ted.by...@gmail.com wrote:
Hi All
Hi, Ted. I, too, have been looking for something like you have. I am
in the process of creating a Perl program that may be able to help you
(for at least part of your requirements), but I first can point you to
one
On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote:
On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers r.ted.by...@gmail.com wrote:
Hi All
Hi, Ted. I, too, have been looking for something like you have. I am
in the process of creating a Perl program that may be able to help
On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers r.ted.by...@gmail.com wrote:
...
On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote:
...
I will provide the user passwords for the client certs. to my
intermediate helpers via the USPO and the individual client
certificates via
From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
Sent: Wednesday, 25 July, 2012 08:45
You will always have to create a certificate request using your private
key.
True if you're using an external CA, but not if you're doing it yourself.
openssl commandline supports both options:
Thanks Dave for rectifying my reply.
Indeed, I was not precise in my reply.
On Thu, Jul 26, 2012 at 12:06 AM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
Sent: Wednesday, 25 July, 2012 08:45
You will always have to create a
Hi folks,
I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
libssl.so) into my product's build, but still get a fingerprint does not
match
error when I call FIPS_mode_set(1). This is using a validated copy of FIPS 2.0
source and OpenSSL 1.0.1c.
The full error is:
On Wed, Jul 25, 2012 at 4:15 PM, Tom Browder tom.brow...@gmail.com wrote:
On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers r.ted.by...@gmail.com wrote:
On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote:
...
Thanks. Let me know when I can take a look at yor script. I'd also
25 matches
Mail list logo
