Hello openssl-users,
We have two different keypairs such as signature keypair and encryption
keypair on our device. Hence, two different certificates (signature and
encryption) were issued by CA server.
Query :
To perform openssl handshake, which key do we need to read?
Is it Encryption private
2013/5/1 Rajeswari K raji.kotamr...@gmail.com
Hello openssl-users,
We have two different keypairs such as signature keypair and encryption
keypair on our device. Hence, two different certificates (signature and
encryption) were issued by CA server.
Query :
To perform openssl handshake,
It should not be surprising that both keypairs worked. Unless you're doing
mutual authentication, the SSL server will never see the client certificate,
and so it will not be able to see the keyUsage attribute, or the
extendedKeyUsage attribute. Those two attributes specify how a keypair is
On 5/1/2013 6:46 PM, Salz, Rich wrote:
It should not be surprising that both keypairs worked. Unless you’re
doing mutual authentication, the SSL server will never see the client
certificate, and so it will not be able to see the keyUsage attribute,
or the extendedKeyUsage attribute. Those two
Hi,
We have a legacy application using engine_pkcs11 on debian sarge (with openssl
0.9.8h).
I would like to move to openssl 1.0.0.e, but we require pkcs11 support.
I have taken engine_pkcs11 and libp11 from the opens project repositories.
When I try (e.g.):
openssl dgst -engine pkcs11 -keyform
I have a self-signed certificate (new.crt) that I want to sign with the x509
app and the keypair that is in ca.pem.
I can send those files if desired; if sent as attachments the openssl.org
server complains.
In an older openssl, what I expect happens:
; openssl version
OpenSSL 0.9.8k 25 Mar
From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich
Sent: Wednesday, 01 May, 2013 15:11
To: openssl-users@openssl.org; r...@openssl.org
I have a self-signed certificate (new.crt) that I want to sign
with the x509 app and the keypair that is in ca.pem.
snip
With the latest, it looks
Your suspicion in that old thread was right. Adding this fixed it:
--- //projects/shared/openssl-6.101.5.1/akamai/openssl/apps/x509.c
2013-03-01 23:14:34.0
+++ /home/rsalz/p4/misc/openssl/apps/x509.c 2013-03-01 23:14:34.0
@@ -1217,6 +1217,7 @@
Hi,
Acutally I added ECC chiper suitesupport for the openssl 1.0.1c version
for my requirement ,
I tried setting these options in 1.0.1c (SSL_OP_NO_TLSv1_1|SSL_OP_NO_**T
LSv1|SSL_OP_NO_SSLv3|SSL_OP_**NO_SSLv2) .
but did not work ..
Is it not possible to set this in 1.0.1c .?
Content Type:
