On Wed, Nov 13, 2013 at 11:07:19PM -0500, Dave Thompson wrote:
If certs created with openssl commandline (which OP didn't actually say)
you can have both keyid and serial only if the issuance operation specified
keyid[:always],issuer:always which the standard openssl.cnf doesn't.
And in
Hello,
some time now I'm having problems with X509_verify() from
openssl-1.0.0-27.el6_4.2.i686 shipped with latest RHEL 6. The problem is
that a self-signed certificate that I generate and verify on the server
side, fails to verify on the client side after the TLS handshake.
Since this
On Thu, Nov 14, 2013, Dimitrios Apostolou wrote:
some time now I'm having problems with X509_verify() from
openssl-1.0.0-27.el6_4.2.i686 shipped with latest RHEL 6. The
problem is that a self-signed certificate that I generate and verify
on the server side, fails to verify on the client side
On Thu, 14 Nov 2013, Dr. Stephen Henson wrote:
On Thu, Nov 14, 2013, Dimitrios Apostolou wrote:
+ *) Don't reencode certificate when calculating signature: cache and use
+ the original encoding instead. This makes signature verification of
+ some broken encodings work correctly.
Can
On Tue, Nov 5, 2013 at 2:38 AM, rw...@countermail.com wrote:
Hello,
can BitMail.sf.net as a p2p email tool for encrypted Email (and hybrid with
IMAP-Email) be regarded as a reference model for research to create a secure
Email Client? as it uses both, gnupg and openssl!
I have been working through a tutorial that talks about the use of
openssl, creating root, intermediate, and signing CAs. While the
front page mentions RAs, it says nothing about how they fit, as one is
creating CAs, and crts. The only thing that it says is that an RA may
be the same as a CA.
Hi Steve,
Thanks for reply. Do you have idea how CBC ciphers can be disabled?
Regards,
Alok
On Tue, Nov 12, 2013 at 8:23 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS
