Hi,
During SSL handshake with client cert auth, is openssl checking the key usages,
such as digital signature, non-repudiation etc, for the client cert passed in
(to make sure it is a valid client cert)? If it is, where is the code that does
it? I cannot find it in X509_verify_cert().
Thanks,
Are you looking at x,y values or an encoded (external) point?
If the latter, it might be different encoding format, there are 3.
Otherwise, you probably have something wrong, since OpenSSL
successfully interoperates with other EC implementations.
Post details - if you want to keep K
Through 1.0.1, put the CRL in PEM format in CAfile (specified or defaulted)
or in CApath (ditto) named or linked as $hash.r$num (c_rehash can do for
you).
I've never seen a CA distribute PEM so you almost certainly need to convert.
And specify -crl_check or -crl_check_all (see the man page or
Thanks for the response Dave. Would you also know how -Verify option interacts
with the -crl_check_all. This what I gather from the Openssl s_server help
documentation. Is the entire certificate chain checked against CRLs issued by
each intermediate CA in the chain. Would you have a use case
