Hello all,
I build a ssl server with client authentication ( I use openssl 0.9.8d)
I wanted to know why I have the error no certificate returned when the client
certificat is revoked and not a more explicit one.
I decided to compile the openssl code to check where my pb is :
in s3_srvr.c , I
Thank you Steve ..
I try to perform the test with s_server but I believe it does not handle CRL
file ( no option for this apparently) :(
Thank you Dr. Henson for the answer ..
I feel more ensured ... :)
I achieved to go a little bit further in my test now after having put the
right
On Wed, May 16, 2007, [EMAIL PROTECTED] wrote:
Thank you Steve ..
I try to perform the test with s_server but I believe it does not handle CRL
file ( no option for this apparently) :(
In OpenSSL 0.9.8 and later at least you set the -crl_check option or
-crl_check_all. The certificates
On 2007.05.16 at 13:30:12 +0200, Dr. Stephen Henson wrote:
In OpenSSL 0.9.8 and later at least you set the -crl_check option or
-crl_check_all. The certificates and CRL(s) for verification can be supplied
in a single file using -CAfile or a directory using -CApath.
But it is still
Just to be sure...
I have a crl file called crl.pem and a CA file called trustees.pem
To perform crl check with s_server, do I have to create a new file cacrlfile.pem
which is the concatenation of trustees.pem and crl.pem file.
and launch the following command:
openssl s_server -accept 7770 -cert
On Wed, May 16, 2007, [EMAIL PROTECTED] wrote:
Just to be sure...
I have a crl file called crl.pem and a CA file called trustees.pem
To perform crl check with s_server, do I have to create a new file
cacrlfile.pem
which is the concatenation of trustees.pem and crl.pem file.
and launch
Thank you for your response.
Actually I use the default verify_callback function (NULL)
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
By default it does not take into account possible errors coming from client
certificate?
Does it mean it is compulsary to call a verify_call_back function ?
On Tue, May 15, 2007, [EMAIL PROTECTED] wrote:
Thank you for your response.
Actually I use the default verify_callback function (NULL)
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
By default it does not take into account possible errors coming from client
certificate?
Does it mean it
Thank you Dr. Henson for the answer ..
I feel more ensured ... :)
I achieved to go a little bit further in my test now after having put the right
certificate in client side.
I am quite suprised by the behaviour of my server since when the client
certificate belongs to the CRL list handled by my
On Tue, May 15, 2007, [EMAIL PROTECTED] wrote:
Thank you Dr. Henson for the answer ..
I feel more ensured ... :)
I achieved to go a little bit further in my test now after having put the
right
certificate in client side.
I am quite suprised by the behaviour of my server since when the
Hello everybody,
I try to build a SSL server which performs client authentication and CRL
management.
To manage this:
First, with X509_STORE_add_cert, I add the certificate coming from
trustees.pem file to verify the client certificate
Then I read the CRL file and get the corresponding
On Mon, May 14, 2007, [EMAIL PROTECTED] wrote:
Hello everybody,
I try to build a SSL server which performs client authentication and CRL
management.
To manage this:
First, with X509_STORE_add_cert, I add the certificate coming from
trustees.pem file to verify the client certificate
12 matches
Mail list logo