From: owner-openssl-us...@openssl.org On Behalf Of tho...@koeller.dyndns.org
Sent: Thursday, October 30, 2014 14:50
I have... root_ca.pem ... self-signed ... issued host_ca.pem ...
I would expect the two to form a valid chain. And indeed,
verification succeeds:
... openssl verify -CAfile
On 10/31/2014 03:24 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of tho...@koeller.dyndns.org
Sent: Thursday, October 30, 2014 14:50
I have... root_ca.pem ... self-signed ... issued host_ca.pem ...
I would expect the two to form a valid chain. And indeed,
Hi,
trying to build a valid certificate chain, I came across the following
problem:
I have two certificates. The first one, contained in file root_ca.pem,
is a self-signed root CA, intended to sign intermediate CA's with. The
second
one, contained in host_ca.pem, is such an intermediate CA,
On Thu, Aug 29, 2002, Lutz Jaenicke wrote:
On Thu, Aug 29, 2002 at 09:10:47AM -0400, Shaheed Bacchus wrote:
you are correct, issuer is not self signed (in fact it's
the cert that's provided by default with openssl in the
apps/demoCA dir). so how do i tell the verification
routine
On Wed, Aug 28, 2002 at 11:25:51AM -0400, Shaheed Bacchus wrote:
Shaheed Bacchus wrote:
hi all,
i am having some problems getting certificate verification to
work. i have two certs
X509 *client;
Subject: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=MyTest
Issuer:
On Thu, Aug 29, 2002 at 09:10:47AM -0400, Shaheed Bacchus wrote:
you are correct, issuer is not self signed (in fact it's
the cert that's provided by default with openssl in the
apps/demoCA dir). so how do i tell the verification
routine to not walk further down the tree? ideally i'd
that's the general direction i was slowly moving towards.
i guess one question that i have is since i have to use my
code to do the verification process anyhow, is there any
advantage to even using the X509_verify_cert() call?
thanks once again.
Lutz Jaenicke wrote:
OpenSSL does not support
On Thu, Aug 29, 2002 at 10:21:39AM -0400, Shaheed Bacchus wrote:
that's the general direction i was slowly moving towards.
i guess one question that i have is since i have to use my
code to do the verification process anyhow, is there any
advantage to even using the X509_verify_cert() call?
It would take some extensions to the certificate verification code
to change the behaviour. I don't know how large the interest is
in such an extension.
waves hand
Pick me!
--
Harald Koch [EMAIL PROTECTED]
It takes a child to raze a village.
-Michael T. Fry
Hi, all.
It seems my last e-mail is somehow lost, so I'm resending it.
Please give me some advice. :)
Since my program is not for web site but general client/server communication
program, I'd like to add a client certificate verification from the server
side.
I couldn't find any reference on
10 matches
Mail list logo