Bonjour,
NID_name correspond to the OID id-at-name. There's no equivalent field
in a certificate that maps to an OID.
The OID id-at-name designs the attribute supertype name, which
shouldn't be present in a certificate, but can nevertheless be present.
Anywhere.
--
Erwann ABALEA
Le
Hello,
I recently implemented a secured communication between two sites in which one
acts as the server and the other as the client. To accomplish this, I used
openssl to generate self-signed CA, Server and Client certificates (the calls
are made using cURL).
It all works beautifully and,
But once I showed my work to people in my company, one of them asked me why
did I choose not to add the client hostname to the Client Certificate, thus
making it usable only by that specific client.
You put to put the client name or ipaddr in the subjectAltName extension field.
Then you'd
Can I safely assume that if I call FIPS_mode_set(0) and get a successful return
value then I don’t need to lock when there are callbacks for type 39 and 40
locks (for OpenSSL 1.0.1 and 1.0.2)?
-Bryan
On Apr 28, 2015, at 10:22 AM, John Foley fol...@cisco.com wrote:
In the context of
Correct. Locks 39/40 are only useful while the POST is running. Once
the POST completes, the POST status never changes again unless the POST
runs again. The only way to run the POST is by invoking
FIPS_mode_set(1). But there should be no reason to invoke
FIPS_mode_set(1) more than once unless
Excellent, this is exactly the kind of information I was looking for.
Thanks very much Viktor for your help
Graeme
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Wednesday, April 29, 2015 1:34 PM
To:
On Wed, Apr 29, 2015 at 03:42:40PM +, Perrow, Graeme wrote:
Apologies for the top-post; Outlook makes it hard to do anything else.
Here is a small C++ reproducible. I am generating a key pair, encrypting
a small string using OAEP and decrypting using PKCS1 and expecting the
decryption
On 29/04/15 21:39, jonetsu wrote:
Hello,
The context is migrating an application to use EVP only methods.
AES_set_encrypt_key(...)
AES_cfb128_encrypt(...)
The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*,
what about the AES_set_encrypt_key() ? I haven't found yet any
Hello,
The context is migrating an application to use EVP only methods.
AES_set_encrypt_key(...)
AES_cfb128_encrypt(...)
The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*,
what about the AES_set_encrypt_key() ? I haven't found yet any
correlation to the EVP methods, let alone an
Thanks for the comments.
If you are implementing HMAC, perhaps for PBKDF2 (which does
that prehash-if-too-long), I hope you mean the code does...
Yes it does.
The man page (the one online from OpenSSL project - SHA256.html)
gives a description using SHA1() which computes a message digest.
This is an excellent explanation in plain English. Thank you!
On Apr 28, 2015, at 4:31 PM, Steve Marquess marqu...@openssl.com wrote:
On 04/28/2015 03:44 PM, Sec_Aficionado wrote:
Hi there,
Total n00b question here. I recently ran across a question on an iOS
forum where someone was
Apologies for the top-post; Outlook makes it hard to do anything else.
Here is a small C++ reproducible. I am generating a key pair, encrypting a
small string using OAEP and decrypting using PKCS1 and expecting the decryption
to fail.
If I run this (on 64-bit Red Hat 6) repeatedly, the program
12 matches
Mail list logo