Hi,
I want to get profiling information about my applications, but if my
application contain openssl functions, then I cannot get profiling
information. The gprof (software for profile applications) get 0
miliseconds for all functions that I have made and they use openssl
functions.
I use g++,
The servername and srp authentication are supported by
http://www.edelweb.fr/EdelKey/
I am interested in adding extensions support for tls protocol. It seems
that OpenSSL does not support it yet. So, if anyone has done something
on this, can I join in and offer some efforts?
How do I portably generate a random salt within a C program for use in
PKCS#5 v2.0 key derivation?
I find that just calling RAND_bytes() works OK on Win32 using 0.9.6 and
later, but not with 0.9.5. I can fix it by calling RAND_screen()
first. Is this OK? Do I also need to call RAND_screen()
i can verify a certificate against a root certificate, with
openssl verify -CAfile root.ca rsacert.pem
but how do i know that the certificate i try to verify has not been
revoked?
JonB
__
OpenSSL Project
You can't tell if it has been revoked. That's why they are 'trusted roots'. If you
think your root ca has been compromised, that is when you usually hit the big red
panic button and shut down the shop.
-Original Message-
From: Jon Bendtsen [mailto:[EMAIL PROTECTED]
Sent: Tuesday,
Den 21. sep 2004, kl. 15:43, skrev Lee Baydush:
You can't tell if it has been revoked. That's why they are 'trusted
roots'. If you think your root ca has been compromised, that is when
you usually hit the big red panic button and shut down the shop.
no no, it's not the root ca that has been
Hi all !
I must encapsulate OpenSSL to make a simple SSL API. Have you some
propositions to do ?
I think to propose few functions like :
- Init(peer_type) /* client or server */
- Configure(arg, value) /*
port, address, SSL version ...*/
- Read()
- Write()
- Close()
-
Jon Bendtsen wrote:
i can verify a certificate against a root certificate, with
openssl verify -CAfile root.ca rsacert.pem
but how do i know that the certificate i try to verify has not been
revoked?
At the risk of seeming to oversimply a VERY complicated issue:
1. You have been downloading
ok. You get the CDP from the certificate, load the CRL from the CDP, verify the CRL
against the root cert. to verify that the signature matches, it has not expired, etc.
, then see if the cert's number is in the CRL. Check out the book 'OpenSSL' by
O'Reilly. It walks you through all that, or
Do you mean the book
Network Security with OpenSSL
Cryptography for Secure Communications
ByJohnViega,
MattMessier,
PravirChandra
June 2002
ISBN: 0-596-00270-X
or is there another SSL book by O'Reilly?
Network Security with OpenSSL
is NOT an optional read if you work with this
As far as I see in msdn, the code
0x800b010f
seems to indicate that the common name in the server cert is not
identical to the hostname
I'd recommen to have something like the folloiung in your config file
for your server
extensions = x509v3
[ x509v3 ]
subjectAltName =
11 matches
Mail list logo