Re: bug in PKCS7_free ?

2005-07-28 Thread Nils Larsch
Tan Eng Ten wrote: This is another example of the problem I highlighted a few days ago. You need to be very careful with which getter methods return a new instance (or inc the ref count), and which ones do not. Definitely not a bug but a matter of consistency. it's certainly a bug but it

Re: bug in PKCS7_free ?

2005-07-28 Thread Dr. Stephen Henson
On Thu, Jul 28, 2005, Nils Larsch wrote: Tan Eng Ten wrote: This is another example of the problem I highlighted a few days ago. You need to be very careful with which getter methods return a new instance (or inc the ref count), and which ones do not. Definitely not a bug but a matter of

Re: PKI interoperability

2005-07-28 Thread Bernhard Froehlich
Prashant Sodhiya wrote: Hi All, Is there any way we can test the interoperability of SSL certificates with any third party vendor's certificate. Yes. Depending on wether you want to test another server's certificate or the use of client certs you can use openssl s_client or openssl

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Thanks for replying. From: Dr. Stephen Henson [EMAIL PROTECTED] I looked at this some time ago so this may not be up to date... There wasn't anything special about an authenticode certificate provided you didn't set the extensions to specifically exclude the usages. So a vanilla CA and EE

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread Dr. Stephen Henson
On Thu, Jul 28, 2005, Dr. Stephen Henson wrote: On Thu, Jul 28, 2005, coco coco wrote: Ok, sounds simple enough, so I create a root CA with openssl, then sign a certificate for a fictitious user, which use that to sign an Office VBA (just some dummy stuff, doing nothing).

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Just found a link which may help: http://www.thawte.com/support/code/msauth.html#timestamp Thanks a lot. Sorry to sound like a dumbass, but how do I put that information into the certificate when I signed it? :) I mean, how do I specify the URL of the tsa, which extension to use ? If

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread Dr. Stephen Henson
On Thu, Jul 28, 2005, coco coco wrote: The problem is with signing Office macro, which has to use the stupid macro editor to do. And there is no place to insert an option for timestamping. All the information I get is that the editor will do it automatically, and somehow, that info for

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Hmmm, I don't have access to the relevant tools for that. Do you have a sample signed macro or certificate that includes this information? hehe, I don't, that's why I can't figure out what to put in there. I tried different extensions, looked up all the stuff I can use in x509v3, to no