Hi,
I am trying to install openSSL-0.9.8h to the Unix System Services on a System z
Machine. The System version is 1.7.
I am facing serious problems when executing the Configure. I am executing the
following command:
./Configure --install-prefix=/u/user/root/usr OS390-Unix
and this leads
Hello,
I am developing an application which also has some CA functions. The
application knows the public key, KpC, of a client which has a priori proven
to this app the possession of KpC through an out-of-band mean. Therefore,
when the application calls the CA functionality to generate the
Good to hear it worked out okay. Had not anticipated the symbol
collision, so I am really glad you found is was due to that.
Take care and good luck,
Ger
On Mon, Aug 18, 2008 at 6:49 AM, Ambarish Mitra
[EMAIL PROTECTED] wrote:
(Top-posting since this mail is not a direct reply)
Hi Ger,
Hi,
I couldnt get a documentation for ASN1_INTEGER_set(). Just want to
know the significance of the second argument of this function. What is the
difference when I provide 0 and PKCS12_DEFAULT_ITER for it?
Thanks and Regards
-Sanjith
Hi,
I can set a certificate version using function X509_set_version().
Can some one give me a reference to different certificate versions that are
available and the significance of each version number.
-Thanks and Regards,
-Sanjith.
Silviu Vlascaenu wrote:
I am developing an application which also has some CA functions.
The application knows the public key, KpC, of a client which has
a priori proven to this app the possession of KpC through an
out-of-band mean. Therefore, when the application calls the CA
functionality
X.509 refers to the certificate version. 0 == version 1, 1 == version
2, 2 == version 3.
Version 1 certificates have no means for any extensions.
Version 2 certificates are CRLs.
Version 3 certificates are the current norm, and most likely what you want.
The best reference currently is RFC5280,
To reformulate,
Is there a way to generate a certificate without a proof of possession?
Thanks.
2008/8/18 Silviu VLASCEANU [EMAIL PROTECTED]
Hello,
I am developing an application which also has some CA functions. The
application knows the public key, KpC, of a client which has a priori
Hodie XIV Kal. Sep. MMVIII est, Kyle Hamilton scripsit:
X.509 refers to the certificate version. 0 == version 1, 1 == version
2, 2 == version 3.
Version 1 certificates have no means for any extensions.
Version 2 certificates are CRLs.
?
Version 2 certificates have issuerUniqueIdentifier
Silviu Vlasceanu wrote:
To reformulate,
Is there a way to generate a certificate without a proof of possession?
Thanks.
Absolutely. Just stuff all the fields that you want into the certificate and
sign it. Simply take the fields from wherever you have them rather than from
the CSR.
You
--- On Fri, 8/15/08, Ger Hobbelt [EMAIL PROTECTED] wrote:
Ahh... This brings back memories... I had to do the same
'selective compilation' back before 2000 when the USA would
prohibit cipher export at 128 bit and beyond unless you had a
specific license.
Ger,
Many thanks for taking the
Thanks for your answer, David. Let me explain some more of my problem.
The reason for not wanting to make a usual CSR is that my client is not
able to send the CSR to the server (CA) app. In fact, I am extending an
existing communication protocol, where I keep the already defined message
types
Hi All
I have been using this API to dump in my statistics logs whether the
SSL session is reused or not in a windows openSSL based client.
Everything was good till i was using 9.7e. The session reuse works
fine and the logs were correctly showing session reused as 1 and
sniffer traces
Silviu VLASCEANU wrote:
Hello,
I am developing an application which also has some CA functions. The
application knows the public key, KpC, of a client which has a priori
proven to this app the possession of KpC through an out-of-band mean.
Therefore, when the application calls the CA
What you're saying is this:
1) You know who the principal is (and therefore the CN to stick into
your certificate), due to your pre-existing protocol.
2) You know what the public key is, also due to your pre-existing protocol.
3) You've already verified the proof of possession of the private key
The only thing that I need is to certify the public key of
the client by the server, therefore the common name and
related infos are not used and have no meaning in this
context. Moreover, the certification chain is local/private,
so it does not involve interactions with external (public)
Well, I got this working, although I there are several things that
don't seem to work they way they should. Short summary: Must use
perl function private_encrypt() instead of sign(), even though, to
generate the same signature, the command-line tool must use -sign.
Must use the SHA1
17 matches
Mail list logo
