Look at openssl-*/apps/x509.c
Arun
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dallas Clement
Sent: Wednesday, June 02, 2010 9:50 AM
To: openssl-users@openssl.org
Subject: printing a certificate
Hi,
Would someone kindly
Hi,
Would someone kindly tutor me on how to print out a certificate
programmatically? I know how to extract the common name, but was just
wondering if there is an API function to just print the whole thing in
human readable form?
X509 *pX509Peer = SSL_get_peer_certificate( pSsl );
if ( pX5
"Dave Thompson" wrote in
message news:ee558ada74ef4896a656a182b39d9...@prinpay.com...
> > From: owner-openssl-us...@openssl.org On
Behalf Of Jamrock
> > Sent: Sunday, 30 May, 2010 06:35
>
> > In the past I have created my certificates as follows:
> > /etc/pki/tls/misc/CA -newca
> >
> > openssl re
Hi All,
Could someone help me understand why there is a function
SSL_CTX_set_client_CA_list() for telling the client which CAs the
server will recognize but no function for telling the server which CAs
the client will recognize? In other words, could you please explain
the asymmetry? It doesn't
> From: owner-openssl-us...@openssl.org On Behalf Of Vieri
> Sent: Tuesday, 01 June, 2010 10:25
> --- On Fri, 5/28/10, Dave Thompson wrote:
> > Are your clients only browsers (IE? FF?) or apps?
>
> I was testing with IE6 but am now trying out FF 3.5.9. I when
> to the advanced config options
Thanks Mark, that was an extremely helpful explanation. When I asked
this question I was hoping to learn if CA certs are self-signed or if
there is some other procedure to authenticate a CA cert as being
legitimate. From your explanation it sounds like all CA certs are
generated by the CA itself
I am starting from a working Axis2c 1.6 / OpenSSL 0.9.8l configuration on
Win 2008 R2 server. I am using a debug build and the Windows CRTDBG flags
to chase a memory leak of 40K per request, and am hoping that an upgrade to
OpenSSL 1.0 will get me out of this spot... I'm so close I can taste it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8o released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8o of our open source
--- On Fri, 5/28/10, Dave Thompson wrote:
> FYI: 'self-sign' in PKI means a *cert* that is signed by
> its own key,
> normally only a CA 'root' cert.
Thank you for clarifying.
> Right. They are, and you want to be, another CA.
Exactly.
> > So I published MY-CA/cacert.der as shown below.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.0a released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.0a of our open source
This should be more widely understood: an application considers a CA
trusted because some human told it so. There is no other way.
The "recognized" CAs are trusted by e.g. your browser because the
maker of the browser decided to trust them and so put them into the
list of trusted CAs that is pac
Sander Temme wrote:
>
>
> On Apr 9, 2010, at 3:02 AM, Götz Reinicke - IT Koordinator wrote:
>
>> [r...@ldap1 ~]# openssl s_client -connect ldap1.filmakademie.de:389
>> -showcerts -CAfile /etc/openldap/CA_falu/CA.pem
>> CONNECTED(0003)
>> 5066:error:140790E5:SSL routines:SSL23_WRITE:ssl ha
12 matches
Mail list logo