On 5/06/2010 12:56 AM, Fares Gianluca wrote:
Hi all,
I’m try to figure out why my X509_REQ signature is always not verified.
I’m using openssl-1.0.0 and gclib.dll provided by gemalto.
It is helpful to actually provide a complete working example rather than just a
subset. However in this case t
On Fri, Jun 04, 2010 at 03:50:21PM -0400, jeff wrote:
> yes it's 0.9.8
> I'll do a test with 1.0 before Monday and i'll let everyone know
The fact that 0.9.8 does NOT support checking name constraints was
mentioned multiple times in this thread. It is not polite to waste
list members' time in thi
The declaration of "EXP-ADH-DES-CBC-SHA" in s3_lib.c (OpenSSL 0.9.6m,
0.9.7m, 0.9.7n, 1.0.0) seems to suggest that this cipher has a 128-bit key
/* Cipher 19 */
{
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
SSL3_CK_ADH_DES_40_CBC_SHA,
SSL_kEDH,
SSL_aNULL,
yes it's 0.98
I'll do a test with 1.0 before Monday and i'll let everyone know
This email contains Morega Systems Inc. Privileged and Confidential information.
__
OpenSSL Project http://www.openss
On Fri, Jun 04, 2010, jeff wrote:
> I tried the following and it created more interesting results.
> It now fails on the good certificate -- the one that matches the
> nameConstraint.
> The error it returns is:
> error 34 at 1 depth lookup:unhandled critical extension
>
Are you using Open
On Fri, Jun 04, 2010 at 01:04:42PM -0400, jeff wrote:
> I tried the following and it created more interesting results.
> It now fails on the good certificate -- the one that matches the
> nameConstraint.
> The error it returns is:
> error 34 at 1 depth lookup:unhandled critical extension
>
I tried the following and it created more interesting results.
It now fails on the good certificate -- the one that matches the
nameConstraint.
The error it returns is:
error 34 at 1 depth lookup:unhandled critical extension
I revised the cnf file to make sure it didn't include the name
c
Hi all,
I¹m try to figure out why my X509_REQ signature is always not verified. I¹m
using openssl-1.0.0 and gclib.dll provided by gemalto.
Here is my code:
// Some declarations are omitted
CK_BYTE data[2][1024];
CK_ATTRIBUTE keyAttr[] = {
{CKA_MODULUS, (void *)data[0], 1024},
On Fri, Jun 04, 2010 at 03:59:56PM +0800, Baizhan wrote:
> Does the latest openssl-1.0.0 package supports TLS V1.2 standard (RFC5246)?
> I have read the standards.txt file which is in the package, but it seems that
> openssl only supports TLS V1.0. Can anybody tell me? Thanks very much.
Was ask
I received a message from Phillip saying
> Are you sure that the PHP side is using PKCS1 padding?
>
> Phillip
The default padding for PHP is OPENSSL_PKCS1_PADDING. Interestingly, if I
specify OPENSSL_NO_PADDING I don't get any encrypted output on the PHP side.
I don't know if that gives any clu
Hi all:
Does the latest openssl-1.0.0 package supports TLS V1.2 standard (RFC5246)? I
have read the standards.txt file which is in the package, but it seems that
openssl only supports TLS V1.0. Can anybody tell me? Thanks very much.
Best regards.
Baizhan
2010-06-04
Baizhan
On Fri, Jun 04, 2010, Peter Sylvester wrote:
> On 06/03/2010 06:11 PM, Dr. Stephen Henson wrote:
>> On Thu, Jun 03, 2010, jeff wrote:
>>
>>
>>> I have an example, detailed below, that specifies permitted and excluded
>>> subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
On 06/03/2010 06:11 PM, Dr. Stephen Henson wrote:
On Thu, Jun 03, 2010, jeff wrote:
I have an example, detailed below, that specifies permitted and excluded
subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
requests adhering to and violating the name constraints both,
On Fri, Jun 04, 2010, grarpamp wrote:
>
> How can I verify and test that a given openssl binary
> installation supports zlib compression?
> Can I simply [un]compress a file with openssl and
> do the reverse with gzip as a command line test?
> s_client and s_server?
>
The OpenSSL use of zlib is
On Fri, Jun 04, 2010, grarpamp wrote:
> Hello.
>
> How can I verify and test that a given openssl binary
> installation supports zlib compression?
> Can I simply [un]compress a file with openssl and
> do the reverse with gzip as a command line test?
> s_client and s_server?
>
The OpenSSL use of
On Thu, Jun 03, 2010, jeff wrote:
> I will try to include complete attachments with examples.
>
> In the mean time I had to say that I was also told (aside from the one
> of the replies on this thread) that the enforcement of the constraints
> would be at the time of verification.
> Therefore I t
Hello.
Sorry for my english.
I'm trying to create certificate signed of my CA.
I'm using openssl-1.0.0
I created my CA by command:
# openssl req -new -x509 -nodes -newkey gost2001 -pkeyopt paramset:XA
-keyout private/cacert.key -out private/cacert.pem -days 3650
Also I created request and priva
I would expect such constraints to only apply when
certificates are
being *verified*. There seems to be little point in preventing
a CA
from attempting to sign violating certificates.
Yes I later tried to "verify" and I still got no
I will try to include complete attachments with examples.
In the mean time I had to say that I was also told (aside from the one
of the replies on this thread) that the enforcement of the constraints
would be at the time of verification.
Therefore I took the following steps to "verify" the produce
19 matches
Mail list logo
