To make this more clear, I simply have an X509 and want to programmatically
create a OSCP request to check status for the cert.
There are no examples other than openssl commands, I have a program on a
device and
need to programmatically check x509 periodically.
Thanks in advance.
--
View
There are no examples other than openssl commands, I have a program on a
device and need to programmatically check x509 periodically.
That is generally true of most openssl-based applications
You'll have to start by reading and learning apps/ocsp.c
/r$
--
Principal Security
On Tue, Jul 16, 2013, redpath wrote:
To make this more clear, I simply have an X509 and want to programmatically
create a OSCP request to check status for the cert.
You also need the CA certificate as the hash of the CA public key is
needed.
There are no examples other than openssl
I was able to piece together a test application (enclosed below) which loads
an x509 file and performs
an OSCP request programmatically. I created a server to dump what is written
at the port.
The result is shown below.
POST
[ /][Content-Type:application/ocsp-request]
[Content-Length:113]
Hi,
I am using openssl OCSP utility as OCSP Responder in linux platform. Once
OCSP Responder receives OCSP Request it will send OCSP Response and
terminate the TCP connection by sending FIN for TCP Connection. Why OCSP
responder trying to close the connection? Is there any way by whcih OCSP
Hi All,
I'm trying to run OpenSSL through Clang's scan-build
(http://clang-analyzer.llvm.org/scan-build.html). According to the
page, I should be configuring and building a debug configuration (both
through scan-build).
Does OpenSSL supply a 'generic' debug configuration? Or should I use
Ben
i have a custom extension with test oid 1.2.3.4.5. I try to extract the oid
data in the following manner:
int custom_nid=OBJ_create(1.2.3.4.5,sampleAlias,sample);
int custom_idx=X509_get_ext_by_NID(cert,custom_nid,-1);
X509_EXTENSION
On 15 Jul 2013, at 4:24 PM, jimits10 wrote:
i have a custom extension with test oid 1.2.3.4.5. I try to extract the oid
data in the following manner:
[]
On investigating i found that ASN1 String was encoded in the form that it
had 04 at the start to denote ASN1 coding followed by the
I'm running OpenSSL 1.0.0-fips 29 Mar 2010. I made a jump from a 2009 build
yesterday and noticed my scripts were returning data that I didn't expect
to see.
It turns out that openssl now replies with something I'll call the depth
header. This is data that I can't seem to suppress from being
From: owner-openssl-us...@openssl.org On Behalf Of deepak.kathuria
Sent: Monday, 15 July, 2013 23:31
I am using openssl OCSP utility as OCSP Responder in linux
platform. Once
OCSP Responder receives OCSP Request it will send OCSP Response and
terminate the TCP connection by sending FIN for
From: owner-openssl-us...@openssl.org On Behalf Of Nayna Jain
Sent: Monday, 15 July, 2013 11:49
It takes some time for my server to respond to openssl
s_client connection request.
However, openssl s_client timesout before the response.
Are you using DTLS with -timeout? Otherwise, and
From: owner-openssl-us...@openssl.org On Behalf Of redpath
Sent: Tuesday, 16 July, 2013 11:13
I was able to piece together a test application (enclosed
below) which loads an x509 file and performs
an OSCP request programmatically. I created a server to dump
what is written at the port.
Since I hadn't looked for a while, I thought that I'd see where the current
Openssl FIPS work stood and found this:
http://www.opensslfoundation.com/fips/ig95.html
Surprised that I hadn't heard about this previously but if I'm reading it
correctly, it seems to effectively kill any future
From: owner-openssl-us...@openssl.org On Behalf Of Seth Rice
Sent: Tuesday, 16 July, 2013 17:59
I'm running OpenSSL 1.0.0-fips 29 Mar 2010. I made a jump from
a 2009 build yesterday and noticed my scripts were returning data
that I didn't expect to see.
It turns out that openssl now replies
14 matches
Mail list logo