Tan Eng Ten wrote:
This is another example of the problem I highlighted a few days ago. You
need to be very careful with which getter methods return a new instance
(or inc the ref count), and which ones do not.
Definitely not a bug but a matter of consistency.
it's certainly a bug but it mig
Hi everyone,
I'm developing the ASN.1 structure of the SCVP protocol but I obtain
an error (segmentation fault) when I try to get the certificates
stored into a stack.
I'm trying to decode the CertBundle field (SEQUENCE SIZE (1..MAX) OF
Certificate), and for this, I've the following:
STACK_OF(
Hi,
I was wondering how OpenSSL will handle a situation where the final
stream of data, received during a session resume handshake, contains
also encrypted data. This scenario is not possible for a new session,
but it can occur if we resume the session since the client sends the
final handshake co
Hi All,
Is there any way we can test the interoperability
of SSL certificates with any third party vendor's certificate.
Thanks and Regards,
Prashant Sodhiya
On Thu, Jul 28, 2005, Nils Larsch wrote:
> Tan Eng Ten wrote:
> >This is another example of the problem I highlighted a few days ago. You
> >need to be very careful with which getter methods return a new instance
> >(or inc the ref count), and which ones do not.
> >
> >Definitely not a bug but a
Prashant Sodhiya wrote:
Hi All,
Is there any way we can test the interoperability of SSL certificates
with any third party vendor's certificate.
Yes.
Depending on wether you want to test another server's certificate or the
use of client certs you can use "openssl s_client" or "openssl
s_
Thanks for replying.
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
I looked at this some time ago so this may not be up to date...
There wasn't anything special about an authenticode certificate provided
you
didn't set the extensions to specifically exclude the usages. So a
"vanilla"
CA and
May be this calls will help you...
SSL_CTX_set_cert_verify_callback(ctx, ssl_app_verify_callback, parm);
static int ssl_app_verify_callback(X509_STORE_CTX *ctx, void *arg);
In X509_STORE_CTX there is the peer certificate...
On Thu, Jul 28, 2005, coco coco wrote:
>
> Ok, sounds simple enough, so I create a root CA with openssl, then sign a
> certificate
> for a fictitious user, which use that to sign an Office VBA (just some dummy
> stuff, doing nothing).
>
> After loading up my VBA, I see it has no timestamp, and
On Thu, Jul 28, 2005, Dr. Stephen Henson wrote:
> On Thu, Jul 28, 2005, coco coco wrote:
>
> >
> > Ok, sounds simple enough, so I create a root CA with openssl, then sign a
> > certificate
> > for a fictitious user, which use that to sign an Office VBA (just some dummy
> > stuff, doing nothing)
Just found a link which may help:
http://www.thawte.com/support/code/msauth.html#timestamp
Thanks a lot. Sorry to sound like a dumbass, but how do I put that
information into the certificate when I signed it? :) I mean, how do I
specify the URL of the tsa, which extension to use ?
If some
This is better, but it might disrupt the default verfy procedure,
after installing it default verify_callback is not called. Hence I
will never know whether the certificate is valid or not ? How will I
decide the return value of this callback ?
The previous one suggested by Shmulik Regev is causin
On Thu, Jul 28, 2005, coco coco wrote:
> >
> >Just found a link which may help:
> >
> >http://www.thawte.com/support/code/msauth.html#timestamp
> >
>
> Thanks a lot. Sorry to sound like a dumbass, but how do I put that
> information into the certificate when I signed it? :) I mean, how do I
> s
Hi, all
I'd like to compile Openssl 0.9.8 on Solaris 10. If I strictly use the
default options, whole thing is a success. Now I want to use openssl for
mod_ssl and apache. According to mod_ssl's documentation, mod_ssl
(v2.8.23-1.3.33) recommends to use the following option to compile
openssl
./co
Went thru this last night...
See the PROBLEMS file, as is still happening with Solaris 10 on x86
INTEL. It does not happen on x86 AMD64 though.
Download http://www.openssl.org/~appro/values.c
and then patch your GCC installed with
ksh -f values.c
Then start all over... BTW, this is with Sun'
Hi, Richard
I am trying to compile openssl 0.9.8 on Ultra-SPARC chip. The gcc that I have
is gcc3.3.2 which I downloaded from Sunfreeware.com web site. Thanks.
Ryan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ricardo Stella
Sent: Thursday, July 28,
Hi, Tim
I tried to compile openssl 0.9.8 like this:
./config no-threads -fPIC -ldl
I got the same message from "make test". Thanks.
Ryan
-Original Message-
From: Tim Rosmus [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 28, 2005 3:24 PM
To: Ruiyuan Jiang
Subject: Re: Openssl 0.9.8 com
On Thu, 28 Jul 2005, Ruiyuan Jiang wrote:
|#
|# I tried to compile openssl 0.9.8 like this:
|#
|# ./config no-threads -fPIC -ldl
|#
|# I got the same message from "make test". Thanks.
|#
Just use "./config no-threads" only.
--
Tim Rosmus <[EMAIL PROTECTED]>
Yes, 'make test' passed when I used './config no-threads'. My question
is that without '-fPIC' option in openssl 0.9.8, will mod_ssl and apache
work?
'-fPIC' option is "builds OpenSSL with Position Independent Code (PIC)
which is only important when building mod_ssl as a Dynamic Shared Object
(DS
On Thu, 28 Jul 2005, Tim Rosmus wrote:
|# On Thu, 28 Jul 2005, Ruiyuan Jiang wrote:
|#
|# |#
|# |# I tried to compile openssl 0.9.8 like this:
|# |#
|# |# ./config no-threads -fPIC -ldl
|# |#
|# |# I got the same message from "make test". Thanks.
|# |#
|#
|# Just use "./config no-threads" on
>
> Thanks a lot. Sorry to sound like a dumbass, but how do I put that
> information into the certificate when I signed it? :) I mean, how do I
> specify the URL of the tsa, which extension to use ?
>
You don't. The timestamp URL is something you use on the command line of
the
relevant authentic
> Hi, Richard
>
> I am trying to compile openssl 0.9.8 on Ultra-SPARC chip. The gcc that I
> have is gcc3.3.2 which I downloaded from Sunfreeware.com web site. Thanks.
>
> Ryan
>
Have you updated the header files by running the mkheaders script ?
See the comments section on sunfreeware about th
On Thu, Jul 28, 2005, coco coco wrote:
>
> The problem is with signing Office macro, which has to use the stupid macro
> editor to do. And there is no place to insert an option for timestamping.
> All the information I get is that the editor will do it automatically, and
> somehow,
> that info f
Hmmm, I don't have access to the relevant tools for that. Do you have a
sample
signed macro or certificate that includes this information?
hehe, I don't, that's why I can't figure out what to put in there. I tried
different extensions, looked up all the stuff I can use in x509v3, to no
avai
24 matches
Mail list logo