Hi,
I have checked my keystore and truststore and the intermediate
certificate alone is going to expire.
I have received a renewed intermediate pem. I believe it is common
practice to just replace an expiring intermediate certificate instead of
the root. The root will expire in2025.
I have
Hi,
I want to validate a CA signed certificate against its CRL.
I have root certificate from CA. I have downloaded CRL for entity
certificate (using URI in CRL Distribution Points field).
Intermediate CA certificate is also required to verify entity certificate
against CRL.
Is there any way I
Hi,
I am trying to use OpenSSL to independently verify a CKM_ECDSA_SHA1
signature produced by a Safenet protect gold HSM. The signature
verification with the error below, however using the HSM ctbrowse tool I can
verify the signature being produced. Can anybody out there help me interpret
what
Thanks for your feedback.
I found the issue, we have had the -K option (-K 3D1) and we can decrypt it on
windows after encrypt it on unix.
If we can help someone.
Best regards.
Franck DUBUC
RESG/GTS/RET/API
Tel : +33 (0)1 64 85 70 31
e-mail :
OpensSSL supports TLS; you need to parse the EAP packets in your own
application and feed the TLS bits into OpenSSL.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Neo
owner-openssl-us...@openssl.org wrote on 05/10/2011 06:52:26 PM:
From: Dr. Stephen Henson st...@openssl.org
To: openssl-users@openssl.org
Date: 05/10/2011 06:57 PM
The answer is probably yes but with some caveats.
If the application is well behaved and doesn't rely on undocumented
I have found that fork() on modern machines as a negligible affect on
performance and in fact I almost always use inetd instead of writing
my own servers, mainly because it is dead reliable, easier to code,
and again seems to have negligible affect on performance. One would
have to do
On Wed, May 11, 2011 at 08:39:49AM -0700, Eric S. Eberhard wrote:
I have found that fork() on modern machines as a negligible affect on
performance and in fact I almost always use inetd instead of writing my own
servers, mainly because it is dead reliable, easier to code, and again
seems
I was not trying to compare O/S, only point out that my experience is
more out of the AIX world than Linux world.
I also want to point out again what I was saying ... you don't need
to make a server and you don't need to fork() and all kinds of
complicated stuff if you write it for inetd.
On 05/10/11 11:03 PM, Mohan Radhakrishnan wrote:
Hi,
I have checked my keystore and truststore and the intermediate
certificate alone is going to expire.
as I understand it (vaguely at best), if the intermediate certfiicate
expires, that invalidates any certificates it generated, so you
No, that should not be true - as long as the subject name of the issuer does
not change and the key pair is reused, then any previously issued certificates
should still verify against the issuer. Note that the thumbprint will be
different, in case that is used anywhere to track the cert.
Eric, you must be really kidding this time :), servers with this
architecture are susceptible to dos and what not..am sure for embedded
systems where memory is a big limiting factor the best would be async
design, also code becomes easily portable in future.
On Wed, May 11, 2011 at 10:39 AM, Eric
Performance is related to the application. For example, a system
that accepts 10 SSL connects per year has different requirements than
one that accepts 1000 per second. Obviously there is a middle
ground. My point is that theoretical performance differences are
very real in the later case,
While executing the below code its coring randomly in two cases,
1) While executing the method SSL_library_init() in the constructor.
2) Coring while executing the call back method locking_function().
We are not sure, now the call back method is calling after it is set to NULL
Ex :
While executing the below code its coring randomly in two cases,
1) While executing the method SSL_library_init() in the constructor.
2) Coring while executing the call back method locking_function().
We are not sure, now the call back method is calling after it is set to NULL
Ex :
I was recently playing around with OpenSSL's EC_KEY interface, specifically
generating and examining keys generated using the curve sect233r1, when I
decided to print the raw key out, in hex form. A quick analysis showed me
that the key was stored in 232 bits, not 233 bits as the curve sect233r1
Can u share the parsed core file?
On Wednesday, May 11, 2011, Mani Suresh suresh84...@gmail.com wrote:
While executing the below code its coring randomly in two cases,
1) While executing the method SSL_library_init() in the constructor.
2) Coring while executing the call back method
Hi ,
My application is running with OpenSSL 0.9.8h 28 May 2008 in gentoo linux:
uname -a
Linux localhost 2.6.32.9 #1 SMP Thu Jul 8 14:30:23 Local time zone must be
set--see zic m i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel GNU/Linux
But ssl hand shake is failing with below error:
I think that means you have not enabled the cipher or hash that is required at
that point. Did you forget to call something like OpenSSL_add_all_algorithms()
in your app?
Erik Tkal
Juniper OAC/UAC/Pulse Development
-Original Message-
From:
Hi,
I have the SSL_library_init() in my app, which will load the algos.
Erik Tkal wrote:
I think that means you have not enabled the cipher or hash that is
required at that point. Did you forget to call something like
OpenSSL_add_all_algorithms() in your app?
If you're looking to do authentication, freeradius will do EAP, and talk to
openssl for the TLS part (and an LDAP server for the actual authentication and
authorization).
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Erik
Hi,
I think I have been able to replace only the intermediate certificate
which has a different validity period. I believe this can be done
because what the intermediate certificate is signing is still valid.
Only the expiry date is changing and it is being renewed.
1. Root is valid
2. Sub
Script started on Wed May 11 22:35:28 2011
doctor.nl2k.ab.ca//usr/source/openssl-1.0.1-stable-SNAP-20110512$ gmake
if [ -n libcrypto ]; then \
EXCL_OBJ='aes-586.o bn-586.o co-586.o x86-mont.o x86-gf2m.o
des-586.o crypt586.o mem_clr.o sha1-586.o sha256-586.o sha512-586.o
23 matches
Mail list logo