Hi,all,
I want to search for a certificate from cert-database,
But I should provide the DN for searching.
DN is the subject of the certificate,which should follow the RFC2253,like
this"CN=Jack
Lee,O=XYZ Corp.,C=US".
I don't knowhow I can search the
Hi,
I am studying the verifying of the OCSP response.
I find thatthe function OCSP_basic_verify() in ocsp_vfy.c can do this
job.
It is mainly devided into 2 parts.
1, to use the public key of the response signer to verify the basic
response
2, to verity
in my understanding is wrong
or not totally correct?
Thanks,
wjw
- Original Message -
From:
Dr. Stephen
Henson
To: [EMAIL PROTECTED]
Sent: Friday, May 30, 2003 8:47
PM
Subject: Re: About finding OCSP
response signer
On Fri, May 30, 2003, Wu Junwei wrote
Hi,all
I have a question about the certificate verifying.
I know OpenSSL has provided the X509_verify_cert() to do
this function.
AndI should use X509_STORE_CTX_init() to do the initialization
work.
But I now have only the certificates stack and no store
: Re: About finding OCSP
response signer
On Mon, Jun 02, 2003, Wu Junwei wrote:
Hi,Steve, Thanks for your kindly answer.
But, I am still not very clear. In my
understinding I think responder may be not the signer
of the reponse because the CA of the certificate in question can
and bs-certs for setting up the untrusted certificate chain?
Thanks and regards,
wjw
- Original Message -
From:
Dr. Stephen
Henson
To: [EMAIL PROTECTED]
Sent: Monday, June 02, 2003 8:32
PM
Subject: Re: about certificate
verifying
On Mon, Jun 02, 2003, Wu
Hi,all
I can add trusted certificate into X509_STORE by
X509_STORE_add_cert().
But which function can I delete/cancel a certificate from the
X509_STORE?
Thanks
wjw
-
From:
Dr. Stephen
Henson
To: [EMAIL PROTECTED]
Sent: Saturday, June 14, 2003 4:02
AM
Subject: Re: about the X509_STORE of
OCSP
On Fri, Jun 13, 2003, Wu Junwei wrote:
Hi,all when I
use openssl ocsp
-issuer xxx -cert -url xxx -CAfile
xxx... to get the ocsp
Hi,all,
Could some one tell me kindly why the -issuer option in the OpenSSL OCSP
client options MUST be PEM format ?
thanks,
wjw
And,
Is that ONLY because the FORMAT_PEM in load_cert() in app.c?
How about if I change it like following: (can I input the pkcs#12 file or
asn.1 file after doing such changing?)
load_cert(bio_err, *args, FORMAT_PKCS12, pass, e, "issuer certificate");
proprietary underneath
!!
Steve
-Original Message-From: Wu Junwei
[mailto:[EMAIL PROTECTED]Sent: Wednesday, June 18, 2003
8:59 PMTo: [EMAIL PROTECTED]Subject:
Re: From BSAFE to Openssl
HI,
In OpenSSL, I think you should add
Hi,all
I have a question on reading the private key out from a certificate
file.
I 'd like to read a private key in a certificate file and returns the
private key data and length in memroy, which functions in OpenSSL should I
choose to use?
Hi,all
I am studying the openssl ocsp.
I would like to know , when use the -signer or -signkey option of the OCSP,
is there any format limitation of this signer file or signer key file?
I have a PKCS#12 certificate1(can be found in the end of this mail ) which
Hi, all,
Maybe my question in last time was not clear, so I ask again by another
description.
I have a CA certificate exported from RSA KEON, which is PEM encoded
pkcs#12 certificate (listed below.)
It seems encoded by base64 , I have tried different methods to
Hi,
I do not know whether the head is the standard PEM
.It is issued by KEON, so maybe there will be some problems.
As to the FORMAT_PKCS12, yes, you are right.
I have tried some pfx files exported form IE, I could
retrive the private key by using load_key() in app.c with the format
Hi,all
I know OpenSSL provides 2 objects, libcrypto.o and libssl.o.
How can I judge which function is in which of them?
Are the following functions in
libcrypto.o?SSL_CTX_new(),
defined in ssl_lib.c.
BIO_new_ssl(),defined in
Hi,all
How can I get the DN of a certificate in ASN.1 format
from a X509_NAME object?
thanks,
wjw
2003 6:05
PM
Subject: Re: about getting DN in ASN.1
format
In message [EMAIL PROTECTED]
on Thu, 10 Jul 2003 16:24:48 +0900, "Wu Junwei" [EMAIL PROTECTED]
said:Wu.Junwei How can I get the DN of a
certificate in ASN.1 formatWu.Junwei from a X509_NAME
object?(I'm st
of
OCSP
On Fri, Jun 13, 2003, Wu Junwei wrote:
Hi,all when I
use openssl ocsp
-issuer xxx -cert -url xxx -CAfile
xxx... to get the ocsp resposne, and verify
it. Do I need to setup up the whole chain from the root CA to the
entry CA in the CAfile or CApath? I mean , when I set
Hi,all
I am studying using OpenSSL to verify an OCSP response
signed by a delegated signer.
I know , there should be OCSPSigning OID in the certificate of the
delegated OCSP response signer.
But , how can I judge itfrom the X509 structure?
That is to say , when
Hi,all
I have a 4-level certificate tree.
ca0--ca1--ca2--cert
And I put ca0 ,ca1 in the X509_STORE,
put ca2 in the STACK_OF(X509)
When I send the ocsp request to ca2, with the cert in question, I can get
the ocsp response which is signed by the
add one thing,
It is supposed the chain:
ca0--ca1--ca2--D1
can be verified one by one.
- Original Message -
From:
Wu
Junwei
To: [EMAIL PROTECTED]
Sent: Thursday, July 17, 2003 6:04
PM
Subject: OCSP verifying
Hi,all
I have a question on certificate verifying.
In X509_verify_cert(), after checking the prupose (my understanding is to
check the extension of the V3 certificate),
it checks the so-called trust :
if (ctx-trust 0) ok = check_trust(ctx);
I do not
Hi,all
I would like to test my OCSP client.
I noticed that when getting a response, the responder ID in the OCSP
response can be presented by name or key hash.
If I use OpenSSL as the responder , can the OpenSSL provides the response
with the responder ID in Key
24 matches
Mail list logo