Michael Sierchio wrote:
have no key-usage extension
You know of course I MEANT to say basic-constraint.
If you accept a cert signer whose cert doesn't have
CertificateAuthority as a basic constraint, you are
naughty.
__
OpenSS
Richard Levitte - VMS Whacker wrote:
v2 exists, but has seldom been used in real life...
Never seen in the wild, only in captivity.
kudzu> If the cert is a sub-CA cert then it is not self-signed.
kudzu> Unless there is some quantum subtlety that I am missing
kudzu> here.
I don't think that was a
Undoubtedly yes. Redhat 6.2 doesn't come with openssl, although an optional
RPM is available for it, version 0.9.5a-33 (which is up to date as of March
26th this year).
rpm -q openssl will tell you if this optional package is installed.
However, this version of Linux is no longer supported by Re
In message <[EMAIL PROTECTED]> on Thu, 12 Jun 2003 07:42:46 -0700, Michael Sierchio
<[EMAIL PROTECTED]> said:
kudzu> Fiel Cabral wrote:
kudzu>
kudzu> > But if the certificate is a sub CA certificate, then is
kudzu> > there a way to find out? Are X.509 v1 or v2 sub CA
kudzu> > certificates common
Hello,
I looked at the extension "Basic Constraints" in the cert which is set to
TRUE if the certificate is from a CA. And then I compare the subject and
issuer name. If they don't match then it is a sub CA.
I think you will know but nevertheless:
you can get a text-output of a cert in PEM-format
Fiel Cabral wrote:
But if the certificate is a sub CA certificate, then is
there a way to find out? Are X.509 v1 or v2 sub CA
certificates common?
V2? Fickt nicht mit der raeketenmensch! Perhap you mean
to say V1 or V3?
If the cert is a sub-CA cert then it is not self-signed.
Unless there is
Hello again,
I had the following problem:
>> I produced a text mail + attachment (file) and signed this file using
>> openssl smime sign command. Verifying this output using Outlook produced
an
>> invalid signature with the error message: message has been tampered with.
>> Verifying using openssl
If someone gives my program just one X.509 v1 or v2
certificate, how do I check if it is a CA certificate?
These are the things I do to check if it is a root CA
certificate:
a. Check if the subject and issuer names match.
b. Check if the certificate is self-signed.
But if the certificate is a sub
Note.. for the 4758, you will have to use PKCS#11 through openCryptoki
only, because there is not an openSSL engine for that specific device.
The 4758 and the ICA are totaly different devices
On Thu, 2003-06-12 at 07:47, Arne Ansper wrote:
>
>
> > the libcsufsapi.a module is either compiled fo
I forgot to say I'm working on AIX 5.1
It should be working...
Regards,
Sébastien
Arne Ansper <[EMAIL PROTECTED]> le 12/06/2003 15:47:50
Veuillez répondre à [EMAIL PROTECTED]
Pour :[EMAIL PROTECTED]
cc : (ccc : Sébastien Hernoux/DGCP)
Objet : Re: Problem using IBM 4758 with ope
> the libcsufsapi.a module is either compiled for the wrong machine
> or has been corrupted in transit. Secondary possibility: it is not
> there at all and the "magic number" diagnostic is misleading.
4758 with CCA software is supported only under Windows NT/2000 (and
perhaps XP too) and AIX.
Sébastien Hernoux wrote:
I'm currently trying to have IBM 4758 cryptocard to work with openssl 0.9.7b.
I have the following error message :
/distrib/openssl/bin# openssl engine - -t -pre
"SO_PATH:/usr/lib/libcsufsapi.a" 4758cca
(4758cca) IBM 4758 CCA hardware engine support
[Success]: SO_PATH
Sorry for disturbing you, but I was in a mistake with the version of Linux,
my client had a Redhat 6.2 I had realized this because there is not
libssl.so.0.9.6xx in the files system, there is /usr/local/ssl/lib/libssl.a
instead, this may indicate that the openssl is not built in share mode?,
The
Hi,
I'm currently trying to have IBM 4758 cryptocard to work with openssl 0.9.7b.
I have the following error message :
/distrib/openssl/bin# openssl engine - -t -pre
"SO_PATH:/usr/lib/libcsufsapi.a" 4758cca
(4758cca) IBM 4758 CCA hardware engine support
[Success]: SO_PATH:/usr/lib/libcsufs
If I had a Euro for each time this question gets asked...
The openssl FAQ details that fact the Red Hat 7.x (onwards) uses backported
versions. That is, if you have installed the Red Hat update to your version
(either manually or using Red Hat Network at rhn.redhat.com) you are
protected from curr
Hello.
I want to upgrade the OpenSSL to the 0.9.6j version to get ride of the two
last vulnerabilities found in the previous versions of OpenSSL. The system
is RedHat 7.x running Apache 1.3.27 with mod_ssl, both compiled with APACI
method (configure, make & make install), an my question is:
It
16 matches
Mail list logo
