On Fri, Aug 22, 2003, Nick Gray wrote:
> Prior to version 0.96 I didn't have a problem with OpenSSL at all. Today
> I built a new system and tried to use it with the following results.
>
> root:/usr/local/openssl# cd misc
> root:/usr/local/openssl/misc# ls
> CA.pl CA.sh c_hash c_info c_issuer
Prior to version 0.96 I didn't have a problem with OpenSSL at all. Today
I built a new system and tried to use it with the following results.
root:/usr/local/openssl# cd misc
root:/usr/local/openssl/misc# ls
CA.pl CA.sh c_hash c_info c_issuer c_name der_chop
root:/usr/local/openssl/misc# ./C
On Fri, Aug 22, 2003, Charles B Cranston wrote:
> >>Based on a dialog that said "unknown critical extension"
>
> >I've never seen that dialog on Netscape, though I've seen IE produce it.
> >What I'm saying is that stepup uses EKU (among other things) to identify
> >its
> >certificates Netscape 4
Based on a dialog that said "unknown critical extension"
I've never seen that dialog on Netscape, though I've seen IE produce it.
What I'm saying is that stepup uses EKU (among other things) to identify its
certificates Netscape 4.[something] did support stepup so presumably it at
least partially
I've seen several of these "help me I need to construct a security
architecture and I don't understand the manuals and I'm too busy/
uneducated/blonde/whatever (:-) to take the time to LEARN enough
to understand the manuals, so please just give me the commands
that I can type in and satisfy my boss
On Fri, Aug 22, 2003, Charles B Cranston wrote:
> Continuation of a dialog between Dr. Stephen Henson
> and Charles B Cranston:
>
> B: These are some of the ones we found:
> B: Netscape 4 will not tolerate an ExtendedKeyUsage extension.
>
> S: Hmmm. What makes you think that? EKU is *required* t
Well, I took dumps of the two certificates (and CSR) that Rohan
provided, and the dates overlap, which might be the IE specific
problem.
At first it looked like the subject DNs were exactly the same
between the two certificates, but upon closer examination the
subject DN for the server certificate
Continuation of a dialog between Dr. Stephen Henson
and Charles B Cranston:
B: These are some of the ones we found:
B: Netscape 4 will not tolerate an ExtendedKeyUsage extension.
S: Hmmm. What makes you think that? EKU is *required* to handle "step up"
S: (aka SGC, magic, 128 bit [yuck]) and Netsca
On Fri, Aug 22, 2003, Charles B Cranston wrote:
> Dr. Stephen Henson wrote:
>
> >>These are some of the ones we found:
> >>Netscape 4 will not tolerate an ExtendedKeyUsage extension.
>
> >Hmmm. What makes you think that? EKU is *required* to handle "step up" (aka
> >SGC, magic, 128 bit [yuck]) a
Dr. Stephen Henson wrote:
On Fri, Aug 22, 2003, Charles B Cranston wrote:
Well, the sad answer to this question is yes. It turns out that
in the design of SSL the client does the verification, so each
client has its own little set of peccadillos.
Indeed but if the OP means that you need a differ
10 matches
Mail list logo
