On Thu, Dec 09, 2004 at 07:03:45PM -0800, John Forbes wrote:
> My environment is C++builder5 with Indy 9. I need to access from a client
> an https site, whose http pages I can successfully get to. So I
> downloaded and installed the openssl dlls. What else do I have to do in
> order to issue a suc
Hello,
This is very much a newbie question; I hope someone
can take the time to answer it.
My environment is C++builder5 with Indy 9. I need
to access from a client an https site, whose http pages I can successfully get
to. So I downloaded and installed the openssl dlls. What else do I ha
Hello,
did anybody try to add OCSP revocation checking into standard openssl
verification routines (such as X509_verify_cert->check_revocation())?
I know we have ocsp utility, but I want to check OCSP just as simply as it can
be done with CRL now - set appropriate flag, and call X509_verify_cert(
All,
We have a code signing facility that has signed a lot of code using
a certificate that recently expired. Now, validation of the signed
code fails because one of the certs in the chain has expired (not
the root cert, and not the signing cert).
So, should the verification routine be changed to
Hello Anders,
Thanks for the help and info. You have helped me solve
my problem.
--- Ringaby Anders <[EMAIL PROTECTED]> wrote:
> Hello Servie.
>
> Have you checked that the directory, where gcc is
> located,
> is in your PATH environment variable?
>
> You can check by doing either of this:
>
Dr. Stephen Henson wrote:
You need to mark the stored encoding as invalid if you want to do that. You
can do that with:
crl->crl->enc.modified = 1;
As long as you do that before signing the CRL it should then work.
This works fine. Thanks for your help,
Thorsten
On Thu, Dec 09, 2004, prakash babu wrote:
> Hello Steve,
>
> Thanks for your explanation. It was very informative,
>
> In OpenSSL 0.9.7e while doing the CRL checking, the following steps are
> performed
>
> a. Caching the original CRL list into cache
> b. Sorting the CRL list.
On Thu, Dec 09, 2004, Thorsten Müller wrote:
> Dr. Stephen Henson wrote:
>
> >
> >The second option, which I implemented, is to cache the original encoding
> >and
> >use the cached form to verify signatures. This makes signature verification
> >much quicker since no reordering is necessary.
>
Hello Steve,
Thanks for your explanation. It
was very informative,
In OpenSSL 0.9.7e while
doing the CRL checking, the following steps are
performed a. Caching the original CRL list
into cache b. Sorting the CRL
list. c. Searching the given certificate in the
sorted CRL
Dr. Stephen Henson wrote:
The second option, which I implemented, is to cache the original encoding and
use the cached form to verify signatures. This makes signature verification
much quicker since no reordering is necessary.
This still requires lock when the revoked entries are sorted but they
10 matches
Mail list logo
