The second handshake message in frame 18 (Certificate Request) has an empty
certificate_authorities record (shown as "Distinguished Names Length: 0" in
the dump). TLS v1.0 specifies that this record must contain at least 3
entries:
struct {
ClientCertificateType certificate_type
It is the OCSP responder cert. I suppose you already
have that, right? Or you can use this one which will
expire on Sep 15, 2005 though.
-BEGIN CERTIFICATE-
MIID2jCCA0OgAwIBAgIQaVnCDg78Yj+N1V5h9xQh0jANBgkqhkiG9w0BAQUFADCB
lDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE
CxM
Hi Paul,
Thats great. Thanks for your quick response.
What is tgv.pem file. how can we get that file.
Thanks in advance,
Varma
On 8/24/05, Paul Simon <[EMAIL PROTECTED]> wrote:
> Maybe your URL is wrong. I just tried this:
>
> openssl ocsp -issuer VeriSignClientECA.pem -url
> http://ocsp.veri
Maybe your URL is wrong. I just tried this:
openssl ocsp -issuer VeriSignClientECA.pem -url
http://ocsp.verisign.com -cert eca_usr_cert.pem
-VAfile tgv.pem -no_nonce -text
and it works fine as follows:
D:\prjs\ocsp\newEcaCA>openssl ocsp -issuer
VeriSignClientECA.pem -url http://ocs
p.verisign.co
Andreas Almroth wrote:
> As it is Solaris, use export LD_OPTIONS='-R/usr/local/openssl-0.9.7g/lib
> -L/usr/local/openssl-0.9.7g/lib'
> The linker will take that into consideration, and if you do a dump -Lv
> on the output file, the RUNPATH should be included.
*smacks head*
Ok, I wonder how I manag
Hi, Thanks a lot prakash for your reply. Actually my application works in this way1) I will get the x.509 certificate from any server(lets say) yahoo.com, now from that i will extract
yahoo.com user certificate(may be issued by verisign or others), issuers root certificate.2) Now i need to chec
Greetings Group Gurus,
I am trying to get a device that purportedly talks TLSv1 to connect to a system
running OpenSSL 0.9.6. After the ServerHelloDone the other device reports:
No TLS session key in Client Key Exchange
The SSL/TLS implementation on said device (a VOIP phone) is of unk
Lerchenfeld, David W. wrote:
Has anyone seen this problem I have been fighting it for some time and cannot
get it resolved:
I have (specs below) Apache running on an HPUX11i server and everytime and
activate SSL for a server Apache keeps launching child stacks instead of using
the existing st
Laurent Blume wrote:
prakash babu wrote:
*Solution 1 :*
Create a symbolic link in the system directory for libcrypto.so and
libssl.so
ln -s /usr/local/openssl-0.9.7g/lib/libcrypto.so /usr/lib/libcrypto.so
ln -s /usr/local/openssl-0.9.7g/lib/libssl.so /usr/lib/libssl.so
Evil. This is a sur
prakash babu wrote:
*Solution 1 :*
Create a symbolic link in the system directory for libcrypto.so and
libssl.so
ln -s /usr/local/openssl-0.9.7g/lib/libcrypto.so /usr/lib/libcrypto.so
ln -s /usr/local/openssl-0.9.7g/lib/libssl.so /usr/lib/libssl.so
Evil. This is a sure road to troubles at som
Has anyone seen this problem I have been fighting it for some time and cannot
get it resolved:
I have (specs below) Apache running on an HPUX11i server and everytime and
activate SSL for a server Apache keeps launching child stacks instead of using
the existing stacks. It will eventually get to
Hi,
I would suggest you two solutions
Solution 1 :
Create a symbolic link in the system directory for libcrypto.so and libssl.so
ln -s /usr/local/openssl-0.9.7g/lib/libcrypto.so /usr/lib/libcrypto.soln -s /usr/local/openssl-0.9.7g/lib/libssl.so /usr/lib/libssl.so
Solution 2
Specify a embedde
Hi,
The -Vafile option is used for explicitly trusting the responder certificate of the ocsp serverSo if you omit this option you will get the "unable to get local issuer certificate" error.
To get this command workingopenssl ocsp -url http://ocsp.verisign.com:8080 -issuer ROOT_CA.pem -VAfile OCS
Hello all,
I've got a relatively minor problem with OpenSSL linking, it may be a
flaw in the configure script, or just me not finding the right option.
Here is is: I want to build OpenSSL with an integrated linker runpath,
so I don't need LD_LIBRARY_PATH or crle hacks.
Since some OpenSSL bi
Hi openssl'users ,
I have to encapsulate a document signature in a
file conforming to ICAO standard that is to say
conforming to the RFC-3369(CMS).
Can I do it (create signature's files at the
CMS-RFC3369 specification format & verify these files)
with openssl 0.9.8 ?
That's very im
Hi Vijay
I have tried all the combinations. My mipsle string is modified to with all EL
in -EL, MISPLE etc
change to EB.
Our platform makefile has DBIG_ENDIAn even tried that but it didin't helped. I
am using
OpenSSL9.7e.
Can you please pass me the vxworks-mipsle string with which u are able to
16 matches
Mail list logo
