I think David may have a point here. On the client side you have a list of CA's you trust so therefore other CA's will not be accepted. It is a big problem that you can revoke other Certs with the same CN though.David Schwartz <[EMAIL PROTECTED]> wrote: > ...except that it's not.>> A later certifi
I think David may have a point here. On the client side you have a list of CA's you trust so therefore other CA's will not be accepted. It is a big problem that you can revoke other Certs with the same CN though.David Schwartz <[EMAIL PROTECTED]> wrote: > ...except that it's not.>> A later certifi
> ...except that it's not.
>
> A later certificate (w/ different public key) with the same CN can
> issue revocations against an earlier certificate with the same CN, per
> X.509. That's part of the problem with the entire X.509 model in the
> first place.
Is this so without the newer c
...except that it's not.
A later certificate (w/ different public key) with the same CN can
issue revocations against an earlier certificate with the same CN, per
X.509. That's part of the problem with the entire X.509 model in the
first place.
On 3/15/06, David Schwartz <[EMAIL PROTECTED]> wrot
Title: FW: Using OpenSSL Command Line Apps To Generate Signed Digests
Heh,
Figures… My first post is adequately explained… in the man pages of 'rsautl':
The signature can be analysed with:
openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
The surprise
Hi: we're looking at our options for using OpenSSL in the IBM iSeries (AKA
AS400) environment. We already run on a bunch of *nix, Win, and z/OS hosts,
and we are being asked about support for some of our second tier OS's.
Is there anyone who knows of any work being done porting OpenSSL to the
n
Good afternoon,
Just a question: what is the challenge password asked when we do a
certificate request?
Everywhere, I see it lefted blank, but I don't understand his usage.
Tank you for your help.
---
Michaël Hooreman
__
OpenS
Dr. Henson,
I am using your ASN1 module, with some modifications to adapt it to the
RFC3281. I have been busy, but now I have some time, let me try your
recommendations in order to correct the ASN1 syntax of the attributes.
I will provide feedback ASAP.
Thank you for your help,
--
Daniel Diaz Sa
Title: Using OpenSSL Command Line Apps To Generate Signed Digests
Folks,
I am trying to work out a string of command line things that can deal with signatures and any/all intermediate objects.
Using the 'dgst' app, I can generate a digest and a signed digest in either hex or binary with n
On Thu, Mar 16, 2006, vipin rathor wrote:
> hi all,
> can somebody give me the complete struct. of ASN1_STRING
>
Yes, you can by looking in the header files...
However you shouldn't access the structure directly, there are functions to do
that.
ASN1_STRING_type() returns the type (u
hi all, can somebody give me the complete struct. of ASN1_STRING Thanx in advance... -Vipin
Yahoo! Travel
Find
great deals to the top 10 hottest destinations!
On Thu, Mar 16, 2006, Sanjay Vivek wrote:
> Hi there,
>
> How do I go about checking if the CN is in the certificate request (.csr)
> file? I'm a total newbie in this as you can probably tell! I used the
> "openssl req -new -key reto.key -out reto.csr" command to create the .csr
> file and it app
thank u very much Stefani got this lately though..
Yahoo! Mail
Use Photomail to share photos without annoying attachments.
Hi there,
How do I go about checking if the CN is in the certificate request (.csr)
file? I'm a total newbie in this as you can probably tell! I used the
"openssl req -new -key reto.key -out reto.csr" command to create the .csr
file and it appears to be the standard command to create a certificat
Here is another thread that converts the time to a string. It may be helpful in the future http://www.securitybuzz.org/buzz/emails/id/276651/vipin rathor <[EMAIL PROTECTED]> wrote:hi DS and all, i was just searching the mail archive and fortunately i got the conversation between "Tan Eng T
Stephan, This function "X509_get_notBefore(cert));" returns a ASN1_TIME pointer so u cannot print out the results using %d which is for integers or maybe it prints out something but not correct. Now just call like this: ASN1_TIME *cert_time; char *pstring; cert_time = X509_get_notBefore(cert));
hi DS and all, i was just searching the mail archive and fortunately i got the conversation between "Tan Eng Tan" and "Pj" dated almost a year back. There is a call named ASN1_TIME_print(), using this u can print time in GMT format. i guess i've answered myself Thank u all, -Vipin
> hi DS,
>here is the code snippet i'm using:
>
> X509 *cert;
> FILE fp;
> fp=fopen("cacert.der","r");
> /* error check*/
> cert=d2i_X509_fp(fp,NULL);
> /* error check*/
> printf("Valid From : %d",X509_get_notBefore(cert));
> /*gives 13 and when printed using %s, it gives
>
hi DS, here is the code snippet i'm using: X509 *cert; FILE fp; fp=fopen("cacert.der","r"); /* error check*/ cert=d2i_X509_fp(fp,NULL); /* error check*/ printf("Valid From : %d",X509_get_notBefore(cert)); /*gives 13 and when printed using %s, it gives segmentation fault*/
> hi all,
>now i'm able to get the certificate timing info. by using the call
X509_get_notAfter() and X509
> _get_notBefore()but they are returning the values in integer type( in
my case, both return 13 and 13)
> so anybody can help me out to get the timing info. in proper date format.
20 matches
Mail list logo
