I have more info on this now. I just tried openssl with bsafe crypto-c
me. Again, I get sporadic failures. When I compare the 2 computed
shared secrets, I see that they are actually the same, except that bsafe
has some zero padded bytes at the beginning, even though it says it
computed 128 bytes
Does exist some option in configuration file for switch to CRL checking in
whole chain?
I need to achieve that for all certificate in chain the own CRLs will be
checked. I din't find this option.
Thanks
--
View this message in context:
http://www.nabble.com/NO-crl-checking-in-whole-chain-tf36
This helps a lot. Thanks for the clarification.
-Geoff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Marquess
Sent: Thursday, April 19, 2007 4:48 PM
To: openssl-users@openssl.org
Subject: Re: RSA Key exchange and FIPS compliance
Gatfield, Geoffr
Gatfield, Geoffrey wrote:
Hello,
We use OpenSSL for encryption within our application. I am now
enhancing our application to become FIPS compliant. The OpenSSL FIPS
Security Policy lists RSA key wrapping and key establishment as
non-approved. But the policy states that it is included when 80
Hello,
> If IV is not required for cipher when we use RC4,does anyone have idea
> on what might be the problem?
Problem is not on server side (OpenSSL) but on client side.
Server is configured to request client authentication
(we see certificate_request packet send from server)
but client do not wa
Hello,
But when I revoke subordinary CA by Root Ca and I
again verify end entity,the result is O:ok but I
expect some error as error 23 at 1 depth certificate
revoked.
I don't know whether the OPENSSL performs the CRL
checking in whole chain.
This is a default behavior of OpenSSL when you v
Hello everybody
I have such a problem. I created following certificate for ROOT CA, then for
subordinary CA and at the end certificate too for end entity. Then I
concated CAs certificate and relevant CRLs(empty for this time) into one
files "CertsAndCrls.pem" and i tried verify end-entity
certif
Hi Usman,
OpenSSL folder is in the path.
Al.
On 4/19/07, Usman Riaz <[EMAIL PROTECTED]> wrote:
Looks like openssl is not in the path. I am not sure if there is
a command-line version like linux of openssl for Windows (I guess you are on
Windows). Normally, I use cygwin if i need to use openss
On Wed, Apr 18, 2007, Edward Chan wrote:
> I was talking to the MS support guy who wrote that article. He said he
> has spoken with the engineers and assures me that it is not possible
> with DH keys.
>
> But if someone knows otherwise, I'd really love some sample code.
>
Well the alternativ
Looks like openssl is not in the path. I am not sure if there is a command-line version like linux of openssl for Windows (I guess you are on Windows). Normally, I use cygwin if i need to use openssl manually on windows.
Regards,
Usman.
P:S. Btw, since your signature says you have access to php5.
Hi,
i have the following error message :
Loading 'screen' into random state - done
Getting Private key
Enter pass phrase for demoCA/private/cakey.pem:
unable to write 'random state'
when i try :
openssl x509 -in demoCA/cacert.pem -days 730 -out cacert.pem -signkey
demoCA/private/cakey.pem
what
Hi,
Under windows, i have some problem to create a new CA.
when i type : perl ca.pl -newca nothing is displayed...no info, no
questionary, ... nothing.
if i type perl ca.pl -newreq, ift works correctly, so it seems only for
command -newca.
where could be the problem ?
i use : activeperl 5.8.8.8
12 matches
Mail list logo
