Hi All,
I was under the impression that openssl allows loading multiple CRLs for the
same issuer. But, this does not seem to be the case as is proved by using
"openssl verify".
$ ls -l ./ca/
total 24
lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb3b6.0 ->
cacert.pem -> the CA ce
See the OpenSSL FAQ:
http://www.openssl.org/support/faq.html#USER1
srand/rand/etc. have nothing to do with the cryptographically strong
PRNG inside OpenSSL as srand/rand et al are not meant to be used for
cryptographic purposes anyway. Read books such as published by Bruce
Schneier, etc. about cr
Hi all,
Do you know which API could parse pem file of certificate?
Then we could get version/validate/serial number and etc.
Thanks!
Regards,
Leo
you should try http://openssl.org/docs/crypto/RAND_add.html#
_
Windows Liveā¢: E-mail. Chat. Share. Get more ways to connect.
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_allup_howitworks_012009
On Wed, Jan 28, 2009, Jeffrey Trimble wrote:
> So, is FIPS part of the install? If not, does it need to be installed at
> all?
>
No it doesn't need to be installed at all. The latest snapshots totally ignore
the "fips" directory unless the configuration option is included.
Steve.
--
Dr Stephen
So, is FIPS part of the install? If not, does it need to be
installed at all?
Just curious.
TIA,
Jeff
On Jan 28, 2009, at 11:13 AM, Dr. Stephen Henson wrote:
On Wed, Jan 28, 2009, Jeffrey Trimble wrote:
I've attempted to install openssl 0.9.8-j.
/config
make
make test
all went well. A
On Wed, Jan 28, 2009, Jeffrey Trimble wrote:
> I've attempted to install openssl 0.9.8-j.
>
> /config
> make
> make test
>
> all went well. All ended OK.
>
> But, make install ended with this error:
>
> making install in fips/hmac...
> cp: fipscanister.o: A file or directory in the path name does
I've attempted to install openssl 0.9.8-j.
/config
make
make test
all went well. All ended OK.
But, make install ended with this error:
making install in fips/hmac...
cp: fipscanister.o: A file or directory in the path name does not exist.
cp: fipscanister.o.sha1: A file or directory in the p
I am currently using the PKCS5 openssl function for PBE. Currently I
have the values of the password, salt and iterations hardcoded in my
example but I want to avoid this. Is there an openssl implementation
of a key store or something similar?
For the key store, how do i create one?
Are there opens
Thor,
Have you checked out the man pages for the req program? It seems you'd
want the * -subj * flag.
http://www.openssl.org/docs/apps/req.html
Here's a sample generation
openssl req -nodes -newkey rsa:2048 -nodes -keyout myserver.key -out
server.csr
-subj "/C=GB/ST=Yorks/L=York/O=MyCompan
Olaf Gellert:
> I would not say so. If I found a CRL which contains the
> self signed root certificate I would stop to trust it
> immediately.
Why? What do you think that CRL means? Specifically, do you think it means
the public key was compromised? Do you think it means the issuer of the
origin
Thor,
Have you checked out the man pages for the req program? It seems you'd
want the * -subj * flag.
http://www.openssl.org/docs/apps/req.html
Here's a sample generation
openssl req -nodes -newkey rsa:2048 -nodes -keyout myserver.key -out
server.csr
-subj "/C=GB/ST=Yorks/L=York/O=MyCompan
Hi all,
David Schwartz wrote:
>> Can you please elaborate on how would the higher-layer security
>> infrastructure go about this?
>
> Simply put, whatever put the certificate in its trusted position is what is
> to remove it. If a CA says to trust a certificate, that CA can say not to.
> But if t
Hi,
I am using the openSSl 9.8i on a chorus operating system. When I tried
to use the funciton
srand(time(NULL));
RSA* rsa = RSA_generate_key(512, 65537, NULL, NULL) ;
I get the error the "random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded" .
Does srand() seed PRNG?
How can i work aroun
Anyone know the magic voodoo for creating a PKCS#12 that the Java 6
keytool can digest? I can make one easily enough where "keytool -list"
and "keytool -importkeystore" see the key, but it stubbornly refused to
see any of the CA certs.
-Steve M.
--
Steve Marquess
Veridical Systems, Inc.
marq
15 matches
Mail list logo
