Dear All,
In Openssl for signature verification we are using API
ASN1_item_verify().
Let me know the data which is used for finger print (signature)
creation is the CA public key or some thing else data .
Please clarify this doubt. How we are verifying the signature?
Thank
Dear All,
In openssl API X509_verify(X509 *a, EVP_PKEY *r) is used to verify the
signature of certificate. I have some doubt please help me.
1. Is in this API we are passing the CA certificate and public key of
CA certificate?
2. What is data over SSL compute the HASH?
3. SSL w
If '-inform DER' doesn't work as an option to openssl ca, then use the command:
openssl x509 -inform der -outform pem -in YOURCERTFILEHERE.der -out
YOUROUTPUTFILEHERE.pem
This will convert it to PEM encoding so that you can perform your
revocation process on it.
-Kyle H
On Thu, Jan 29, 2009 at
> From: owner-openssl-us...@openssl.org On Behalf Of tanu dutt
> Sent: Thursday, 29 January, 2009 08:31
> Can anybody tell how can I translate Openssl Error code to error
description.
> I am calling ERR_peak_last_error(). The error code that I am receiving is
b901.
> Is this a valid error code
> From: owner-openssl-us...@openssl.org On Behalf Of A Taylor
> Sent: Wednesday, 28 January, 2009 10:44
> I am currently using the PKCS5 openssl function for PBE. Currently I
> have the values of the password, salt and iterations hardcoded in my
> example but I want to avoid this. Is there an open
Hi Carol,
I believe you can add -state as a parameter
to the client and server side to see what "phase"
things are happening in.
Kevin.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Carol Walter
Sent: Thursday, Ja
Hi,
I found that the private key is stored unencrypted in memory.
Is there a way to configure a session so that the private key is not
stored in memory but read and decrypted from the associated PEM file
(using the callback set with SSL_CTX_set_default_passwd_cb) each time it
is needed?
Th
On Thu, Jan 29, 2009 at 06:15:04AM -0500, Georges-Etienne Legendre wrote:
> It works with what you suggested. Apache is running on a Linux box.
>
> Is there something to set in Apache to resolve this?
Yes, give it a set of non-broken 3DES ciphersuites. None of the below
work:
$ openssl ciphe
thanks, kyle, for pointing that out about the issuing distribution point.
http://tools.ietf.org/html/rfc5280#section-5.2.5
so if i read that section correctly, the "issuing distribution point" extension
is THE way to specify scope as you mentioned.
so two distinct CRLs from the same issuer can
On Wed, Jan 28, 2009, PS wrote:
> Hi All,
> I was under the impression that openssl allows loading multiple CRLs for the
> same issuer. But, this does not seem to be the case as is proved by using
> "openssl verify".
>
> $ ls -l ./ca/
> total 24
> lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb
Hello,
I'm new to this list, so I hope this is the correct place to post this
problem. I'm trying to use openssl to connect to postgres. The
process is not working. When I try to connect using s_client without
any of the postgres bits, I get an error message as follows:
walt...@cat:~$
Hello,
could somebody tell me if it is possible to revoke a certificate which is in
DER format, with the openssl ca command ? Or do I have to convert it to PEM
format first ? I only succeeded to revoke PEM certificates, and I see no
parameter for specifying the format of the certificate file.
Ger
Hi,
Can anybody tell how can I translate Openssl Error code to error description.
I am calling ERR_peak_last_error(). The error code that I am receiving is
b901.
Is this a valid error code. How can I verify it.
Thanks
Tanu
Hi,
I was looking at a few specs and found that the standard primes used for
Diffie-Hellman key exchange or in DSA are not safe-primes
(http://en.wikipedia.org/wiki/Safe_prime).
DH: None of primes in rfc5114 are safe primes
DSA: FIPS-186-3 (page 15) recommends the order of group to be much small
It works with what you suggested. Apache is running on a Linux box.
Is there something to set in Apache to resolve this?
--
Georges-Etienne Legendre, ing. jr
On 29-Jan-09, at 3:56 AM, Victor Duchovni wrote:
On Wed, Jan 28, 2009 at 09:16:18PM -0500, Georges-Etienne Legendre
wrote:
Can yo
Hi,
consider reading the openssl x509 tool's sources
for example, try openssl x509 -purpose wrote:
> Hi all,
>
> Do you know which API could parse pem file of certificate?
>
> Then we could get version/validate/serial number and etc.
>
>
>
> Thanks!
>
>
>
> Regards,
> Leo
_
(First: I'm sorry. I misunderstood something I read in the OpenSSL
documentation. CRLs are always V2 according to RFC5280.)
I have not heard of the ability to specify or process multiple scopes
in OpenSSL; however, have you verified that the CRL Extension "Issuing
Distribution Point" is differen
I think you're trying to assume something that cannot be assumed: you
assume that ALL unexpired CRLs are considered. This is not the case.
As Dominiqué said, only the CRL that has the latest signature time is
considered. This is evident in the name of the file type: Certificate
Revocation *List*.
> > I was under the impression that openssl allows loading multiple CRLs
> > for the same issuer. But, this does not seem to be the case as is
> > proved by using "openssl verify".
> >
> > $ ls -l ./ca/
> > total 24
> > lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb3b6.0 ->
> > cacert.pem
PS a écrit :
Hi All,
I was under the impression that openssl allows loading multiple CRLs
for the same issuer. But, this does not seem to be the case as is
proved by using "openssl verify".
$ ls -l ./ca/
total 24
lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb3b6.0 ->
cacert.pem
On Wed, Jan 28, 2009 at 09:16:18PM -0500, Georges-Etienne Legendre wrote:
> Can you help me out?
>
> When I execute:
> openssl s_client -connect 204.101.57.74:443
>
> I'm getting this error:
> 47620:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type
> is not 01:rsa_pk1.c:100:
>
Can you help me out?
When I execute:
openssl s_client -connect 204.101.57.74:443
I'm getting this error:
47620:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:rsa_pk1.c:100:
47620:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.
Hi Martin,
I have this app running on tomcat + oc4j. The app is designed
using simple j2ee and struts framework. I would like to watch/monitor how
much memory is used per session at any given point of time. Basically i want
to design a jsp just to monitor memory usage per session. If y
23 matches
Mail list logo
