Yeah, I realized that. I changed things to include an AKID if the issuer has a
SKID, and the issuer's issuer's subject DN and issuer's serial number if not.
Got it all working finally, once I had the proxy chain it's intermediate CA.
(When it wasn't doing this, I thought to try to add it to the
Hello,
as I can see from code you first set readBIO and writeBIO to
socket(scktUpstream ) and that makes TLS negotiation to succeed. Later you
set SSL readBIO to mem_bio, and writeBIO to NULL and then try to use
writeBIO ( calling SSL_write) - sure it will fail. During negotiation do you
receive se
Greetings,
I am in the process of converting an SMTP/TLS server to use Async IO.
(using IO Completion Ports on Windows)
As such, the previously working style of using SSL_accept, select, and
SSL_read / SSL_write is no longer sufficient.
Now that I am using WSARecv to do the read, my app is notifie
I'm building OpenSSL 0.9.8e on AIX 64-bit. Following 2 commands work fine.
./Configure -lpthreads aix64-gcc -maix64 --prefix=/usr/local/ssl/
--openssldir=/usr/local/ssl/
make
make test
fails with following end remarks:
__
OpenSSL
I did not find a place to start a new thread. Sorry for writing a problem in
reply
I'm building OpenSSL 0.9.8e on AIX 64-bit. Following 2 commands work fine.
./Configure -lpthreads aix64-gcc -maix64 --prefix=/usr/local/ssl/
--openssldir=/usr/local/ssl/
make
make test
fails with following end rem
Dear Romek,
thank you for your answer. I don't have any experience with IIS and
certificates yet.
All I know that the CSR generated on 2003 works, on 2008 it does not.
Additionally, the all work with the Windows Server CA (phew, who would have
thought that *eg*).
Kind Regards,
Jens
-Ursprü
On Thu, Mar 12, 2009, Rene Hollan wrote:
> True, but (a) it doesn't hurt to have both, and (b) if the issuer
> doesn't have a SKID, AKID issuer/serial takes the place of an AKID
> keyid.
>
The disadvantage is that if you want to support more than one intermediate CA
(cross certification for exa
On Thu, Mar 12, 2009, Rene Hollan wrote:
> Yup. That fixed it.. At least as far as openssl verify -CAfile
> cacert.pem -untrusted intcert2.pem yahoo-x.pem goes.
>
> Oddly, firefox still rejects the end cert, even though both cacert.pem
> and intcert2.pem are in it's trust store. Is it possible t
Hi,
i'm using the fine how-to from http://www.eclectica.ca/howto/ssl-cert-howto.php
now for years without problems.
It's on Debian Etch, openssl version is OpenSSL 0.9.8c 05 Sep 2006:
saruman:~# dpkg -l |grep openssl
ii openssl 0.9.8c-4etch4Secu
Yeah, I appreciate that.
What I can't see in the docs is how the key and IV is defined from the
password and if I can do that without calling the openssl enc call. If the
key and IV were from an md5 then I could do "echo '1234' | openssl md5".
But it isn't md5 and I can't figure out what it is.
Actually, in addition to the last link I gave,
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/31fe9768dcb00b2c/7fab610c48b40a9c?#7fab610c48b40a9c
has a link to the entire thread (which includes a couple more
questions and answers).
http://is.gd/n9o4 is a short redirect
11 matches
Mail list logo
