The follow code works.
void cert(void)
{
RSA *pair;
int err;
printf("Making a key pair for new cert, please wait, this could take a
minute...\n");
pair = RSA_generate_key(2048,35,NULL,NULL);
if (pair == NULL){
err = ERR_get_error();
printf("Error = %s\n",ERR
OpenSSL 1.0.0-beta3 July 2009
I have compiled the mkcert.c example in the distrubtion with the MD library on
Win XP using VCStudio NET and it still crashes. I also included the applink.c.
Unhandled exception at 0x10001d36 in mkcert.exe: 0xC005: Access violation
writing location 0x100fa020.
Chase Douglas wrote:
> I'm reading the actual X.509 (03/2000) specification and it refers to
> a subjectPublicKeyInfo field. Is this what you are meaning by
> "subjectKeyIdentifier"?
These fields are not useful because they are not required to be hashes of
the public key. You should use a hash o
Kyle Hamilton wrote:
> Dave S, I wish that you would read the entire message and maybe clear
> your system of a bit of the current X.509 FUD kool-aid. This is
> "person to his own server at home". This does not require any kind of
> third-party reference (asking someone else to introduce your c
I would like to get a clarification.
"Hypothetically speaking, if the OpenSSL FIPS Module 1.2
was built on a Linux kernel 0.94 on an i386 with gcc 2 and following
the security policy precisely, the FIPS module is valid on all Linux
x86 systems.)"
If the target platform is running with
Hi,
I am trying to setup subjectAlNames in openssl.cnf
I created a copy of usr_cert and named it srv_cert
in this section I added the subjectAltNam.
With the req I specified -reqopts srv_cert the resulting certificate does
not contain the subjecLAltName.
I'm not sure what additional settings I need
> This is an SSH-like scenario (meaning, the subject is already known to
> the principal, who has made a choice to use the services provided by
> that subject). Instead of trying to display the contents of a
> self-signed webserver certificate, the only thing that you can really
> truly verify is
Dave S, I wish that you would read the entire message and maybe clear
your system of a bit of the current X.509 FUD kool-aid. This is
"person to his own server at home". This does not require any kind of
third-party reference (asking someone else to introduce your computer
to you? That's a waste
FIPS validation is basically a blessing from a High Priest Of The
CMVP. If anything changes from what was blessed, the blessing goes
away, unless the changes are blessed by the same or another High
Priest. Knowing that, the following answers are obvious.
1) They don't. The FIPS module only impl
Hello,
I have a few questions about the FIPS module.
1) The current version of OpenSSL FIPS Module is 1.2. It is based on 0.9.8e
and 0.9.8f of standard OpenSSL. The latest stable version is 0.9.8k. How are
fixes get into validated FIPS module?
2) The current procedure suggests that
Chase Douglas wrote:
> I am developing an iPhone app that will incorporate SSL for encryption
> of network communication. The encrypted connection will be between
> average users and their home servers. Most of the time I envision
> people having SSL certificates that cannot be validated with the
I am developing an iPhone app that will incorporate SSL for encryption
of network communication. The encrypted connection will be between
average users and their home servers. Most of the time I envision
people having SSL certificates that cannot be validated with the
default iPhone root certificat
Raghunath Santhanam wrote:
> Hi,
> I need APIs which can
> 1) sign the message using a key
> 2) verify the same using the same key.
> Let me know if it is available.
Must it always be impossible to be able to verify without being able to
sign? Is that a design requirement?
To clarify, you want
Raghunath Santhanam wrote:
Hi,
I need APIs which can
1) sign the message using a key
2) verify the same using the *same *key.
Let me know if it is available.
Raghunath
For the signature verification you can use the following API:
o EVP_VerifyInit_ex to init an EVD_MD_CTX structure with a k
14 matches
Mail list logo
