Re: Is full-duplex socket use possible with OpenSSL?

David Schwartz wrote: Darryl Miles wrote: I do not believe the SSL_write() call is allowed to access the underlying BIO/kernel-socket to read in more data. I think SSL_write() is allowed to process any data already read into buffer (from kernel to OpenSSL library internal buffer) in an attempt

Re: SOLVED: decoding crlDistributionPoints extension

On Oct 25, 2009, at 5:59 PM, Dr. Stephen Henson wrote: It is rather simpler than that. You can get the decoded structure for any certificate extension using X509_get_ext_d2i(). You get additional checks that way such as seeing if the extension occurs more than once. True enough, this redu

Re: Subject Issuer Mismatch Bug!!

2009/10/25, Dr. Stephen Henson : > On Sun, Oct 25, 2009, Daniel Marschall wrote: > > > Hello. > > > > I have a problem with verification of certificates. > > > > My command line is: > > > > openssl verify -verbose -issuer_checks -crl_check_all -CAfile > > tmp_cachain.pem daniel-marschall.crt > > >

Re: Subject Issuer Mismatch Bug!!

On Sun, Oct 25, 2009, Daniel Marschall wrote: > Hello. > > I have a problem with verification of certificates. > > My command line is: > > openssl verify -verbose -issuer_checks -crl_check_all -CAfile > tmp_cachain.pem daniel-marschall.crt > Do you get an error without -issuer_checks? As the

Re: SOLVED: decoding crlDistributionPoints extension

On Sun, Oct 25, 2009, Carl Harris wrote: > On Oct 25, 2009, at 2:57 PM, Carl Harris wrote: > >> I'm looking for an example of decoding the crlDistributionPoints >> extension; e.g. obtaining the specified URI (assuming that the value >> specifies a URI, that is). This seems like it should be eas

Subject Issuer Mismatch Bug!!

Hello. I have a problem with verification of certificates. My command line is: openssl verify -verbose -issuer_checks -crl_check_all -CAfile tmp_cachain.pem daniel-marschall.crt The tmp_cachain.pem file is a conclusion of all root and intermediate certificates + their CRLs. (Mh... the trick wit

Re: SOLVED: decoding crlDistributionPoints extension

On Oct 25, 2009, at 2:57 PM, Carl Harris wrote: I'm looking for an example of decoding the crlDistributionPoints extension; e.g. obtaining the specified URI (assuming that the value specifies a URI, that is). This seems like it should be easy. By digging around in the archives of this lis

decoding crlDistributionPoints extension

I've looking for an example of decoding the crlDistributionPoints extension; e.g. obtaining the specified URI (assuming that the value specifies a URI, that is). This seems like it should be easy. By digging around in the archives of this list, I've been able to figure out I can get the A

Re: finding out cipher name

>> is there a way, given an EVP_CIPHER, to find out the human-readable >> cipher name? >> > > Try EVP_CIPHER_name(cipher) . Thanks, this works! Taking it further, is there a similar function for EVP_PKEY_METHOD? Misha __ Op

How to decrypt an encrypted private key from a X509_PKEY structure

Hi, How to decrypt an encrypted private key from a X509_PKEY structure? Is there some API for this purpose or some example I should look at? Thanks, -- Arno Garrels __ OpenSSL Project http://www.