On Tue, Jun 08, 2010, Jason Fister wrote:
> Stephen,
> Thanks for your solution.
>
> >Well I'd add the BIG disclaimer that will NOT work in future when OpenSSL
> >structures are made opaque and almost certainly will fail if you have an
> >ENGINE.
>
> Understood. I am new to openssl and I am rea
Hi Jeff,
> -Original Message-
> From: Jeffrey Walton
>
> > As long as the bad guy doesn't compromise your private key, he
> > won't be able to impersonate any of your hosts, wildcard
> > cert or not.
>
> What happens in the case of a web farm behind a proxy or load
> balancer, where the fo
Hi Patrick,
> As long as the bad guy doesn't compromise your private key, he
> won't be able to impersonate any of your hosts, wildcard cert or not.
What happens in the case of a web farm behind a proxy or load
balancer, where the forward facing host does SSL (perhaps through an
accelerator)?
Jef
Stephen,
Thanks for your solution.
>Well I'd add the BIG disclaimer that will NOT work in future when OpenSSL
>structures are made opaque and almost certainly will fail if you have an
>ENGINE.
Understood. I am new to openssl and I am reading up about 'ENGINE's in
openssl. When you say it will fa
We are planning to use the Openssl for HTTPS connection for one of our
requirement.
So is there anything like License version of the openssl; or we need to
refer the license provided at
http://www.openssl.org/source/license.html.
http://www.openssl.org/source/license.html.
--
View this messa
On Mon, Jun 07, 2010, Subra Aswathanarayanan wrote:
> Steve/Victor,
>
> >You mean you want to do:
> >SHA1(A)
> >and later do:
> >SHA1(A || B)
> >without including A again?
>
> That is correct. Thats exactly what I want to do.
>
> >You need to serialize, save and restore the intermediate state o
On Tue, Jun 08, 2010, Arunkumar Manickam wrote:
>
> When will an ocsp responder respond with "unauthorized error" for a ocsp
> request. It is an windows server 2008 machine.
>
Well when, for some reason, the rsponder doesn't like the requestor. This
could be, for example, because it is expectin
On Tue, Jun 08, 2010, Bruce Stephens wrote:
> decoder writes:
>
> [...]
>
> > Ok, so what I am currently doing is something like
> >
> > asndata = ASN1_OCTET_STRING_new();
> > ASN1_OCTET_STRING_set(asndata, myData, myLength);
> >
> > and then I add asndata to an extensio
On Tue, Jun 08, 2010, Christian Hohnstaedt wrote:
> On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote:
> > Hi All,
> >
> > I am trying to crack open a certificate and print out the start and
> > expire dates to a debug log message.
>
> Just for printing I suggest:
>
> int ASN1_TI
decoder writes:
[...]
> Ok, so what I am currently doing is something like
>
> asndata = ASN1_OCTET_STRING_new();
> ASN1_OCTET_STRING_set(asndata, myData, myLength);
>
> and then I add asndata to an extension I create:
>
> ex = X509_EXTENSION_create_by_NID( NU
Hi,
When will an ocsp responder respond with "unauthorized error" for a ocsp
request. It is an windows server 2008 machine.
Thanks,
Arun
Hi,
> Hex encoding surely ought to increase the size by a factor of exactly 2?
> (Plus a few bytes for the tag and length.)
>
2 is correct without the colon but the OpenSSL function I use adds them.
Of course you are right, it would be possible with 2 :)
> An extension has an OID, a criticality
Hi Jeff,
thanks for responding, but see my comments below.
> -Original Message-
> From: Jeffrey Walton
>
> Hi Patrick,
>
> >> can you please elaborate on where you see a security drawback
> >> in the attack scenario you mentioned when using wildcard
> >> certs over non-wildcard certs?
> P
On Mon, Jun 07, 2010 at 08:02:22PM -0500, Dallas Clement wrote:
> Hi All,
>
> I am trying to crack open a certificate and print out the start and
> expire dates to a debug log message.
Just for printing I suggest:
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
Cheers
Christian
___
decoder writes:
[...]
> Now the problem is that I am almost hitting the maximum size of the
> certificate (the practical limit seems to be around 15-16 kb) and I'd
> like to know if hex encoding is really necessary or if I can simply
> include the data directly without violating any standards (a
Hey I'm using this code to verify my PKCS#7 signed object and extract it from
the S/MIME
This code works perfectly if I test it with boost and send a mock SMIME to it.
This mock up is generated with OpenSSL.
But I'm trying to verify a S/MIME with the same structure that has been
generated by Bo
Hey,
I'm not extracting the start or end date but the domain name maybe this piece
of code could help :
I'm extracting the certificate from a PKCS#7 object but if you already have the
X509 it shouldn't be a problem.
I think you should take a look at X509_NAME_get_index_by_NID in de second if.
X
Steve/Victor,
>You mean you want to do:
>SHA1(A)
>and later do:
>SHA1(A || B)
>without including A again?
That is correct. Thats exactly what I want to do.
>You need to serialize, save and restore the intermediate state of
>the digest before you call "final" if you need to be able to append
>mor
18 matches
Mail list logo
