> From: owner-openssl-us...@openssl.org On Behalf Of Mark Bishop
> Sent: Thursday, 15 July, 2010 14:48
> To: openssl-users@openssl.org
> Subject: Certificate Signature Creation
>
> Where can I find out the details on how a signature is created for a
> certificate and how it differs from creating
On Jul 15, 2010, at 6:18 PM, Michael S. Zick wrote:
> Interesting blog.
>
> One quick question on the first linked-to source at the top:
> quote
>memset(plaintext,0,sizeof(plaintext));
>in_len = strlen(ciphertext);
> end-quote
>
> How did you get strlen to ignore any embedded zeros in t
On 7/15/10 11:47 AM, Mark Bishop wrote:
> Where can I find out the details on how a signature is created for a
> certificate and how it differs from creating a signature on a data file?
>
> Is it as simple as running MD5, SHA-1, SHA-256, etc on the cert,
> encrypting the hash with the private key
On Thu July 15 2010, Anthony Gabrielson wrote:
> Hello,
> This seems to be a pretty typical question that gets posted often. I have a
> simple example that I think hits it. Anyway, its the first entry into a blog
> that I'm starting to building up. If your interested the code and (a brief)
> ex
On 7/15/10 7:46 AM, Luis Neves wrote:
> Hello,
>
> Iam using the
> -CAfile /etc/pki/tls/certs/ca-bundle.crt,
> and the CA certificate is appended to this list, shouldnt this work ok?
>
>
> the OCSP responder comes from the lneves.pem certificate itself, so it
> must be ok, I presume
>
> Luis
Just
Steve,
Thanks for reply. It's the answer I was hoping to receive.
No problem on the rant. I can appreciate the point of view.
David
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Steve Marquess
Sent: Thursday, July 15,
Hello,
This seems to be a pretty typical question that gets posted often. I have a
simple example that I think hits it. Anyway, its the first entry into a blog
that I'm starting to building up. If your interested the code and (a brief)
explanation is available here:
http://agabrielson.wordpre
To all,
I am trying to compile OpenSSL with a relative rpath and using origin and I am
running into severe quoting issues. Has anyone successfully compiled OpenSSL in
this manner? Otherwise I'm temped to hardcode it in the Makefile.
Christopher
Hotchkiss_
David Stafford wrote:
What are the issues, if any, with using the "FIPS module" after the
end of 2010 ?
Does the certificate number 1051 become invalid ?
My best guess at this point is that the OpenSSL FIPS Object Module v1.2
(aka the #1051 validation) proper remains usable, as that exact a
Hi,
I am trying to generate a certificate request and was trying to add 'otherName'
type in SubjectAlternate name extension. I have below code to add the otherName.
add_ext(exts, NID_subject_alt_name,
"otherName:1.3.6.1.4.1.311.20.2.3;UTF8:rau...@abc.com");
Is this a right way to add otherName
I'm using the openssl crypto lib first time and I don't know how to encrypt
text larger than blocksize (16 byte) .
For example I want to encrypt a string of size 292 bytes. I call
EVP_EncryptUpdate () one time and 288 bytes will be encrypted and finally I
call EVP_EncryptFinal_ex().
Do I really e
Where can I find out the details on how a signature is created for a
certificate and how it differs from creating a signature on a data file?
Is it as simple as running MD5, SHA-1, SHA-256, etc on the cert,
encrypting the hash with the private key and sticking the results on
the end of the
On Thu, Jul 15, 2010, Luis Neves wrote:
>
> some progress:
>
> openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
> /home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp
> -CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
>
> using CC0003.pem instead of C0002.pem r
some progress:
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
/home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/CC0003.pem -resp_text
using CC0003.pem instead of C0002.pem returns GOOD (will try to check why)
but still returning
More data:
if I use the serial num to query the OCSP responder, it returns "Cert Status:
good",
openssl ocsp -issuer /etc/pki/tls/certs/CC0002.pem -url
http://ocsp.auc.cartaodecidadao.pt/publico/ocsp -CAfile
/etc/pki/tls/certs/ca-bundle.crt -resp_text -serial 0x5FD933E0F2F95D0F
and what Ia
Hello,
Iam using the
-CAfile /etc/pki/tls/certs/ca-bundle.crt,
and the CA certificate is appended to this list, shouldnt this work ok?
the OCSP responder comes from the lneves.pem certificate itself, so it must be
ok, I presume
Luis
> Date: Thu, 15 Jul 2010 14:27:55 +0200
> From: st...@o
On Thu July 15 2010, kai_yang2008 wrote:
> Hi All,
>
> I have encountered a core dump in libssl library which is called by mod_ssl
> in apache product on hpux 11.23 and 11.31 platform.
> The core dump happens when i use O3 to build the openssl while O1 will not
> create this core dump.
> It see
On Thu, Jul 15, 2010, Luis Neves wrote:
>
> openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
> /home/oracle/lneves.pem -url http://ocsp.root.cartaodecidadao.pt/publico/ocsp
> -CAfile /etc/pki/tls/certs/ca-bundle.crt -resp_text
>
> gives this response:
>
>
> OCSP Response Data:
>
openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
/home/oracle/lneves.pem -url http://ocsp.root.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/tls/certs/ca-bundle.crt -resp_text
gives this response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Bas
Hi,
Can someone help me on this error?
Im using apache 2.3 and trying to configure OCSP to validate client
cerificates, but Is not working, and theres this errors on apache error_log:
It seems that Apache is not trusting the OCSP responder response, is that true?
Why not?. what I am doing w
Hi All,
I have encountered a core dump in libssl library which is called by mod_ssl in
apache product on hpux 11.23 and 11.31 platform.
The core dump happens when i use O3 to build the openssl while O1 will not
create this core dump.
It seems that the core dump has something related to the opti
21 matches
Mail list logo
