> From: owner-openssl-us...@openssl.org On Behalf Of Ryan Pfeifle
> Sent: Monday, 14 March, 2011 19:08
> To: openssl-users@openssl.org
> Subject: TLSv1 Clients cannot connect to my server
>
> (I do not see my original post in the archives, and no one
> replied to my re-post, so I am re-posting ag
Hello,
when I verify an intermediate certificate of a CA I get the message that
the certificate has expired. But that seems not to be right.
I use OpenSSL 1.0.0d on Fedora Linux.
Here is what I have done (comment lines begin with '#'):
>>>
mkdir /tmp/Test
cd /tmp/Test
# get the root certificate
On Tue, Mar 15, 2011, Jeff Saremi wrote:
> I seriously need help with this piece. I searched the forum and I could
> not find what i was looking for.
> During an SSL handshake, I need to be able to examine the CRL
> distribution points on a certificate (chain), download them, and pass
> them along
Here are some more interesting points that I'm banging my head against
the wall until I find the answer:
- Overwriting get_crl forces you to provide your own CRL checking logic
as well. Specifically two things need to be set during this check which
are required witin check_cert():
a) score of this
Hi Jeff:
If you are looking for a solution that not only handles CRL but OCSP as well,
you might want to check out Pathfinder:
http://www.carillon.ca/tools/pathfinder.php
It allows you to easily add a custom callback to the _verify() routines that
will enable all of this. It also does caching
On Tue, Mar 15, 2011, dhoward wrote:
>
> I am currently trying to compute an ECDSA signature with SHA256. I am using
> ECC keys with a field size of 233 bits (specifically the sect233r1 curve).
> Despite my efforts, Openssl insists on using SHA1 instead of SHA256. The
> call I am using is:
>
> X
I am currently trying to compute an ECDSA signature with SHA256. I am using
ECC keys with a field size of 233 bits (specifically the sect233r1 curve).
Despite my efforts, Openssl insists on using SHA1 instead of SHA256. The
call I am using is:
X509_sign(cert, *issuer_privkey, EVP_get_digestbyname
I seriously need help with this piece. I searched the forum and I could
not find what i was looking for.
During an SSL handshake, I need to be able to examine the CRL
distribution points on a certificate (chain), download them, and pass
them along to OpenSSL for further revocation checks.
I thought
(I do not see my original post in the archives, and no one replied to my
re-post, so I am re-posting again...)
I have a custom-written SSL server that TLSv1 clients are not able to connect
to it. The TLSv1 handshake is failing with an SSL_R_NO_SHARED_CIPHER error. I
have a TLSv1 client using
Hello,
Is there a call or at least a clean way (without violating abstraction rules)
to get all certificates contained in an X509_STORE object?
My store uses hash/directory scheme but this should really be irrelevant if I
do things in terms of the API. I could scrape the directory myself but i
10 matches
Mail list logo
