Thank you, Joshua. It works now.
It turns out that there are 4 certificates in the chain:
1) Class 3 Public Primary Certification Authority
2) VeriSign Class 3 Public Primary Certification Authority – G5
3) VeriSign Class 3 Extended Validation SSL SGC CA
4) www.verisign.com
But it is strange th
Hello,
> Also, there are already cross-platform C++ "wrappers" around OpenSSL, for
> example QtNetwork (QSslSocket) and POCO (the Crypto
> package)(http://pocoproject.org/).
It's more about the crypto side of OpenSSL, thanks. I'll abandon my project if
POCO can be what I need (I will rewrite
On 6/4/2012 10:28 PM, Christian Hohnstaedt wrote:
> Hi Joshua,
>
> On Mon, Jun 04, 2012 at 04:13:24PM -0700, Joshua Bowman wrote:
>> As the subject asks, is there any way to generate a config file from an
>> existing certificate? Either built into openssl or via third-party tool.
>
> XCA shows th
Sorry, I coped in the wrong cert by mistake, but the right serial number.
-BEGIN CERTIFICATE-
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
M
It's not self-signed, it's signed by a cert without the " - G5" at the end.
Serial #
70:BA:E4:1D:10:D9:29:34:B6:38:CA:7B:03:CC:BA:BF, here's the full cert:
-BEGIN CERTIFICATE-
MIIExjCCBC+gAwIBAgIQNZcxh/OHOgcyfs5YDJt+2jANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu
Hi Joshua,
On Mon, Jun 04, 2012 at 04:13:24PM -0700, Joshua Bowman wrote:
> As the subject asks, is there any way to generate a config file from an
> existing certificate? Either built into openssl or via third-party tool.
XCA shows the x509v3 extensions additionally as openssl config file snippe
Hi Joshua,
Can you say what concrete root CA I must add to my file
trusted_root_certs_of_CAs.pem? What serial number?
I see in many browsers(FireFox, Opera, IE) the certificate's chain consists of
only 3 certificates:
1) VeriSign Class 3 Public Primary Certification Authority – G5
2) VeriSign C
Hi Vladimir,
Use the actual root CA instead (i:/C=US/O=VeriSign, Inc./OU=Class 3 Public
Primary Certification
Authority) and you'll see it works. You can save it with a web browser, the
-showcerts options,
or it is also be bundled as a root cert in all modern OSes. The others aren't
the root ce
wow this is pretty awesome you should give it a look
http://www.finance15dynews.net/biz/?read=9799495
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Tuesday, 29 May, 2012 03:34
> On 5/27/2012 2:29 AM, Jeremy Farrell wrote:
>
> Note that when considering portability, C99 is not yet
> fully implemented everywhere, so when I say "ANSI C"
> without qualification, I generally
>From: owner-openssl-us...@openssl.org On Behalf Of al so
>Sent: Monday, 04 June, 2012 14:48
>Does it look for client cert chain by default in the home dir?
>Looks like it's due to mutual authentication setup?
s_client looks for client-auth key&cert only where you tell it
using the comm
wow this is crazy check it out http://www.finance15elnews.net/biz/?page=7115048
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Auto
wow this is awesome give it a look
http://www.finance15cinews.net/biz/?employment=0410777
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@opens
As the subject asks, is there any way to generate a config file from an
existing certificate? Either built into openssl or via third-party tool.
I'm having a lot of trouble getting the syntax right for some extensions
that use LDAP URIs, and I haven't found a good answer (but many questions
and mis
I've got a project ( https://github.com/zackw/moeller-ref ) which does
a bunch of elliptic curve operations against custom curves, using the
OpenSSL and/or Crypto++ low-level APIs (two parallel implementations
of the same asymmetric cryptosystem). One function in each
implementation performs decry
Does it look for client cert chain by default in the home dir?
Looks like it's due to mutual authentication setup?
On Mon, Jun 4, 2012 at 4:24 AM, Eisenacher, Patrick <
patrick.eisenac...@bdr.de> wrote:
> > From: al so
> >
> > openssl s_client -showcerts -connect :443
> > CONNECTED(0003)
> >
Please help me to understand more about "SELF SIGNED CERTIFICATES".
Do Self-Signed certificates have to signed at all by its own CA ?? Do we have
to generate CSR for each client ?? If they do, What is the best way to create
"Self-Signed Cert" ?? Either
1. Each client is its own CA
a. /
some new line -> CRLF conversion may have hit.
On 06/04/2012 04:29 PM, Ken Goldman wrote:
A typical openssl user error is treating binary data as text. Random
numbers are not text until you convert them with -hex.
My guess is that Windows is treating some binary character specially,
and this
A typical openssl user error is treating binary data as text. Random
numbers are not text until you convert them with -hex.
My guess is that Windows is treating some binary character specially,
and this causes your version of wc to fail. Linux is handling the
binary correctly. So I doubt it
Hello Mr. RIHAN,
You should find some clues searching around OBJ_NAME_do_all_sorted()
or looking at apps/enc.c, crypto/evp/names.c, crypto/objects/o_names.c.
Good luck.
Le 03/06/2012 09:00, Adnan RIHAN a écrit :
Hello again!
Nobody knows ?
--
Le jeudi 31 mai 2012 à 17:03, Adnan RIHAN a écrit
Hi,
I would start from the command-line utility "openssl list-cipher-algorithms"
and follow the source code to see which functions it calls.
See the manual page (man openssl) for some other command-line options in the
same spirit that might be useful.
Also, there are already cross-platform C++
I understand that this function deals with big numbers and this could
possibly explain the extra CPU usage on a 32 bit system. Is moving to
a 64 bit system the only option?
Regards,
Sudarshan
On Mon, Jun 4, 2012 at 2:57 PM, Sudarshan Raghavan
wrote:
> While running a CPS test of 330 connections
> From: al so
>
> openssl s_client -showcerts -connect :443
> CONNECTED(0003)
> depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International
> Server CA - Class
> 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
> verify error:num=20:unable to get local is
Yep, from X509_verify_cert() source code I think it will work correctly
without main CA if your certs are self signed -- when verifying, OpenSSL
just builds a certificate chain ending with a trusted self-signed cert:
- on server you need to load all clients certs with
SSL_CTX_load_verify_locati
Thanks again...
In my case I am using "SELF SIGNED CERTIFICATES", totally eliminating
CA. So, is it possible to check both sides without a CA?
Thanks for your help
Lloyd
On Mon, Jun 4, 2012 at 3:45 PM, Alexander Komyagin wrote:
> If you need checks on both sides, both client and server s
If you need checks on both sides, both client and server shall have
loaded their own certificates (private/public keys) and some CA
certificate(s) to be verified against.
SSL_CTX_load_verify_locations() loads locations where CA certs are
stored.
Take a look at
http://www.openssl.org/docs/ssl/SSL_
Thanks Alexander Komyagin,
So it means in mutual authentication mode also, each client and server
need only to load its only private key and public key. During SSL
handshake the SSL protocol will share the public keys of each other?
Then whats the use of "SSL_CTX_load_verify_locations()" API?
In
Hi, Lloyd!
If you are establishing SSL connection between client and server, and
SSL_VERIFY_PEER flag is set, AFAIK server will ask for client
certificate during SSL handshake phase.
So why do you need to load clients certs manually?
On Mon, 2012-06-04 at 11:06 +0530, Lloyd wrote:
> Hi,
>
> We
28 matches
Mail list logo
