> Do roughly the same thing apps/ca.c does, except you probably don't
> need all its options but may want some other options:
>
> Create an X509 and set all needed X509_CINF fields in that X509
> to values that you either extract from the X509_REQ and approve,
> or choose by your own logic (serial
> From: owner-openssl-us...@openssl.org On Behalf Of Saurabh Pandya
> Sent: Thursday, 26 July, 2012 02:52
> demos/x509/mkcert.c approach:
> I understood that I dont need to create Certificate
> signing request (CSR) and I can directly create
> X509 *My_cert ,
>and sign it with m
>From: owner-openssl-us...@openssl.org On Behalf Of Hasan, Rezaul (NSN -
US/Arlington Heights)
>Sent: Thursday, 26 July, 2012 12:02
>I have created a self-signed CA certificate, a Client certificate and a
>Server certificate. I signed the Client and Server certificates with
>the self-signed CA c
On Wed, Jul 25, 2012, Fili, Tom wrote:
> I'm trying to setup my application to allow for the use of client
> certificates. I am using the capi engine to pull from the Windows store.
>
> I setup my ssl connection and it works fine if I set the correct
> certificate using SSL_CTX_use_certificate_AS
I need to figure out which client certificates are issued by valid CAs
(according to the server).
I set a callback with SSL_CTX_set_client_cert_cb
In the callback I get the list of CAs from the server with
STACK_OF(X509_NAME) *pX509Names = SSL_get_client_CA_list(ssl)
Now I have a li
On Thu, Jul 26, 2012, Cristiano Toninato wrote:
> This simple test program should print always the same result, but
> with openSSL 0.9.8o and gcc 4.5.2 output is
>
> From http://www.schneier.com/code/vectors.txt, cipher bytes should
> be 51866FD5B85ECB8A
> Test BF_ecb_encrypt(): 51866FD5B85ECB8A
Hi all, I am a C++ developer, and I need an implementation of blowfish
encoding under linux.
Everything seems working well if using BF_ functions, but I found some
problems with EVP_bf interface, using key shorter than 128 bits.
This code exemplify the problem.
#include
#include
#include
#in
Hi All,
I have created a self-signed CA certificate, a Client certificate and a
Server certificate. I signed the Client and Server certificates with the
self-signed CA certificate and placed all certs in the appropriate
locations. Then attempted to create an SSL connection with 'openssl
s_clien
Apologies, this thread is a duplicate of the one Dr. Henson is already
responding to. The authentication system made it unclear whether or
not my original question would post yesterday. Please do not respond
to this thread.
Cassie
___
> What platform is the target system?
cat /etc/*-release: RHEL Server 5.5 (Tikanga)
uname -mrs: Linux 2.6.18-194.el5 x86_64
Build system specs are the same as these.
> After you build the validated module do this:
>
> make build_algvs
>
> This should build an fips_algvs binary in the test direct
On Thu, Jul 26, 2012 at 7:56 AM, Ted Byers wrote:
> On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel
> wrote:
>>
>> Also make sure to check out OpenXPKI (http://www.openxpki.org/)
And I just found
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
which looks very promising. It is well documen
On Wed, Jul 25, 2012, Cassie Helms wrote:
> Hi folks,
> I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
> libssl.so) into my product's build, but still get a "fingerprint does not
> match"
> error when I call FIPS_mode_set(1). This is using a validated copy of FIPS
>
On Thu, Jul 26, 2012 at 4:45 AM, Marco Molteni (mmolteni) <
mmolt...@cisco.com> wrote:
> Hi,
>
> there are two open source CA systems I am aware of, although I haven't
> tried them out.
>
> I think they can be a good starting point instead of doing everything from
> scratch :-)
>
> http://pki.fedo
On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel <
florian.ruec...@ruhr-uni-bochum.de> wrote:
> On 26.07.2012 12:57, Tom Browder wrote:
>
>> On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
>> wrote:
>>
>>> Hi,
>>>
>>> there are two open source CA systems I am aware of, although I haven't
Yes it is independent and what I meant is that It is either one and I doubt
you one to go for such hybrid to be consistent and for key provisioning.
Actually ECDSA or ECC is another efficient crypto also worth exploring.
Overall it is up to you how you will want to make it operational efficient.
On Thu, Jul 26, 2012 at 6:20 AM, Florian Rüchel
wrote:
...
> Also make sure to check out OpenXPKI (http://www.openxpki.org/)
Now that looks much better!
Best regards,
-Tom
__
OpenSSL Project http
On Thu, Jul 26, 2012 at 5:57 AM, Tom Browder wrote:
> On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
> wrote:
>> Hi,
>>
>> there are two open source CA systems I am aware of, although I haven't tried
>> them out.
>>
>> I think they can be a good starting point instead of doing everyth
On 26.07.2012 12:57, Tom Browder wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
wrote:
Hi,
there are two open source CA systems I am aware of, although I
haven't tried them out.
Also make sure to check out OpenXPKI (http://www.openxpki.org/)
_
Hello Stephen,
On using the suggestion provided by you , got the following output snippet
It shows extusage->data Empty.
Regards,
Puneet
On Wed, Jul 25, 2012 at 4:01 PM, Dr. Stephen Henson wrote:
> On Wed, Jul 25, 2012, Puneet Khunteta wrote:
>
> > Hello,
> >
> > I am an user of openssl libra
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
wrote:
> Hi,
>
> there are two open source CA systems I am aware of, although I haven't tried
> them out.
>
> I think they can be a good starting point instead of doing everything from
> scratch :-)
>
> http://pki.fedoraproject.org/wiki/P
Same Status !!
Regards,
Puneet
On Thu, Jul 26, 2012 at 2:49 PM, Saurabh Pandya
wrote:
> On 7/26/12, Puneet Khunteta wrote:
> > Hello Sukalp,
> >
> > I have tried to use the code snippet provided by use . I am able to
> create
> > the ASN_object and get the data also.but the data is not in readab
On 7/26/12, Puneet Khunteta wrote:
> Hello Sukalp,
>
> I have tried to use the code snippet provided by use . I am able to create
> the ASN_object and get the data also.but the data is not in readable form.
>
> I use X509 instead of X509V3.
>
> Here is the code that i have used :
>
> *Ret = X509_g
Hi folks,
I have a FIPS capable OpenSSL library, where libcrypto.so and libssl.so get
linked into my product during build. I'm using FIPS 2.0 and OpenSSL 1.0.1c.
To the best of my knowledge, on the build machine I can do the following:
for fips, I call
./config
make
make install
where I give inst
I'm trying to setup my application to allow for the use of client
certificates. I am using the capi engine to pull from the Windows store.
I setup my ssl connection and it works fine if I set the correct
certificate using SSL_CTX_use_certificate_ASN1 &
ENGINE_load_private_key.
>From what I've rea
Hi,
there are two open source CA systems I am aware of, although I haven't tried
them out.
I think they can be a good starting point instead of doing everything from
scratch :-)
http://pki.fedoraproject.org/wiki/PKI_Main_Page
http://openca.org/projects.shtml
marco
PS: Adding a Subject line h
Hello Sukalp,
I have tried to use the code snippet provided by use . I am able to create
the ASN_object and get the data also.but the data is not in readable form.
I use X509 instead of X509V3.
Here is the code that i have used :
*Ret = X509_get_ext_by_NID(cert, field_NID, 0);
if ((Ret
26 matches
Mail list logo
