RE: Openssl server certificates validation error

2013-01-21 Thread Hazrat Shah
With "openssl s_client -connect yourhost:port -CAfile xx.cert" I am getting error 21. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, January 21, 2013 6:34 PM To: openssl-users@openssl.org Subject:

Verify Failing for some CA's with 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, Cert in question is in the store.

2013-01-21 Thread David Hinkle
So I've got my ssl client working pretty well. It does great with most websites, but some of them it doesn't verify the certificate chain for, returning the above error. The CA root cert in question is in the certificate store, and the server isn't actually sending the root so I'm pretty sure th

RE: Openssl server certificates validation error

2013-01-21 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Hazrat Shah > Sent: Friday, 18 January, 2013 20:02 > Pls, see my comments below. > > -Original Message- > From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson > Sent: Friday, January 18, 2013 7:55 PM > To: openssl-users@open

RE: no OpenSSL_Applink in Custom Windows Credentials Provider

2013-01-21 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of PA3MEP > Sent: Sunday, 20 January, 2013 11:13 > I`am creating a Custom Credentials Provider for Windows 7/8, > which uses > axis2c library with openSSL support to communicate with SOAP > service, which > provides authentification information.

RE: how to (more manually) verify signature in SignedData ?

2013-01-21 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of kapetr > Sent: Monday, 21 January, 2013 05:27 > I'm trying to manually verify signature in some SignedData > ASN.1 structures, which is used in most cases in signature - > e.g. S/MIME, Timestamps, ... using x.509 certificates. > > Lets see th

Re: Cert in DNS (DANE, DNSSEC) and OpenSSL

2013-01-21 Thread koichi sugimoto
I'm afraid that implementing DANE cause new certification vendor not to come into the market. - SUGI 2013/1/10 Bry8 Star > It would be great to see/know what can be used to enable DANE > support in OpenSSL. > > Those who are interested in bit more info on > > DANE (and related) : > > https://da

Re: Can I build the FIPS module with /MT?

2013-01-21 Thread Jakob Bohm
On 1/21/2013 1:29 AM, Jeffrey Walton wrote: On Sun, Jan 20, 2013 at 6:51 PM, wrote: On 18-01-2013 20:26, Jeffrey Walton wrote: On Fri, Jan 18, 2013 at 11:01 AM, Memmott, Lester wrote: All modern Versions of Microsoft's C Runtime are thread safe. That occurred around Visual Studio 6.0 (cir

how to (more manually) verify signature in SignedData ?

2013-01-21 Thread kapetr
Hello, I'm trying to manually verify signature in some SignedData ASN.1 structures, which is used in most cases in signature - e.g. S/MIME, Timestamps, ... using x.509 certificates. Lets see this example: -in file.tsr is Time Stamp reply - it contains SignedData structure (at byte 9 offset) w