On Fri, February 15, 2013 07:07, Matthew Hall wrote:
> On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote:
>> Hello,
>>
>> can someone, please tell me, how to generate a certificate
>> that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
>>
>> Thanks,
>> Walter
>
> Hi Walter,
>
>
On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote:
> Hello,
>
> can someone, please tell me, how to generate a certificate
> that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
>
> Thanks,
> Walter
Hi Walter,
We could help better if we understood what's not working for you a
Hello,
can someone, please tell me, how to generate a certificate
that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
Thanks,
Walter
__
OpenSSL Project http://www.openssl.org
User Supp
Thanks for the quick reply Joe. I am definitely interested in seeing your
example, I've been unable to find many DTLS examples at all and certainly
none that use an alternative transport mechanism.
Also, have you taken into account the timer for dropped session
initialization messages? I'm guessin
On Thu, 14 Feb 2013, Tom Cocagne wrote:
I've seen examples where BIO pairs are used send SSL traffic over
application-controlled data streams instead of using raw file
descriptors. Is this possible with DTLS as well?
Yes, that's what I'm doing. It seems to work perfectly as long as no
packet
I've seen examples where BIO pairs are used send SSL traffic over
application-controlled data streams instead of using raw file
descriptors. Is this possible with DTLS as well?
Tom
__
OpenSSL Project
On Thu, Feb 14, 2013, Joel Dice wrote:
> Hi all,
>
> I've been experimenting with the DTLS support in OpenSSL recently
> and discovered that my application was receiving garbage plaintext
> when packets were lost or reordered. Closer inspection suggested a
> possible cause: I was only enabling c
Hi all,
I've been experimenting with the DTLS support in OpenSSL recently and
discovered that my application was receiving garbage plaintext when
packets were lost or reordered. Closer inspection suggested a possible
cause: I was only enabling cipher suites which either used stream ciphers
l
On Thu, Feb 14, 2013 at 11:55:59AM -0800, Matthew Hall wrote:
> I used this configuration file:
>
> [req]
> default_bits = 4096
> prompt = no
> encrypt_key= no
> default_md = sha256
> distinguished_name = dn
> req_extensions = san
>
> [dn]
> [san]
> subjectAl
On Thu, Feb 14, 2013 at 05:37:00AM +, Viktor Dukhovni wrote:
> On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
> A more complete example:
>
> $ cat openssl.cnf
> [ req ]
> distinguished_name = dn
> req_extensions = san
> [ dn ]
> [ san ]
> subjectAl
Hi Erwann,
On Thu, Feb 14, 2013 at 11:09:23AM +0100, Erwann Abalea wrote:
> RFC5280 was not "written by the CAs themselves".
Some of them are listed in the authorship; they also reference 5280 and other
PKI RFCs in their standards they created as part of the CAB Forum and the
Webtrust auditing
On 02/13/2013 06:58 PM, Zeke Evans wrote:
> Hi,
>
> Building the FIPS module on sparc 64-bit is generating a 32-bit
> binary. The following message is in the output:
>
> WARNING! If you wish to build 64-bit library, then you have to
> invoke './Configure solaris64-sparcv9-cc' *m
On Thu, Feb 14, 2013 at 5:12 AM, Gayathri Manoj
wrote:
> Hi All,
>
> Please let me know if openssl version 1.0.0 is fips compliant?
http://www.openssl.org/docs/fips/UserGuide-2.0.pdf
__
OpenSSL Project
RFC5280 was not "written by the CAs themselves".
The deprecation of CNs in favor of elements found in the SAN extension
is logical and comes from CAs as well as browser vendors; CN use has
been abused to contain names (human readable), IP addresses, and host
names (either simple or fully quali
14 matches
Mail list logo
