I have a need to sign an X509 certificate outside openssl, using a
hardware security module.
1 - I have to first hash the certificate.
I discovered X509_digest(), which is not documented. Is it the correct
function?
I also found ASN1_item_i2d() to serialize the cert_info member, from
which
On Thu, May 09, 2013 at 08:13:57PM +0200, Dr. Stephen Henson wrote:
> > One of the servers is:
> >
> > OpenSSL 0.9.9-dev 09 May 2008
> > built on: NetBSD 5.1_STABLE
> > platform: NetBSD-x86_64
> > options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int)
> > blowfish(idx)
On Thu, May 09, 2013, Viktor Dukhovni wrote:
> On Thu, May 09, 2013 at 04:54:33PM +, Viktor Dukhovni wrote:
>
> > So I'm more interested in any leads about which servers are prone
> > to this misbehaviour. Did any past OpenSSL versions mishandle
> > session tickets and acccept the session on
On Thu, May 09, 2013 at 04:54:33PM +, Viktor Dukhovni wrote:
> So I'm more interested in any leads about which servers are prone
> to this misbehaviour. Did any past OpenSSL versions mishandle
> session tickets and acccept the session only to then fail to
> negotiate correctly (zero length f
On Thu, May 09, 2013 at 05:58:14PM +0200, Dr. Stephen Henson wrote:
> > However disabling TLS extensions in the client does. With "no-tlsext",
> > the server does not resume past sessions. Perhaps the server's
> > implementation of session tickets is the culprit. Has anyone else
> > observed su
On Thu, May 09, 2013, Viktor Dukhovni wrote:
> On Thu, May 09, 2013 at 12:11:38AM +, Viktor Dukhovni wrote:
>
> > Has anyone seen the type of problem reported on the postfix-users list
> > today?
> >
> > http://archives.neohapsis.com/archves/postfix/2013-05/0158.html
> >
> > (and e
Hi,
I am trying to compile httpd 2.4.4 with openssl 1.0.1e. I want mod_ssl to be
linked dynamically as mod_ssl.so But after compiling using following config
option results in mod_ssl.a .
./configure --prefix=/etc/apache2 --with-ssl=/openssl_cc1 *--enable-so
--enable-mods-shared=all* --enable-ht
