Hello,
I have few queries wrt the RSA private key generation and writing using
openssl. Could anybody please clearify.
(1). Has the behavior of api PEM_write_PrivateKey() has been changed
between openssl 0.9.8 and 1.0.0 ?
(2). The above api uses PKCS#8 encoding (while writing) by default in
1
Hello,
Could anyone let me know which is the suitable openssl command to convert
PKCS#8 key to traditional PKCS#1 key in openssl_1.0.0?
I used the below command, and it works in openssl_1.0.0:-
openssl rsa -in pkcs8.pem -out pkcs1.pem
But if i use the below command, it doesn't work in openssl_1
Ahhh, it looks like Appendix A.5 answers my questions more easily than Appendix
C.
I believe these are the answers:
In fact, TLS 1.1 does prohibit the use of the export cipher suites in TLS 1.0.
So there are effectively a few (9 by my count) cipher suites that supported in
TLS 1.0 that are pr
I'm a little confused about which cipher suites are supported by which SSL/TLS
protocol versions.
I'm using Appendix C of the TLS 1.0, 1.1, and 1.2 RFCs, respectively, as a
starting point for which cipher suites are supported in which version of the
protocol, but I'm not sure how to parse the f
On Tue, Jun 04, 2013 at 04:38:42PM +0200, Dr. Stephen Henson wrote:
> > Note, to implement DANE, I using 1.0.0 or later only. So if with
> > 1.x.y there is a reasonable expectation that libcrypto versions
> > with the same SONAME don't vary in the offset of the "untrusted"
> > member in X509_STOR
On Tue, Jun 04, 2013, Viktor Dukhovni wrote:
> On Mon, Jun 03, 2013 at 11:32:31PM +, Viktor Dukhovni wrote:
>
> > I want to use SSL_CTX_set_cert_verify_callback() to customize how
> > certificate verification is performed. I need to be able to selectively
> > add/remove from the set of "untr
On Mon, Jun 03, 2013 at 11:32:31PM +, Viktor Dukhovni wrote:
> I want to use SSL_CTX_set_cert_verify_callback() to customize how
> certificate verification is performed. I need to be able to selectively
> add/remove from the set of "untrusted" additional certificates in
> X509_STORE_CTX. Unf
Hello,
I am using strongswan(v_4.5.3) for ipsec, that uses my X509 certificate
and RSA private key.
If i use RSA private key(un-encrypted) that is PKCS#8 encoded, then
strongswan is not able to load the key. But it works, if i use a
traditional PKCS#1 encoded RSA key.
Could anyone explain, which
Try these:
- split the certificates from your CA/cecert.pem into individual files
with correct hashes
- run "strace -eopen openssl verify -CApath
client.cert"
--
Erwann ABALEA
Le 04/06/2013 09:02, Leon Brits a écrit :
Hi all,
I have just created a new CA which has the extension to allow
Hi all,
I have just created a new CA which has the extension to allow client
authentication. My previous CA worked fine without this extension but some
client application now requires that I set it. So I've created a new client key
pair and signed it with the new CA, but when I use openssl veri
10 matches
Mail list logo
