>From: owner-openssl-us...@openssl.org On Behalf Of anu.engineer
>Sent: Wednesday, 12 June, 2013 15:03
> I am reading thru the ca.c in the apps directory to understand how
>to issue a certificate using OpenSSL and I came across this fragment
>of code which I am struggling to understand.
>Just b
They are doing a CA signed OCSP response, this is legitimate.
We will do this in the not so distant future as well for many of our
responses also.
You basically need to look at the responderID and see if it's the same
entity that signed the certificate you are checking if so use that key
material
Hi,
I tried to validate a certificate from Comodo using their OCSP, but I
cannot verify the response:
3073455752:error:27069076:OCSP routines:OCSP_basic_verify:signer
certificate not found:ocsp_vfy.c:85:
The certificate I want to validate was issued by
C=GB, ST=Greater Manchester, L=Salford,
Also I found that this works fine with openssl 1.0.1
Where keys are generated in FIPS mode with the following line.
Can someone let me know why this change in behavior between 0.9.8l and
1.0.1?
-BEGIN DSA PRIVATE KEY-
Thanks,
Anamitra
On 6/12/13 12:01 PM, "Anamitra Dutta Majumdar (anma
On 12 June 2013 21:15, Jakob Bohm wrote:
>>>
As for the DH_check_pub_key() function, checking if pubkey is in the
range "two to large prime minus 2, inclusive" is an insufficient check
against accepting degenerate keys. For instance NIST SP 800-56A
requires the following check
On 6/12/2013 10:17 PM, Thaddeus Fuller wrote:
Hi,
Is it possible to create a PKCS8 RSA Private Key using a non-password
based encryption algorithm? There doesn’t appear to be an option through
the command line `openssl pkcs8`. If it is not possible to do this
through OpenSSL (which seems to be t
On 12.06.2013 14:57, Dr. Stephen Henson wrote:
> On Fri, Jun 07, 2013, Michael Wild wrote:
>
>> Thanks for all the answers. Now I feel really stupid about forgetting
>> the implicit 0...
>>
>> Stephen: How do I prevent my program from hashing the data?
>> EVP_md_null()? After all, hashing a hash i
On 6/7/2013 1:17 PM, srikanth chakravarthula wrote:
Hi Jakob,
Thank you for your response.
So If I understand, when genrsa or rand command is called, it uses the
seeded random number from /dev/random or /dev/urandom and generates the
key and then re-seeds the random bytes from the /dev/random
o
Hi,
Is it possible to create a PKCS8 RSA Private Key using a non-password based
encryption algorithm? There doesn't appear to be an option through the command
line `openssl pkcs8`. If it is not possible to do this through OpenSSL (which
seems to be the case), is it not a valid way to encrypt th
On 6/1/2013 1:13 AM, Matt Caswell wrote:
On 31 May 2013 21:07, Matt Caswell wrote:
On 31 May 2013 16:42, Jakob Bohm wrote:
Interesting, I don't seem to be able to find code that calls dh_check
or equivalent on received DH group parameters, but then the check in
that function is too strict in
Hi All,
I am reading thru the ca.c in the apps directory to understand how to
issue a certificate using OpenSSL and I came across this fragment of code
which I am struggling to understand.
Just before signing the certificate the code executes this fragment
pktmp=X509_get_pubkey(ret);
if (EVP_PK
We are using OpenSSL version 0.9.8l
And what we find is that the DSA private key formats are different in FIPS
and non-FIPS mode
In FIPS mode it starts with
-BEGIN PRIVATE KEY-
Whereas in non-FIPS mode it starts with
-BEGIN DSA PRIVATE KEY-
I understand that this is expected s
Hi,
when i tried to build FIPS 2.0.3 on Linux 2.6.16 x86-64 platform it is not
showing any error message , but ips_premain_dso exe/library is not built..
Can you please give input to debug.
Regards,
Sarju
On Fri, Jun 07, 2013, Michael Wild wrote:
> Thanks for all the answers. Now I feel really stupid about forgetting
> the implicit 0...
>
> Stephen: How do I prevent my program from hashing the data?
> EVP_md_null()? After all, hashing a hash is pretty pointless for my case...
>
It depends on how
14 matches
Mail list logo
