I'm writing an openssl-based app that uses client and sever certs,
generated using a private root CA. Each client has its own cert and
private key.
For ease of deployment, I'm combining the private key and public cert
into a single file, i.e.:
$ cat client.key client.crt > client.privcrt
Th
> From: owner-openssl-us...@openssl.org On Behalf Of Hum Brai
> Sent: Friday, October 04, 2013 15:27
> To: openssl-users@openssl.org
> Subject: *** Spam *** Re: *** Spam *** Unable to create Version 3
> certificates with subjectAltName using my own CA
>
> Oh, sorry my message got labeled as spam,
I have just started to learn OpenSSL, and I am having troubles
finding documentation that is helpful.
www.openssl.org seems to have lots of reference documentation, but
not too much in usage documentation, e.g., what are the typical
contents expected in the SAN for a CA cert vs. those of a server
Oh, sorry my message got labeled as spam, is it because I pasted the
conf? THANK YOU for replying anyway. Question:
>> Summary: CSR has x509v3 extensions, certificate does not
>
>> I found on internet how we can make CSR (request) have subjectAltName,
> (and verified)
>
>> PROBLEM is when take
To read X509, man (s3) PEM_read_[bio_]X509 or d2i_X509[_fp,bio] . There
aren't man pages for
the non-I/O functions and similarly for X509_REQ other than I/O, but they're
pretty obvious in x509.h:
you want X509_get_$various and X509_REQ_set_$various . When I have a
question on these I usually
j
Everything good now. Solution below. Thank to Dave very much.
Summary: CSR has x509v3 extensions, certificate does not
>>>
I found on internet how we can make CSR (request) have subjectAltName,
>>> (and verified)
>>>
PROBLEM is when take a request to make new user certificate, I ge
On 10/4/13, Hum Brai wrote:
> Oh, sorry my message got labeled as spam, is it because I pasted the
> conf? THANK YOU for replying anyway. Question:
>
>>> Summary: CSR has x509v3 extensions, certificate does not
>>
>>> I found on internet how we can make CSR (request) have subjectAltName,
>> (an
Hello,
there exists a self signed root CA certificate (A)
one intermediate CA certificate (B)
and this intermedia certificate has signed a SSL certificate (C) of a
web server;
the SSL certificate has in its 'Authority Information Access' extension
the URL to the
intermediate CA certificate, a
> From: owner-openssl-us...@openssl.org On Behalf Of Hum Brai
> Sent: Friday, October 04, 2013 12:00
> Summary: CSR has x509v3 extensions, certificate does not
> I found on internet how we can make CSR (request) have subjectAltName,
(and verified)
> PROBLEM is when take a request to make new use
Summary: CSR has x509v3 extensions, certificate does not
Working with CentOS 6.2, openssl version:
OpenSSL 1.0.0-fips 29 Mar 2010
I created my own CA certificate using:
openssl req -new -x509 -days 365 -key host.example.com_CA.key -out
host.example.com_CA.crt
I found on internet how we can mak
On Fri, Oct 4, 2013 at 9:17 AM, Salz, Rich wrote:
> When you run it interactively, does it work right away or do you need to
> hit TWO returns?
>
It works right away.
The keypresses trigger the read of stdin (since the
WaitForSingleObject(stdin) is bypassed due to the OPENSSL_SYS_MSDOS issue),
When you run it interactively, does it work right away or do you need to hit
TWO returns?
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Am 03.10.2013 14:32, schrieb Puneet Khunteta:
Hello,
I have later found that the fail behavior may be due to the insufficient
memory available for the target device .
I have seen that "-stream" option is added in smime application in
openssl version 1.0.0 .
1.) Can i have the access to the
Hello Dave,
Please see inline.
Assuming by “get it signed” you mean signing the CSR, not getting a cert
issued from the CSR which many people wrongly think is “signing the CSR”:
yes OpenSSL has APIs for both X509 (cert) and X509_REQ.
[Kamalraj] If you don’t mind, can you share those APIs
You ca
Could it be because of a misuse of X509_dup() or CRYPTO_add( ..., 1,
CRYPTO_LOCK_X509 )
in a copy constructor or an assignment operator ?
#10 0x08052673 in CertificateRemote::cleanup_x509 (this=0x9bb55f0) at
syfer/crypto/Certificate.cpp:309
What could be possible reason for the above crash ?
Yes, I have searched a lot for SHA- 2 .
Looks like there is no support for SHA-2 in openssl-fips 1.2
Thanks
Anil
On Fri, Oct 4, 2013 at 3:00 PM, Gnanasekar R wrote:
> Hi!,
>
> Yes, this is SHA-512. I am interested in the 512/t variants for which the
> IVs and the final digests length differs. I
Hi!,
Yes, this is SHA-512. I am interested in the 512/t variants for which the
IVs and the final digests length differs. I don't see any parameters to
mention that. So wondering if support for 512/224 and 512/256 is available.
Regards,
Gnanasekar
On 4 October 2013 13:19, Fredrik Jansson wrote:
It looks like CRYPTO_set_mem_functions() of OpenSSL 1.0.1e-4.fc18 does not
work: CRYPTO_set_mem_functions() calls indirectly CRYPTO_malloc() which sets
"allow_customize = 0;" and so CRYPTO_set_mem_functions() does nothing (just
return 0, instead of 1).
Gdb trace with a modified _ssl module:
#0 0
Is there a way to seek with a BIO_ cipher?
I try BIO_seek and BIO_reset but any reads after this are incorrect
Hi!
Note, this is OpenSSL 1.0.1c.
sha.h: int SHA512_Init(SHA512_CTX *c);
evp.h: const EVP_MD *EVP_sha512(void);
Best regards,
Fredrik
On Fri, Oct 4, 2013 at 9:44 AM, Gnanasekar R wrote:
> Hi,
>
> I would like to know if OpenSSL has support for SHA-512/224 and
> SHA-512/256. I see init functio
Hi,
I would like to know if OpenSSL has support for SHA-512/224 and
SHA-512/256. I see init functions for SHA-256 and SHA-224. But could not
find one for the 512/t. Is it not supported?
Thanks,
Gnanasekar
Hi All,
I am trying to find whether there is minimum key length restriction when
operating SSL/TLS in fips mode. Documents say that if key length is < 1024
bits, fips 140-2 compliant openssl-fips-1.2p1 ssl library will not allow
the SSL connection.
I know that SSL_connect() should fail if this is
22 matches
Mail list logo
