X509 *pCert = {Your Cert Object}
BUF_MEM *pBuffMem = NULL;
char * pCertString = NULL;
pBioCert = BIO_new(BIO_s_mem());
if ( pBioCert == NULL) {
dwError = MEMORY_ERR;
BAIL_ON_ERROR(dwError);
}
dwError = X509_print(pBioCert, pCert);
BIO_get_mem_ptr(p
I have been working through the tutorial at
http://pki-tutorial.readthedocs.org/en/latest/
There are a number of things that aren't clear.
1) Am I right in assuming that the various commands in that tutorial
can be performed as an ordinary user in a working directory in that
user's home directory
Should I be worried? If this is indeed a genuine google certificate,
why is it that there are (at least) 2 different certificates for the
same domain (smtp.google.com)?
Only if you believe that smtp.gmail.com and smtp.google.com are the same.
Yeah, sorry, I meant "smtp.googlemail.com".
On 10/20/2013 08:29 AM, Oz, Tal (Tal) wrote:
> Hi,
>
> I can see there is an important note that FIPS 1.2 is no longer valid in its
> current form past 2010 (http://www.openssl.org/docs/fips/fipsnotes.html)
> There is also a reference to SP 800-131.
>
>>From reading it, it looks like it should b
Ø What is openssl function equivalent to "openssl x509 -in test.crt -text
-noout"
Look in apps/x509.c
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Thanks Dave for the information.
I can confirm the customer wants renegotiation turned off altogether.
No secure renegotiation and no unsafe renegotiation either.
>If what they actually want is to drop the secure renegotiation functionality
>and go back to the old world
>with traditional unsafe r
Hi,
I am looking for function to display the certificate in text format.
What is openssl function equivalent to "openssl x509 -in test.crt -text -noout"
Thanks,
Sanjay
Hello Umberto!
I wrote a patch to openssl, you can find it here
http://marc.info/?l=openssl-dev&m=138000831409222&w=2
unfortunately nobody ever gave me an answer, neither positive nor negative,
and I pretty unhappy with that.
I'll probably release a software on my own based on that, even though
The man page for SSL_get_error() lists the SSL_* functions it can be used
with, and it doesn't mention SSL_shutdown().
On the other hand, the man page for SSL_shutdown() says that for
non-blocking I/O, you should call SSL_get_error().
So which is right?
I ask, because in the following code:
On Sun, Oct 20, 2013 at 02:00:27PM +0100, Michael Zintakis wrote:
> Viktor Dukhovni wrote:
You left out the first three lines of the command which starts with:
$ (sleep 2; printf "QUIT\r\n") | 2>/dev/null \
openssl s_client -showcerts -starttls smtp -connect smtp.gmail.com:587 |
10 matches
Mail list logo
