On Sat, Jan 25, 2014 at 10:29:58AM +0530, Devchandra L Meetei wrote:
> What is the best way to support TLS1.2 procotol alone in an application
Do you really mean only TLSv1.2, or do you in fact want >= TLSv1.2,
so that when TLSV1.3 comes out the same code will also work with
TLSv1.3?
> currently
Hi All
What is the best way to support TLS1.2 procotol alone in an application
currently it is done by creating protocol
sslProtocolMethod = TLSv1_2_method();
ctx = SSL_CTX_new(sslProtocolMethod)
;
options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2;
#ifndef OPENSSL_NO_SSL3
On Fri, Jan 24, 2014, Jeffrey Walton wrote:
> What is the name of the function to set the callback described below?
>
> *) Add certificate callback. If set this is called whenever a certificate
> is required by client or server. An application can decide which
> certificate chain to p
Hey Jeffrey,
> What is the name of the function to set the callback described below?
>
> *) Add certificate callback. If set this is called whenever a certificate
> is required by client or server. An application can decide which
> certificate chain to present based on arbitrary criter
What is the name of the function to set the callback described below?
*) Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
su
> From: Matt Caswell [mailto:fr...@baggins.org]
> Sent: Wednesday, January 22, 2014 18:01
Second pass with some minor improvements:
> On 22 January 2014 22:40, Dave Thompson wrote:
>
> > The general public-key sign and verify processes are:
> > S1. compute hash of data (or for CMS, hash of data
Oh! what a miss!! Signs of excessive pressure!!! When I divide the program in
multiple files, I create one of the functions like this-
char *dh_sender_pub(DH *dhPar)
{
char *pubinHex=NULL;
DH_generate_key(dhPar);
pubinHex=BN_bn2hex(dhPar->pub_key);
return pubinHex;
}
And I was
On Fri, Jan 24, 2014 at 1:18 PM, Jakob Bohm wrote:
> On 1/24/2014 6:54 PM, Jeffrey Walton wrote:
>>
>> I don't see a dumb mistake with this one
>>
>> ...
>> [ signing_req ]
>> subjectKeyIdentifier=hash
>> authorityKeyIdentifier=keyid,issuer
>> basicConstraints = CA:FALSE
>> keyUsage = nonRepud
On 1/24/2014 6:54 PM, Jeffrey Walton wrote:
I don't see a dumb mistake with this one
First, the CSR has multiple SANs:
$ openssl req -text -noout -verify -in servercert.csr
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=XX, ST=XX, L=XX, CN=Test
Serv
I don't see a dumb mistake with this one
First, the CSR has multiple SANs:
$ openssl req -text -noout -verify -in servercert.csr
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=XX, ST=XX, L=XX, CN=Test Server/emailAddress=t...@example.com
Subject P
On Fri, Jan 24, 2014 at 12:02 PM, Dr. Stephen Henson wrote:
> On Fri, Jan 24, 2014, Jeffrey Walton wrote:
>
>> I'm having a heck of a time getting the SAN into a server's CSR.
>>
>> ...
>> Any ideas what I'm doing wrong?
>
> Hmm... it isn't adding any extensions at all. What version of OpenSSL are
On Fri, Jan 24, 2014, Jeffrey Walton wrote:
> I'm having a heck of a time getting the SAN into a server's CSR.
>
> I believe the relevant sections are:
>
> [ req ]
> req_extensions= server_req_extensions
>
> [ server_req_extensions ]
>
> subjectKeyIdentifier= hash
> basicConstr
I'm having a heck of a time getting the SAN into a server's CSR.
I believe the relevant sections are:
[ req ]
req_extensions= server_req_extensions
[ server_req_extensions ]
subjectKeyIdentifier= hash
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, dig
Ø These built-in functions do not return the size of the binary data, so how
can I get the length of the binary data?
BN_num_bytes() which you already used in your initial posting?
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
These built-in functions do not return the size of the binary data, so how can
I get the length of the binary data? I need the length in some other parts of
my program. Do I need to convert them to Hex everytime to get the length? Or is
there any direct method to get the length? I want to use di
Hi Jakob,
Thanks, this is exactly the help I was looking for.
Cheers!
Sean
On Thu, Jan 23, 2014 at 2:05 PM, Jakob Bohm wrote:
> On 1/23/2014 4:55 PM, Sean Langley wrote:
>
>> Hi All,
>>
>> I have been using AES 256, CTR mode to encrypt the contents of a file on
>> disk. The IV for the file i
That solved the issueThank you!
--
View this message in context:
http://openssl.6102.n7.nabble.com/Set-public-key-in-a-CSR-tp48250p48263.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Proje
17 matches
Mail list logo
