Hi,
I am wondering whether there is already some support for the Maximum
Fragment Length Negotiation TLS extension (as specified in RFC 6066). If
not, are there any plans (or is development work underway) for OpenSSL
to support this?
I note in January of last year that there was activity on the
o
There is no single OID for Extended Validation. The members of CA/Browser
Forum (CABF) define their own, and then petition the browsers for EV
acceptance. The browsers then add the root certificate to their internal
EV tables, along with the OID they use for EV.
Since OpenSSL does not include ro
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Tilman Sauerbeck
> Sent: Friday, 09 May, 2014 18:57
>
> Michael Wojcik [2014-05-09 21:12]:
>
> > > From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> > > us...@openssl.org] On Behalf Of Ti
> I'm building an iOS application and trying to check if a certificate,
that a https-connection uses, is a EV certificate.
Why?
Wikipedia notes "The primary way to identify an EV certificate is by
referencing the Certificate Policies extension field. Each issuer uses a
different object identifier
Ø X509_get_ext_d2i(certificateX509, NID_certificate_policies, NULL, NULL)
Ø which returns some data depending of the NID provided. Since it is a
void-pointer, I don't know, which data type it returns.
According to x509v3/pcy_cache.c, it returns a pointer to CERTIFICATEPOLICIES.
According to
Hi everyone,
I'm building an iOS application and trying to check if a certificate, that a
https-connection uses, is a EV certificate.
Does the OpenSSL-libary have a method that gives me that information, if a
given certificate is a EV certificate?
I found the method
X509_get_ext_d2i(certi
Thanks! I guess if I had debugged more I would have seen that the invalid-freed
pointer (and not *double*-freed like I assumed) corresponded to the label. I
kept wondering what that "address is on thread 1's stack" referred to... Quite
obvious in hindsight.
I just tried to allocate the label wi
> So, if that's the case, what would be the downside of making the
> default_crl_days equal to the validity of the CA itself, for example?
> [e.g. If the CA cert is valid for 100 years, why not set the
> default_crl_days to 36500+/- days too?]
Because some clients won't check back for 100 years...
On Mon, May 12, 2014, Kevin Le Gouguec wrote:
> (This is on 1.0.2 beta 1 as found on openssl.org/source)
>
> I'm getting a double free error when building a CMS EnvelopedData with RSA
> OAEP. Here's how I'm setting things up (error checking left out for brevity):
>
>
> unsigned char oaep_lab
Hi Gregory,
> -Original Message-
> From: Gregory Sloop
[snip]
> So, I thought - why should I set the default_crl_days to some low
> number. I assume that it [the CRL] can be replaced with a "new" CRL,
> should we need one, long before the default_crl_days limit is reached.
> Is that corr
On Mon, May 12, 2014 at 03:00:23AM -0700, harika_n wrote:
> I am using RAND_bytes function to generate cryptographically secure random
> numbers. I want to know if it uses Hash based DRBG or HMAC based DRBG. If it
> uses Hash based DRBG what is the underlying hash function used? I looked at
> the s
Repost; updated for HEAD and tested on ubuntu as well.
Dw.
Folks,
Find below a minor patch to allow the use of smartcards in readers that have
their own
PIN entry keypads (Secure PIN entry) such as the SPR332 and most german/medical
chipcard devices.
Tested on Solaris, FreeBSD, Linux and MacOS
(This is on 1.0.2 beta 1 as found on openssl.org/source)
I'm getting a double free error when building a CMS EnvelopedData with RSA
OAEP. Here's how I'm setting things up (error checking left out for brevity):
int flags = CMS_BINARY | CMS_USE_KEYID | CMS_PARTIAL | CMS_KEY_PARAM;
CMS_Content
I am using RAND_bytes function to generate cryptographically secure random
numbers. I want to know if it uses Hash based DRBG or HMAC based DRBG. If it
uses Hash based DRBG what is the underlying hash function used? I looked at
the source code and found that it uses some MD function but I could not
14 matches
Mail list logo
