Hi Steve,
Forgive my ignorance
>From the previous postings, I *thought* that the validation only
applies to real iron, and [retroactively] was not conferred to the
VMs. But it seems like this list includes real hardware, too:
12 Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit)
On Mon, Jun 22, 2015 at 08:57:08AM +0530, Nayna Jain wrote:
> What will X509_verify() will verify if I pass it public key.
It checks the signature of the certificate using the supplied key.
> I mean does it check the private key with which certificate was signed, or
> the public key which this c
OK.. I think I understood this API wrongly then.
What will X509_verify() will verify if I pass it public key.
I mean in place of private key , if I try to match the public key than
rather than doing keys comparision, will passing the public key to this
API, help ?
I mean does it check the priva
On Mon, Jun 22, 2015 at 07:56:37AM +0530, Nayna Jain wrote:
> I want to match the certificate with the private key for whose public key
> that certificate is provided.
That's the subject key, and unless the certificate is self-signed,
the X509_verify() function is not the right interface. You wa
Thanks Victor,
I want to match the certificate with the private key for whose public key
that certificate is provided.
If this verifies who signed the certificate, then how do I verify whether
the certificate provided is for the private key which was generated,
Thanks & Regards,
Nayna Jain
F
On Mon, Jun 22, 2015 at 04:12:29AM +0530, Nayna Jain wrote:
> I am trying to verify X509 certificate against two private keys such that
> atleast one of them it should match.
What do you mean by "match"? Was either key used to sign the
certificate, or is one of the keys the public key of the sub
> I looked at how SSL_CTX_set_cipher_list and SSL_set_cipher_list operate,
> but they don't use SSL_{CTX}_ctrl.
That API probably predates the ctrl. It's a trade-off; you lose type-safety
but have less to document :)
> What is the suggested way to control the functionality through a flag?
Pro
I need to add some functionality to the SSL portion of the library. I
need to control when the functionality is enabled, and I was going to
control it with a flag. (Existing behavior by default; option to
enable behavior on SSL_CTX*; option to override on SSL*).
I thought a SSL_CTX_ctrl and SSL_ct
Hi,
I am trying to verify X509 certificate against two private keys such that
atleast one of them it should match.
I used the API as
X509_verify(x509, pkey) where pkey is of EVP_PKEY type
However, for one of the private key it is failing with error "block type is
not 01"// And this key is s
