Yes, because nameConstraints are inherited.
I don't know exactly where the bug lies but I strongly advise NOT to
use nameConstraints because while there is a standard nobody has
implemented full or correctly working support for it. I ran various
tests some weeks ago and the result was horrible. Se
The subCA has nameConstraints in the subCA configuration file:
[name_constraints]
permitted;DNS.0 = example.com
client configuration file has subjectAltName:
subjectAltName = DNS: www.cs.com
So is this a mismatch? How come s_client/s_server test was okay?
On Mon, Jun 29, 2015 at 2:12 PM, B
Do you use nameConstraints or have specified IP in subjectAltName?
Because OpenSSL can't handle that correctly.
2015-06-29 22:51 GMT+02:00 David Li :
> Hi,
>
> As a test, I have created a rootCA, a subCA (signed by the rootCA) and
> a client cert (signed by the subCA). Now I want to use verify,
>
Hi,
As a test, I have created a rootCA, a subCA (signed by the rootCA) and
a client cert (signed by the subCA). Now I want to use verify,
s_client and s_server to test them together.
However I searched and tried a number of times but still unsure about
the correct syntax format in verify command.
On Mon, Jun 29, 2015 at 05:48:05AM +, Srinivas wrote:
> Thanks. Makes sense.
>
> But then why are the DES ciphers not listed in the supported cipher list for
> TLSv1.2
> here?https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites
Those are all ciphers that require at least TL
On 26/06/2015 21:41, Walter H. wrote:
Hello,
has anybody got a reliable source or knowledge about which
mail clients - especially which Thunderbird release - should be
capable of verifying such mails correctly?
I believe GlobalSign has a knowledge base article
listing this as far as they kno
