There are currently three functions related to the EGD:
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path, int bytes);
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int
bytes);
I would like to just have a single function
Int RAND
On 1/13/16, 16:19 , "openssl-dev on behalf of Dr. Stephen Henson"
wrote:
>On Wed, Jan 13, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
>>
>>
>> If the input to "pkeyutl -sign" is supposed to be digest output only -
>>then
>> what’s the point of having command line arguments specifying the digest
On Wed, Jan 13, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
>
>
> If the input to "pkeyutl ???sign??? is supposed to be digest output only ???
> then
> what???s the point of having command line arguments specifying the digest to
> use? And if the input can be an arbitrary file (like for ???dgst
I’m not sure whether this is a bug (as I suspect – hence sending to
openssl-dev), or a poorly-documented “feature” (so copying to
openssl-users).
I am trying to use “openssl pkeyutl” to digitally sign (and verify) a file.
When the file size matches the size of the specified digest (32 bytes for
S
Thanks,
I could not make subjectAltName copy at all. I try several ways without
success - subjectAltName=IP:copy its not a valid option
like subjectAltName=email:copy.
What works for me (but doesn't seems to be the correct solution) is pass
the extfile to x509 command with subjectAltName data aga
> On Jan 13, 2016, at 1:22 PM, Mauro Romano Trajber wrote:
>
> In which section?
>
> On section [CA_default] I have 'copy_extensions = copy'
In case you find it useful, I am attaching a bash script I use to
generate certificate chains for various automated tests.
This does not use any customi
In your ca_defualt you should have a x509_extensions field that references
another stanza. That other stanza needs the copy. I don’t know if
copy_extensions copies everything. ☹
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
In which section?
On section [CA_default] I have 'copy_extensions = copy'
Can I do this using only command line options?
On Wed, Jan 13, 2016 at 3:42 PM, Salz, Rich wrote:
> >But when I try to sign it using my own CA using the x509 command this
> data is removed
>
> You need to make sure that
>But when I try to sign it using my own CA using the x509 command this data is
>removed
You need to make sure that subjectAltName is marked as copy in your config file.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/list
Hi,
I created a CSR with subjectAlternativeNames:
$ openssl req -noout -in my.csr -text
Requested Extensions:
X509v3 Subject Alternative Name:
IP Address:1.1.1.1, DNS:www.example.com
...
But when I try to sign it using my own CA using the x509 command this data
Unfortunately I need a bit more than that.
I have two things I'm trying to accomplish, both in the context of
checking a client that is connecting to the server:
1. The OpenSSL code by default does not check the OCSP revocation
servers when validating a certificate, and I haven't found a "built i
Hi Karl,
I believe it could be helpful to have a look at the 509_check_host() and
do_x509_check() source code in crypto\x509v3\v3_utl.c.
Also, if you want to parse the SAN just for certificate validation, it is now
easier to use :
https://www.openssl.org/docs/manmaster/crypto/X509_VERIFY_PA
12 matches
Mail list logo
