Right on!
I think it is indeed an issue of partial chain on the loading side.
As a related question, on the loading side, do I need to provide the whole
chain to SSL_CTX_use_certificate?
If intermediate CA certificate is installed into default locations like
/ets/ssl/certs, and only end certific
You are asking two different questions.
The certificates that the *client* sends are specified by the various “use
certficiate” API’s. No chain is built. See
doc/man3/SSL_CTX_use_certificate.pod, especially the “use certificate chain
file” API.
As for what the *server* does, it tries to use
> https://username:passw...@server.com
> How do I specify this username and password when using SSL_connect()?
You don't. That stuff is at the protocol level about TLS/SSL.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
According to
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_add_extra_chain_cert.html,
openssl will search the default locations for chain building:
“If no chain is specified, the library will try to complete the chain from the
available CA certificates in the trusted CA storage, see
SSL_C
On Fri, 2017-04-21 at 16:09 -0400, Jeff Archer wrote:
> I have a server that requires that username and password be used as
> https://username:passw...@server.com
>
>
> How do I specify this username and password when using SSL_connect()?
You don't. The username and password are encoded into th
I have a server that requires that username and password be used as
https://username:passw...@server.com
How do I specify this username and password when using SSL_connect()?
Thanks,
Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
No, you must have a chain up to a local trust anchor.
You can install the intermediate in your trust store.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: Lei Kong [mailto:leik...@msn.com]
Sent: Thursday, April 20, 2017 9:38 PM
To
On 21/04/2017 03:37, Lei Kong wrote:
When validating a certificate issued by an intermediate certificate
authority, I noticed that I need to install both the root and the
intermediate CA certificate locally (with update-ca-certificates on
ubuntu 16.04). Verification fails if only root CA cert
When validating a certificate issued by an intermediate certificate authority,
I noticed that I need to install both the root and the intermediate CA
certificate locally (with update-ca-certificates on ubuntu 16.04). Verification
fails if only root CA cert is installed (intermediate is not insta
I am using 1.0.2g. CRL checking works fine on my certificate when I download
and save CRL in PEM format locally.
I noticed that “openssl verify” has this option:
-crl_download
Attempt to download CRL information for this certificate.
But it does not work for me. The CRL URL embedded i
On 21/04/2017 01:35, Linsell, StevenX wrote:
On 20/04/2017, Bohn, Jakob wrote:
Let me clarify: The idea was not to change the synchronization structure,
but to set a flag or otherwise (asynchronously or in a small critical
section) change the state such that when the communication async
operati
11 matches
Mail list logo
