Please read what I wrote.
The d2i functions *modify the pointer they are given.* You have to give them a
temporary copy.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: Jason Qian [mailto:jq...@tibco.com]
Sent: Friday, August 11,
Thanks for look into this,
void * pKey = LockResource(hHandle);
The code works most of the time, only occasionally generates exception and
Not sure why on DSA_free(pDSA);
On Fri, Aug 11, 2017 at 2:57 PM, Salz, Rich wrote:
> > DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) &pKey,
On 08/11/2017 02:39 PM, Dr. Stephen Henson wrote:
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
Frustrated...
On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
My challenge comes to subjectAltName and its subfield
hardwareModuleName
per RFC 4108. I guess I am not 'getting' the s
> DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) &pKey, dwKeySize);
Where and how is pKey set? Not that the manpage says it's incremented to point
*past* the object, so you need something like
unsigned char data = .whatever your data source is .
unsigned char *
On 08/11/2017 02:47 PM, Dr. Stephen Henson wrote:
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
I would want the 'openssl req' command to prompt for hwType and
hsSerialNum. At least for now.
Note that you can't get the 'openssl req' command prompt for this but you can
generate the extensio
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
>
> I would want the 'openssl req' command to prompt for hwType and
> hsSerialNum. At least for now.
>
Note that you can't get the 'openssl req' command prompt for this but you can
generate the extension in an appropriate syntax: see my other messa
Thanks for the help,
DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) &pKey, dwKeySize);
bool bRet = false;
if (pDSA)
{
bRet = DSA_verify(0, signature, 20, (BYTE *) pFile, dwSize, (DSA *) pDSA)
== 1 ? true : false;
DSA_free(pDSA);
}
Jason
--
openssl-users mailing list
To unsubscribe: h
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
> Frustrated...
>
> On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
> >>My challenge comes to subjectAltName and its subfield
> >>hardwareModuleName
> >>per RFC 4108. I guess I am not 'getting' the subjectAltName section of
> >>'man x509
Frustrated...
On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
My challenge comes to subjectAltName and its subfield
hardwareModuleName
per RFC 4108. I guess I am not 'getting' the subjectAltName section of
'man x509v3_config'.
Not all forms of SAN names are supported. If you look
Why thank you, Viktor. Let's see if I can get this right from RFC4108
On 08/11/2017 12:47 PM, Viktor Dukhovni wrote:
On Fri, Aug 11, 2017 at 03:29:25PM +, Salz, Rich via openssl-users wrote:
In the certificate extensions section you do something like:
subjectAltName = dns:www.exam
On Fri, Aug 11, 2017 at 03:29:25PM +, Salz, Rich via openssl-users wrote:
> In the certificate extensions section you do something like:
> subjectAltName = dns:www.example.com, IP:127.0.0.1
> and so on. The "pki.tgz"
>
> > And further it seems you are saying there is no support for HMN
Sigh. Well let's see want I can get done on this by the next
IEEE802/IETF week pair.
On 08/11/2017 11:56 AM, Salz, Rich wrote:
What is the procedure to get it added. RFC 4108 has been around for a while,
as has 802.1AR-2009.
Simplest way is to (get someone to) write the code and make a githu
> What is the procedure to get it added. RFC 4108 has been around for a while,
> as has 802.1AR-2009.
Simplest way is to (get someone to) write the code and make a github pull
requests.
Next way is to post a patch.
Next way is to open an issue and hope someone gets around to it.
> Though I a
On 08/11/2017 11:29 AM, Salz, Rich wrote:
Given these supported names, what goes into the config file to create a SAN
without having to specify it on the command line?
In the certificate extensions section you do something like:
subjectAltName = dns:www.example.com, IP:127.0.0.1
and so
> Given these supported names, what goes into the config file to create a SAN
> without having to specify it on the command line?
In the certificate extensions section you do something like:
subjectAltName = dns:www.example.com, IP:127.0.0.1
and so on. The "pki.tgz"
> And further it seem
Thanks for the response, Rich.
On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
My challenge comes to subjectAltName and its subfield
hardwareModuleName
per RFC 4108. I guess I am not 'getting' the subjectAltName section of
'man x509v3_config'.
Not all forms of SAN names are suppor
> My challenge comes to subjectAltName and its subfield
> hardwareModuleName
> per RFC 4108. I guess I am not 'getting' the subjectAltName section of
> 'man x509v3_config'.
Not all forms of SAN names are supported. If you look in
include/openssl/x509v3.h you see the following:
# define GEN_OTH
Now that I can build a generic PKI with EDDSA, the next step is to add
creation of 802.1AR iDevID certificates. I am using the current draft,
sec 8, 802.1ARce-d2-2, but for this purpose it is essentially the same
(but clearer written) as sec 7, 802.1AR-2009.
I start with making the following
18 matches
Mail list logo
