> On Jan 19, 2018, at 10:09 PM, Frank Migge wrote:
>
> >> Object 04: X509v3 Extended Key Usage: TLS Web Server Authentication
>
> This is were I would check first.
>
> I am not fully sure, but believe that Extended Key Usage should *not* be
> there.
Indeed the intermediate CA should either
I got it wrong. The failing cert from your log is actually the
intermediate, which has five extensions:
>> Object 00: X509v3 Subject Key Identifier:
58:A4:EB:D9:DD:CE:A2:99:72:3B:E1:20:19:1D:40:C1:F9:D5:C2:28
>> Object 01: X509v3 Authority Key Identifier:
keyid:E2:E9:20:42:29:83:C4:77:8C:87:AB:FA:
Hi Robert,
>> error 26 : unsupported certificate purpose
It seems the cert gets declined because of a problem with cert
extensions. "keyUsage" or "extendedKeyUsage" are typical candidates. In
your case, the leaf certificate "CAPF-91d43ef6" has two extensions:
Object 00: X509v3 Key Usage
Digita
There’s a new blog post at
https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
It contains some important policy changes we decided at our meeting last month.
This includes:
- Closing the openssl-dev mailing list; use GitHub for issues
- New mailing list openssl-project for pro
Following link might give you, some clue about the problem:
https://stackoverflow.com/questions/30446431/wrong-cipher-suite-or-no-connection-with-openssl-server
Regards,
PR
On Fri, Jan 12, 2018 at 9:27 PM, johan persson
wrote:
> I have problem doing handshake using "ECDHE-ECDSA-AES256-GCM-SHA3
Dear OpenSSL Team,
I have some problems with new Cisco CAPF certs and freeradius tls
authentification. The point is, that freeradius users see the problem on
openssl implemtiation.
(69) eap_tls: Continuing EAP-TLS
(69) eap_tls: Peer indicated complete TLS record size will be 1432 bytes
Hi,
I am using openssl C API.
I have created openssl certificates so i have .crt and .key file. If I want
to append those certificates in existing certificate revocation list then
how can we do that ? I have tried with below code.
#include
#include
#include
#include
#include
#include
