ASN1_IA5STRING to char*

Hi, How do I convert an ASN1_IA5STRING to char* . Thanks in advance, Arun

CRL checks on x509 certificate using get_crl callback vs manually calling store->check_crl

Hi, We are using openssl in our application for secure socket communications. What is the best way to check for revocation status of an x509 certificate using CRLs. 1) Register a callback to store context's get_crl function . In the call back function, load the crl and return. 2) Let openssl fi

when to use CRYPTO_set_locking_callback and CRYPTO_set_dynlock_create_callback

Hi, We are using openssl 1.0.0d in our multi threaded application. I would like to know when to set CRYPTO_set_locking_callback and when to set CRYPTO_set_dynlock_* callbacks The openssl document says that *dyn* call backs are required to improve performance. From openssl code, it seems only e_ch

Re: Additional checks on peer certificate

On Tue, Jun 22, 2010 at 2:17 AM, Marcel Fransen wrote: > Hi, > > I want to do some additional checks on the peer certificate, like a > hostname check. > > My first question is how should I get access to the peer certificate in the > verify callback: > The documentation for X509_STORE_CTX_get_cur

How to free SSL_METHOD structure

Hi, What is the function to be called to free SSL_METHOD * created using SSLv23_client_method or other similar methods. Thanks, Arun

is openssl library thread safe

Hi, Is openssl library thread safe so that it can be used in an multithreaded environment as is. Thanks, Arun

openssl ocsp responder unauthorised error

Hi, When will an ocsp responder respond with "unauthorized error" for a ocsp request. It is an windows server 2008 machine. Thanks, Arun

openssl command to add extension

Hi, What is the command to create a certificate signing request with x509 extensions, say a OCSP responder. Thanks, Arun

get_crl callback

Hi, Is setting X509_STORE_CTX->get_crl to my-call-back-function a right way of getting a call back to load the crl for the X509 certificate. Thanks, Arun

Re: Detect CRL format

Thanks! On Thu, Jun 3, 2010 at 4:54 PM, Dr. Stephen Henson wrote: > On Thu, Jun 03, 2010, Mounir IDRASSI wrote: > > > Hi, > > > > One simple and efficient method to distinguish between PEM and DER > encoding > > for a CRL or a certificate is to read the first byte : if it's equal to > > 0x30 then

Detect CRL format

Hi, Given a CRL file, how to detect its format. whether it is in PEM encoded format or ASN1. Thanks, Arun

X509_STORE function to clear error

Hi, What is the function to use to clear any error in X509_STORE_CTX Thanks, Arun

get_crl : callback to download CRL

Hi, How do I register the callback to download CRL for the SSL certificate. Thanks, Arun

RE: printing a certificate

Look at openssl-*/apps/x509.c Arun -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dallas Clement Sent: Wednesday, June 02, 2010 9:50 AM To: openssl-users@openssl.org Subject: printing a certificate Hi, Would someone kindly

Certificate revocation check

Hi, How do I check in my code, if a certificate is revoked or not? >From what I googled : The x509 certificate contains set of CRL distribution points, ie set of urls. We need to download the crl list . Crl list contains serial numbers of certificates revoked and the date in which they were revok