Suppose I want to verify a certificate, and I've collected some CRLs
and some OCSP responses. How can I do that?
If I just want to verify revocation for the end certificate (so
X509_V_FLAG_CRL_CHECK rather than X509_V_FLAG_CRL_CHECK_ALL) then
that's straightforward: I use X509_verify_cert without t
I have some code accessing these fields from X509_NAME pointers, but
obviously that's not allowed in 1.1.
I think the code can be restructured to use X509_NAME_cmp
instead. Maybe.
But before I start that, is there some strong reason for not offering an
accessor function? Something like
X509_NA
"Edward Ned Harvey (openssl)"
writes:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Michael Wojcik
>>
>> For someone who does want more background in cryptography, I'd
>> recommend Schneier's /Applied Cryptography/ over /Cryptography
>> Engine
Bin Lu writes:
[...]
> if (dcrl)
> {
> ok = ctx->check_crl(ctx, dcrl);
> if (!ok)
> goto err;
> ok = ctx->cert_crl(ctx, dcrl, x); ç this
Cristian Thiago Moecke
writes:
> You have two ways to follow.
>
> 1) To use an HSM to sign, the "official" way to do it is to use an
> openssl engine. If your HSM does not provide an openssl engine, it
> probably does provide a PKCS#11 module, and you can use the pkcs11
> engine to load it and
"Dr. Stephen Henson"
writes:
[...]
> Validated RSA_METHOD structures set RSA_FLAG_FIPS_METHOD, so that will work
> with the FIPS module.
>
> That code is there so you can't accidentally use an unvalidated method (e.g.
> from an ENGINE) in FIPS mode but if you are sure it is acceptable it can be
If one naively uses PKCS12_parse to extract key, certificate, and
certificate chain, and then iterates through the STACK_OF(X509) calling
SSL_CTX_add_extra_chain_cert (starting at sk_X509_value(ca, 0)) then the
chain will be in the opposite order to what's in the PKCS#12 file.
That seems consisten
"Dr. Stephen Henson"
writes:
[...]
> RSA_private_decrypt is fine [...]
Is it? It begins with discouraging-looking code:
int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char
*to,
RSA *rsa, int padding)
{
#ifdef OPENSSL_FIPS
if (FIPS_mo
Arthur Spitzer
writes:
[...]
> The problem is: The verification always fails with error code 7
> (“signature invalid”). I already tried three different attempts
> (documented in the attached cpp file) to build the trust chain, with
> the same result.
>
> The relevant source code (certificates as
"Bruce (Riji) Cai"
writes:
> Not quite sure, but to my understand, the "ex_data" is saved into per
> ssl connection context, so the index to it should be per connection
> scope.
That's not correct, no. The ex_data mechanism can be used to store many
different things into each SSL connection (sim
sandeep kiran p
writes:
> Hi,
>
> A quick question. Does the SubjectName in a certificate really need
> point to an LDAP DN in a X500 Directory that a CA uses or do CAs
> manage the SubjectName DNs without actually using any sort of
> Directory? I want to know whether it is a general practice for
Jakob Bohm writes:
[...]
> I did mention that in passing under my item 2 (where I mentioned use
> of 192-bit-truncated-SHA-224 as one allowed 192 bit hash algorithm for
> use with ECDSA-192).
OK, sorry, I missed that.
> I don't remember if the current FIPS-180 actually allows truncating to
> (
Jakob Bohm writes:
[...]
> As explained above, 192 bit DSA and ECDSA only works with 192 bit
> hashes (and only one hash algorithm is allowed for each private/public
> key pair).
You can use larger digests (SHA-512, for example), but the digest will
be truncated before processing with ECDSA (or
I have a chain that fails to verify:
brs% openssl verify -verbose -issuer_checks -CAfile serversTA.pem -untrusted
'servers->users.pem' dua.pem
dua.pem: CN = config, CN = DSA Manager
error 29 at 0 depth lookup:subject issuer mismatch
CN = config, CN = DSA Manager
error 31 at 0 depth lookup:author
I have a chain that fails to verify:
brs% openssl verify -verbose -issuer_checks -CAfile serversTA.pem -untrusted
'servers->users.pem' dua.pem
dua.pem: CN = config, CN = DSA Manager
error 29 at 0 depth lookup:subject issuer mismatch
CN = config, CN = DSA Manager
error 31 at 0 depth lookup:author
I was confused to find logging indicating an intermittent error while
doing SSL in an application:
x509 certificate routines:X509_check_private_key:key values
mismatch:x509_cmp.c:318:
But that's while running automated tests which always use certificates
and keys from pregenerated PKCS#12 files.
David Coulson writes:
> On 3/29/11 12:58 PM, Bruce Stephens wrote:
>> Add the -showcerts option to the s_client commands and you'll see the
>> first server returns a chain of certificates where the second offers
>> only the end server certificate.
> Okay, I see that
David Coulson writes:
[...]
> OpenSSL has other ideas. First one validates fine, second one does
> not. I can't for the life of me figure out what the difference is.
>
> Any ideas?
Add the -showcerts option to the s_client commands and you'll see the
first server returns a chain of certificates
Jeff Saremi writes:
[...]
> According to the RFC, is it an error for a certificate and its chain not
> to have any CRLs and CRL distribtuion points?
No, but you're perhaps confusing things by joining the two together. On
CRL DPs, "this profile RECOMMENDS support for this extension by CAs and
a
Jeff Saremi writes:
[...]
> Here's the code:
>
> cert.status = NOT_REVOKED;
> for (i = 0; i < cert.crldp.size; ++i)
> {
> /* some processing loops */
> if(cert.status == UNDETERMINED)
> {
> /* do what Bruce Stephens suggested */
> }
> }
N
Jeff Saremi writes:
[...]
> Section 6.3.3. of RFC 5280 - CRL Processing
> "This algorithm begins by assuming that the certificate is not revoked
> For each distribution point (DP) in the certificate's CRL distribution
> points extension, for each corresponding CRL "
>
> So my expectation
ikuzar writes:
[...]
> my questions :
> 1) What does DER format means ?
Distinguished Encoding Rules. It's an encoding for ASN.1. See X.690.
> is it equivalent to a string format ?
It's a binary serialisation. So it's a string in the sense that it
can be sent over protocols, saved in files
Michael Ströder writes:
> Bruce Stephens wrote:
[...]
>> Ah, my fault. Obvious in retrospect: Debian's openssl finds the root
>> cert because it's in the ca-certificates package!
>
> Did you use -CAfile as in my original posting when testing?
I did.
> D
Bruce Stephens writes:
> "Dr. Stephen Henson" writes:
>
> [...]
>
>> Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
>> error here.
>
> No, it's Debian's 0.9.8o-2.
Ah, my fault. Obvious in retrospect: Debi
"Dr. Stephen Henson" writes:
[...]
> Is that unmodified OpenSSL 0.9.8o? If so that's peculiar I get the expected
> error here.
No, it's Debian's 0.9.8o-2.
[...]
__
OpenSSL Project http://www.op
Erik Tkal writes:
> Maybe that's a bug in OpenSSL 0.9.8o? The docs for verify say "It is
> an error if the whole chain cannot be built up."
Maybe, but I think it's just as reasonable to regard it as a bug in the
docs.
I think it's useful for verify to be able to verify chains from trust
anchor
Erik Tkal writes:
> Hi Michael,
>
> Your "rootcacert" is not a root cert, as it was issued by "C=US,
> ST=UT, L=Salt Lake City, O=The USERTRUST Network,
> OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication
> and Email". You need to append that cert as well to your CAfile.
That
Plot Lost writes:
[...]
> For this particular project I'm required to check each step
> individually, not the entire chain at once.
That's what verifying the chain does (see the implementation of
X509_verify_cert()). You could add a callback using
X509_STORE_CTX_set_verify_cb(). That doesn't
Plot Lost writes:
> Hi, I'm trying to figure out how to check a certificate is valid
> according to a chain of certificates.
>
> There are 3 certs in all, and they are all held as X509 data in memory, e.g.
>
> X509 *server_cert;
> X509 *inter_cert;
> X509 *root_cert;
>
> How can I check that 'ser
Aravind GJ writes:
[...]
> While functions like SSL_use_PrivateKey use EVP_PKEY structure, but to
> get that structure, I need to use BIO APIs which again takes filename
> as input.
See BIO_new_mem_buf(). (There are other ways to construct EVP_PKEYs
without reading from a file, depending what
decoder writes:
[...]
> Ok, so what I am currently doing is something like
>
> asndata = ASN1_OCTET_STRING_new();
> ASN1_OCTET_STRING_set(asndata, myData, myLength);
>
> and then I add asndata to an extension I create:
>
> ex = X509_EXTENSION_create_by_NID( NU
decoder writes:
[...]
> Now the problem is that I am almost hitting the maximum size of the
> certificate (the practical limit seems to be around 15-16 kb) and I'd
> like to know if hex encoding is really necessary or if I can simply
> include the data directly without violating any standards (a
Matt Fioravante writes:
> I've got some code that dynamically allocates an X509 object using
> PEM_read_X509 and then extracts some data from it.
>
> The problem is the object never gets freed. I tried to call free() on the
> X509 pointer but that doesn't work either because it has dynamically
Ben DJ writes:
[...]
> but,
>
> openssl ciphers -v "HIGH:!RSA"
>
> returns,
>
> RSA: Event not found.
I think that's your shell, not openssl.
__
OpenSSL Project http://www.openssl.org
User Su
"Dr. Stephen Henson" writes:
[...]
> Didn't realise anyone was using CFB for that. Is that some default or does it
> have to be specifically requested?
It was explicitly requested, though I'm not sure for any positive reason
in this case (more because we'd used that cipher and mode elsewhere, I
With 0.9.8m I'm getting some failures to read PEM files (and do some
other thnigs, I think) that 0.9.8l is happy with.
The PEM files are created by BouncyCastle, I think (though I imagine
0.9.8l could be persuaded to write similarly failing files). they begin
something like:
-BEGIN RSA PRIVA
Alexey Luchko writes:
> I'm new to openssl.
> I've got two questions on EVP API:
>
> 1. What do EVP_EncryptInit_ex and EVP_CipherInit_ex differ with?
> When should I use encrypt/decrypt and when cipher?
If you look at the source, EVP_EncryptInit_ex/EVP_DecryptInit_ex are
just trivial wrapper
"Alessandro Borga" writes:
> I must use RSA encrypt/decprypt functions in a target using Arm cpu.
>
> Other rsa source code doesn’t work right because target environment use big
> endian memory allocation for int and long
Really? SPARC (32bit) is big-endian, and really quite common (less
thoug
Mike Frysinger writes:
[...]
> ive been trying to figure out exactly how to invoke openssl to get the
> equivalent behavior.
It's beyond me, I'm afraid. But a couple of things do suggest
themselves...
[...]
> i'm creating the parameters file with:
> openssl ecparam -name sect163k1 -rand -p
Martin Schneider writes:
[...]
> I want to include some kind of meta information into certificates, e.g.
>
> foo = x
> bar = y
> baz = z
>
> A collegue of mine recommended to use the "subject alternative name"
> extension
> (http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternativ
"Victor B. Wagner" writes:
[...]
> This is about unexpected values in KNOWN extension. Not about totally
> new extension with new OID.
I think you're misreading it---I think it's talking about unexpected
extensions. In any case I think the language in RFC 5280 makes it
clearer (and we should a
Joe Friedeggs writes:
> I'm pretty much a noob when it comes to SSL, so any help would be
> greatly appreciated. I just installed Openldap running TLS with self
> signed certs. Everything *seems* to be working fine (LDAP logs show
> TLS encryption), but when I run the s_client from the LDAP (Li
li...@kaiser.cx writes:
> Hi,
>
> On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
>
>> We need to put some extra informations (simple strings) into the
>> certificates (e.g. year of birth, ...).
>> I have looked around the internet, but don't really find any usefull stuff.
>
> define a
Stephen Lewis writes:
[...]
> - It it possible to specify a dirName nameConstraint that allows CN to
> contain *.mydomain.com where * is anything but not allow CN = anything
> that does not end in .mydomain.com ?
I don't think that's possible (independent of what's expressible in
openssl.cnf).
Geoff Thorpe <[EMAIL PROTECTED]> writes:
[...]
> But in fact, the original question was about binary compatibility
Sure, and I've no reason to believe binary compatibility has been
broken in 0.9.8. (Though it's something I've never really cared
about.)
[...]
__
Geoff Thorpe <[EMAIL PROTECTED]> writes:
[...]
> Has this ever been (in recent history) an issue within a given
> release branch? Ie. has 0.9.8(n+1) ever broken apps that were
> running ok against 0.9.8n? 0.9.8x is of course not backwards
> compatible with 0.9.7y, and 0.9.9 will not be backward
"Saju Paul" <[EMAIL PROTECTED]> writes:
> It is very clear that you Thomas have never ever used the hmac routines !!
> So how you entertain yourself is irrelevant to the problem being discussed.
> thank you.
You'll need to give more information. For me, the following C++
program compiles, links
"Marcelo de Moraes Serpa" <[EMAIL PROTECTED]> writes:
[...]
> Does that mean that the developer made the link to the create account page
> via HTTPS (not important at all) and then forgot the really relevant part,
> which is to send the html form contents via HTTPS?
Yes.
Christopher Kunz <[EMAIL PROTECTED]> writes:
[...]
> Is there any up-to-date complete documentation available for the full
> function set of OpenSSL? For some of the stuff, like ASN.1 manipulation,
> I can't even find anything on Google...
Not that I know of. I use Source Navigator (or OpenGro
Christopher Kunz <[EMAIL PROTECTED]> writes:
> how can I extract all extensions from a certificate into a
> STACK_OF(X509_EXTENSION)? For certificate requests, there is
> X509_REQ_get_extensions that returns this stack, but how is that done
> with an actual certificate?
X509_get_ext_count(), X509
Anand Vasudevan <[EMAIL PROTECTED]> writes:
> Hi, am using libcurl(ver 7.15.4) which uses openssl libraries. When I
> ran my application with valgrind-3.1.0 in Fedora core 5, I observed
> some valgrind errors coming from open ssl library..any inputs? pls
> find the attached for the errors..
You
Dr S N Henson <[EMAIL PROTECTED]> writes:
[...]
> Ah, I see. The x509 -email option of OpenSSL 0.9.6 does just that.
So it does. Sorry, I should have RTFMed!
I've passed this information on to the Gnus list, so with any luck,
Gnus will be one of the first free MUAs to support S/MIME reasona
Dr S N Henson <[EMAIL PROTECTED]> writes:
[...]
> There's a function X509_get1_email() which will retrieve a list of
> email addresses both from the subject name and subjectAltName
> extensions and arrange them in a STACK. From then its trivial to
> just compare each or use sk_find().
>
> Curre
"Andrew Back" <[EMAIL PROTECTED]> writes:
> Has anyone used OpenSSL S/MIME module with UNIX MUAs? In particular Id be
> interested in config for use with Pine & Mutt. Im hoping theres some glue
> that makes things a bit more automatic than using OpenSSL command line.
The bleeding-edge CVS versio
work reliably, either. So what's the right thing to do?
--
Bruce Stephens [EMAIL PROTECTED]
MessagingDirect(UK) Ltd http://www.MessagingDirect.com/>
__
OpenSSL Project
7;s still true. DSA and things are mandatory for
TLS-1.0, but browsers don't support them (or not very well, anyway)
yet. (It'll probably be a while until the browsers support these
things properly---probably after next September when it won't matter
anyway.)
--
Bruce Stephens
56 matches
Mail list logo
