Re: OpenSSL FIPS Certification

Are you going to support not only 0.9.7 branch, but also 0.9.8 branch? +Kiyoshi Kiyoshi Watanabe - Original Message - From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: Sent: Monday, January 30, 2006 10:07 PM Subject: Re: OpenSSL FIPS Certification On Sun, Ja

secure code guidance

Hi Team, This might be dev topic, but let me ask. Is there any coding guidance for the core team and application developer? Is anybody doing the source code review like open bsd team does for their code? Thanks! With Best Regards, Kiyoshi Kiyoshi Watanabe

Re: Doubt regarding x509_verify_cert

The Bridge CA is a CA(hub) to bridge the two different CAs, so no need to have a Self-signed certificate for BridgeCA. If you are relying party in Root CA1 domain and if you want to create a certificate path, you will probably have: SelfCert1byRootCA1, CrossCertFromRootCA1toBridgeCA, CrossCert

installation problem on openssl 0.9.8a to solaris 10 x86 intel under virtual pc

f.o' DES_ENC='dx86-elf.o yx86-elf.o'   AES_ASM_OBJ='ax86-elf.o' BF_ENC='bx86-elf.o' CAST_ENC='cx86-elf.o'    RC4_ENC='rx86-elf.o' RC5_ENC='r586-elf.o'   SHA1_ASM_OBJ='sx86-elf.o s512sse2-elf.o'  MD5_ASM_OBJ='mx86-elf.o'    RMD160_ASM_OBJ='rm86-elf.o'   THIS=${THIS:-build_crypto} MAKEFILE=Makefile MAKEOVERRIDES= TOP=.. DIR=$dir $target  ) || exit 1;  fimake: Fatal error: Command failed for target `build_crypto'   --   I would very appreciate if you could give me any work around.     +Kiyoshi Kiyoshi Watanabe

Re: Certificate fetching for bridge CA configuration

. -Kiyoshi Kiyoshi Watanabe > So, this is perhaps the most simple "bridge" PKI arrangement: > > +-+---++-+---+ > |T| |

Re: crlDistributionPoints with DirName value?

Hi, > crlDistributionPoints = DirName:/C=FI/O=SSH Communications Security Corp/CN=SSH Test > CA 2 No Liabilities How about crlDistributionPoints = @crl_dist [ crl_dist ] DirName = /C=FI/O=SSH Communications Security Corp/CN=SSH Test CA 2 No Liabilities -Kiyoshi Kiyoshi Wa

Re: retrive the private key from RSA KEON CA certificate

> Why don't you convert or issue the PKCS#11 in DER format. I believe PKCS#12, not PKCS#11 sorry for my typo. -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User

Re: retrive the private key from RSA KEON CA certificate

openssl will read the starndard PKCS12 binary file without having any problem and you can use FORMAT_PKCS12. -Kiyoshi Kiyoshi Watanabe > I have a CA certificate exported from RSA KEON, which is PEM encoded pkcs#12 > certificate (listed below.) > It seems encoded by base64 , I hav

Re: why -issuer option in OCSP client options must be PEM format?

Hello, As you can see, the default certificate format is PEM in openssl command. I do not know the excact reason, but I agree that the ocsp command had better to have format option if you are requesting so. -Kiyoshi Kiyoshi Watanabe > Hi,all, > > Could some one tell me kindly why th

Re: Queries on SubjAltName

nssl.cnf file as a comment? -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager

Re: ASK: any option for CERTID in OCSP using AKID of the cert tobe checked

Kiyoshi Watanabe > On Sun, Jan 19, 2003, Kiyoshi WATANABE wrote: > > > > > Dear all and developers, > > > > Is any option to create the CertID.issuerKeyHash using the AKID of the > > cert to be checked, instead of using the issuer certificate itself, in > &g

Re: Help for openssl verify command and its strange error message

x in apps/verify.c, I would not get the error? or does it check in somewhere else? Sincerely, -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailin

Help for openssl verify command and its strange error message

6 13 02 4A 50 31 0D 30 0B 06 03 55 04 0A I think that the two values are the same to me. Please let me know why the verify command tells me the subject issuer mismatch and how I could correct this problem. I am attaching the 2 certificate for your reference. Sincerely, -Kiyoshi Kiyoshi

Re: How to set a CRLNumber extension in CRL

Dear Steve, Thank you for your comment. I understand the usage of this extension and fully agree with you. Best Regards, -Kiyoshi Kiyoshi Watanabe > On Thu, Oct 03, 2002, Kiyoshi WATANABE wrote: > > > > > Dear all, I want to know the way to implement to > > set

How to set a CRLNumber extension in CRL

ou give me some suggestion. Sincerely, -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated Li

Re: Checking certs against CRLs

been unable to locate any such function to use in the library. Any help > appreciated See in crypto/x509/x509_vfy.c around static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) funcions This can be found from 0.9.7 JUST Info... -kiyosh

Creating v1 certificate?

! Thanks in advance! Kiyoshi, Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager

Netscape Extension

Dear all, Let me ask that if I omit to specify the nsCertType extension, the certificate can be used for keyEncippherment even I specify the digitalSignature only in keyUsage? Does anyone knows that Netscape recognizes the keyUsage bit and limits the usage of the certificate? Regards, Kiyoshi