Re: [openssl-users] Regarding SSL_VERIFY_PEER

2017-05-03 Thread john gloster
Hi Victor and Michael, Thanks for your respective response. I need to make sure the following validation happens. - subject field in one certificate matches with the issuer field in the subsequent certificate - no duplicate certificate in the chain - basicConstraints : for CA cer

[openssl-users] Regarding SSL_VERIFY_PEER

2017-05-03 Thread john gloster
Hi, I needed to validate different extensions of each of the Issuer certificate in the chain. Snippet rom https://linux.die.net/man/3/ssl_set_verify: "The certificate chain is checked starting with the deepest nesting level (the root CA certificate) and worked upward to the peer's certificate. A

[openssl-users] SSL_VERIFY_PEER

2017-05-02 Thread john gloster
Hi, I needed to validate different extensions of each of the Issuer certificate in the chain. Snippet rom https://linux.die.net/man/3/ssl_set_verify: "The certificate chain is checked starting with the deepest nesting level (the root CA certificate) and worked upward to the peer's certificate. A

[openssl-users] OSCP.

2017-04-12 Thread john gloster
Could anyone point me to some OSCP samples? Needed to check whether CA certificate is still active. Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] CA validation.

2017-04-12 Thread john gloster
Hi, Does X509_verify_cert() checks KeyUsage extension? Is there any API to check whether the CA certificate is properly used based on the Criticality specified in the certificate? [Eg. CRL signing, Key Cert signing etc.] Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openss

[openssl-users] Certificate path validation.

2017-03-29 Thread john gloster
Is there any API to retrieve the values of BasicConstraint extention of a certificate? Needed to find out whether it is a CA certificate and Path Length constraint. Could someone please provide me with sample code? Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/ma

Re: [openssl-users] Load secrets to context.

2016-07-27 Thread john gloster
CATE message of the handshake. On Wed, Jul 27, 2016 at 10:08 PM, Viktor Dukhovni < openssl-us...@dukhovni.org> wrote: > On Wed, Jul 27, 2016 at 09:28:55PM +0530, john gloster wrote: > > > Can we use both the following APIs in the same application to load &

[openssl-users] Load secrets to context.

2016-07-27 Thread john gloster
Hi, Can we use both the following APIs in the same application to load certificate to the SSL context? *SSL_CTX_use_certificate_file()* *SSL_CTX_use_certificate_chain_file()* If we can how to use them? Thanks in advance. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mai