:
>
> https://www.openssl.org/docs/manmaster/crypto/X509_VERIFY_PARAM_set_flags.html
>
>
>
> Hope this helps,
>
>
>
> Regards,
>
>
>
> Michel.
>
>
>
> *De :*openssl-users [mailto:openssl-users-boun...@openssl.org] *De la
> part de* Karl Den
/X509_VERIFY_PARAM_set_flags.html
Hope this helps,
Regards,
Michel.
De : openssl-users [mailto:openssl-users-boun...@openssl.org] De la part de
Karl Denninger
Envoyé : lundi 11 janvier 2016 04:08
À : openssl-users@openssl.org
Objet : Re: [openssl-users] (Probably) Silly Application Programming
On 1/10/2016 21:43, Viktor Dukhovni wrote:
> On Sun, Jan 10, 2016 at 08:20:41PM -0600, Karl Denninger wrote:
>
>> I found the problem... for an unexplained reason either the certificate
>> or key were corrupt; I have added checking to make sure they're
>> coherent, as apparently OpenSSL is perfectl
I got that book that's what I've been working with.
It looks like there have been some internal changes in OpenSSL and this
is no longer "appropriate" to use as null dereferences may occur (well,
ok, maybe a bit more than "may") :-)
Got some ideas here, thanks... I think I'm pointed in the r
On Sun, Jan 10, 2016 at 08:20:41PM -0600, Karl Denninger wrote:
> I found the problem... for an unexplained reason either the certificate
> or key were corrupt; I have added checking to make sure they're
> coherent, as apparently OpenSSL is perfectly happy to load a bogus cert
> (or key) without t
I think what you want might be found in the book "Network Security with
OpenSSL" from the year 2002, and the same code snippit can be found here:
http://www.cs.odu.edu/~cs772/ssl/c-examples/NSopenssl/common.c
look for "post_connection_check".
This is just something I remember from reading. I hav
Yeah, now I just have to figure out how to parse the X509 Extension data
from the certificate to pull out the SubjectAltName information :-)
There wouldn't be a snippet of code laying around somewhere that does
that given a X509 cert as input would there? It looks a bit arcane
On 1/10/20
It's always good to start with the s_client and s_server programs for
incrementally verifying compatibility in your new programs. Those would
have failed on your certificates, alerting you it's not a program problem.
On Sun, Jan 10, 2016 at 6:20 PM, Karl Denninger wrote:
> I found the problem..
I found the problem... for an unexplained reason either the certificate
or key were corrupt; I have added checking to make sure they're
coherent, as apparently OpenSSL is perfectly happy to load a bogus cert
(or key) without throwing an error, but won't present them.
On 1/10/2016 17:07, Judson Wil
On the client side, double check that you are creating the SSL object from
the context AFTER you set the client cert for the context, and not the
other way around.
On Sun, Jan 10, 2016 at 2:18 PM, Karl Denninger wrote:
> I'm sure this is a function of my lack of understanding of the
> documentat
I'm sure this is a function of my lack of understanding of the
documentation, but here it is...
I have an application that implements SSL-encrypted transport between
two or more devices. For those that are clients without certificates
(e.g. someone connecting with a web browser) it is working fin
11 matches
Mail list logo
