Is "surprising" a better word than sub-optimal?
If you and Dave didn't know about it (nor did I) then it's surprising. And
therefore probably not a good thing. Yes it can be useful. But the openssl
"rehash" program only read one PEM block per file. So we need to fix one of
those things.
___
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich
> Sent: Tuesday, July 07, 2015 08:36
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] SSL_CTX_load_verify_locations only with
> CAPath
>
> > I thought, as the d
> I thought, as the doc has (always? long?) said, that CApath must have each
> cert (or CRL) in a separate file. But on checking I see that by_dir.c
> actually calls
> X509_load_{cert,crl}_file from by_file.c, which for PEM loads all certs (or
> crls)
> in a file to the working context. Thus a ha
-users-boun...@openssl.org] Im Auftrag von
David Thompson
Gesendet: Dienstag, 7. Juli 2015 04:57
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] SSL_CTX_load_verify_locations only with CAPath
> From: openssl-users On Behalf Of Dr. Roger Cuypers
> Sent: Monday, July 06, 2015 10:43
&g
> From: openssl-users On Behalf Of Dr. Roger Cuypers
> Sent: Monday, July 06, 2015 10:43
> Follow up:
>
> For some reason, the X509_NAME_hash function calculates a very different
> hash for the server certificate:
>
> 5ad8a5d6
>
> Renaming the certificate to 5ad8a5d6.0 causes it to be found, but I
richt-
Von: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von
Salz, Rich
Gesendet: Montag, 6. Juli 2015 16:46
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] SSL_CTX_load_verify_locations only with CAPath
> For some reason, the X509_NAME_hash function calc
> For some reason, the X509_NAME_hash function calculates a very different
> hash for the server certificate:
Ah. Have you mixed openssl versions? At one point the hashing changed from
md5 to sha1. That would explain why specifying a directory works, but a
specific file doesn't.
_
: openssl-users [mailto:openssl-users-boun...@openssl.org] Im Auftrag von
Dr. Roger Cuypers
Gesendet: Montag, 6. Juli 2015 11:35
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] SSL_CTX_load_verify_locations only with CAPath
Tried what you suggested, but SSL_get_verify_result still returns
von
David Thompson
Gesendet: Sonntag, 5. Juli 2015 14:19
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] SSL_CTX_load_verify_locations only with CAPath
From: openssl-users On Behalf Of Dr. Roger Cuypers
Sent: Friday, July 03, 2015 11:01
> I'm trying to do peer client verificatio
From: openssl-users On Behalf Of Dr. Roger Cuypers
Sent: Friday, July 03, 2015 11:01
> I'm trying to do peer client verification using the
> SSL_CTX_load_verify_locations function
> However, setting only CAPath will not:
> This will result in a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error.
Hello there,
I'm trying to do peer client verification using the
SSL_CTX_load_verify_locations function in conjunction with the
SSL_get_peer_certificate and SSL_get_verify_result function. If I
SSL_get_verify_result call this way setting CAFile, it will work for me:
SSL_CTX_load_verify_locatio
11 matches
Mail list logo
