Hi,
I am implementing the OCSP for my application. Have a doubt on the
'certs' argument for the API "OCSP_basic_verify":
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
Here the second
Am 24.02.2015 um 16:19 schrieb Salz, Rich:
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for "openssl ocsp", should I file a documentation
defect in RT for that?
yes, please.
Never mind, Stephen already fixed the doc in master :)
Sorry, I sent alrea
On Tue, Feb 24, 2015, Stephan M?hlstrasser wrote:
>
> Do I understand it correctly then that "a local configuration of
> OCSP signing authority" here means that it is a deliberate choice
> inside OpenSSL itself to look for the OCSPSigning flag in the
> extended key usage of the root CA, although
Am 24.02.15 um 14:47 schrieb Dr. Stephen Henson:
If the responder root CA is set to be trusted for OCSP signing then it can be
used to sign OCSP responses for any certificate (aka a global responder). This
comes under:
1. Matches a local configuration of OCSP signing authority for the
c
> > As there is no documentation and as noone seems to know the meaning of
> > the -no_explicit for "openssl ocsp", should I file a documentation
> > defect in RT for that?
>
> yes, please.
Never mind, Stephen already fixed the doc in master :)
___
ope
> As there is no documentation and as noone seems to know the meaning of
> the -no_explicit for "openssl ocsp", should I file a documentation defect in
> RT
> for that?
yes, please.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
On Wed, Feb 18, 2015, Stephan M?hlstrasser wrote:
>
> What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using
> the "-no_explicit" command line option. What exactly is checked by
> the X509_check_trust() call above with respect to the relevant RFCs?
>
If the responder root CA is set
ion. What exactly is checked by the
X509_check_trust() call above with respect to the relevant RFCs?
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for "openssl ocsp", should I file a documentation
defect in RT for that?
If I understand the co
Hi,
I have a question about the behavior of OCSP_basic_verify() and the
meaning of the OCSP_NOEXPLICIT flag. The OCSP_basic_verify() function is
the only place where this flag has an effect in the whole OpenSSL
source, and in the "openssl ocsp" application it can be se
I made an error. I didn't actually add OCSPSigning extended key usage to the
OCSP responder cert.
My attempt(which I found at the mailing list archive) was bad:
openssl x509 -in 03.crt -inform PEM -addtrust OCSPSigning -out
ocsp_resp_cert.pem
"-addtrust" is another command for another purpose
t.crt -text
After that I try to verify 01.crt via OCSP and I get the above error.
If I would use the root CA as the OCSP responder's cert all is ok: OCSP_basic_verify not failed and I get OCSP status
"GOOD".
I see docs on openssl.org: ocsp(1) section OCSP "Response verifica
: OCSP_basic_verify FAILED(returns -1) (all details in email)
On Wed, Jun 06, 2012, Vladimir Belov wrote:
Hello.
OCSP_basic_verify failed(returns -1) although "openssl ocsp -respin
..." show "Response verify OK" with the same OCSP response and root
CAs.
I attached to this email the ZIP a
On Wed, Jun 06, 2012, Vladimir Belov wrote:
> Hello.
>
> OCSP_basic_verify failed(returns -1) although "openssl ocsp -respin
> ..." show "Response verify OK" with the same OCSP response and root
> CAs.
>
> I attached to this email the ZIP and TAR a
Hello,
I am facing a problem with the OCSP_basic_verify call.
I have a client certificate which is having the signature algorithm as
sha1RSA.
I have made sure that i call SSL_library_init with initialization of the
EVP_sha1 digest.
But i still see the error while processing the OCSP response
Hello,
> I am getting the following error in calling OCSP_basic_verify():
>
> error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus
>
> Could somebody advice what is going wrong?
In RSA you can encrypt/decrypt only as much data as RSA key size
(size of RSA
Hi,
I am getting the following error in calling OCSP_basic_verify():
error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus
Could somebody advice what is going wrong?
Regards,
-wenwu
__
OpenSSL Project
On Tue, Oct 25, 2005, Steffen Fiksdal wrote:
Hi!
What return code(s) from OCSP_basic_verify() signals that the
verification process went ok, regardless of any flags set ?
Anything >0 though at present it will only return 1 for success.
I see in the function that if ocsp_check_iss
On Tue, Oct 25, 2005, Steffen Fiksdal wrote:
> Hi!
>
> What return code(s) from OCSP_basic_verify() signals that the
> verification process went ok, regardless of any flags set ?
>
Anything >0 though at present it will only return 1 for success.
Steve.
--
Dr Stephen N. Hen
Hi!
What return code(s) from OCSP_basic_verify() signals that the
verification process went ok, regardless of any flags set ?
Best Regards
Steffen Fiksdal
__
OpenSSL Project http
: [EMAIL PROTECTED]
Subject: Re: OCSP_basic_verify
Tat Sing Kong wrote:
>
> (sobbing) I have been looking for the documentation, but there is none.
All
> I can see i the definition of
> some flags:
>
> #define OCSP_NOCERTS0x1
> #define OCSP_NOINTERN
to the flag it sets.
Most of the time you wont need any of the flags. However for the
OCSP_basic_verify operation here's a summary...
OCSP_NOINTERN don't look internally in the OCSP response for the
signer's certificate only look in the certs STACK. Same as -no_intern i
0x400
#define OCSP_NOTIME 0x800
What are they?
Tat.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr S N Henson
> Sent: 11 December 2001 18:21
> To: [EMAIL PROTECTED]
> Subject: Re: OCSP_basic_ver
Hi,
I have been trying to figure out what the flags are for this function and
have come up with the following, can someone verify?
int OCSP_basic_verify(OCSP_BASICRESP *bs, // the OCSP response
STACK_OF(X509) *certs, // intermediate signing certs
23 matches
Mail list logo
