> While this may be reasonable advice for SNI, I'm not sure that
> this is correct for ALPN. I don't think it is actually possible
> to set the selected ALPN *without* using the ALPN callback. At
> least I can't see a way.
Correct, I wondered why I still used both callbacks.
But I also know
On 29/07/2022 17:21, Angus Robertson - Magenta Systems Ltd wrote:
I don't understand how to write the callback functions some of
the OpenSSL ALPN functions expect, and the manual really isn't
helping there either, so I'd like some help.
Use SSL_CTX_set_client_hello_cb to set a SSL_client_hel
*,SSL_client_hello_cb_fn,void *)': cannot convert argument 2 from 'int (__cdecl
*)(SSL *,int,void *)' to 'SSL_client_hello_cb_fn'
Someone please help, if possible. Thanks.
Original Message
*Subject:* Re: SSL_CTX_set_alpn_select_cb and Other OpenSSL A
> I don't understand how to write the callback functions some of
> the OpenSSL ALPN functions expect, and the manual really isn't
> helping there either, so I'd like some help.
Use SSL_CTX_set_client_hello_cb to set a SSL_client_hello_cb_fn
function, which you can parse to get TLSEXT_TYPE_server
Hi again.
I don't understand how to write the callback functions some of the OpenSSL ALPN
functions expect, and the manual really isn't helping there either, so I'd like
some help.
I have a HTTP/2 upgrade request inside the ClientHello and it's causing my
server app to give an error about an u
Any chance of running your server under valgrind or similar?
This should make the leaks more concrete.
Pauli
On 10/4/22 6:07 pm, Ram Chandra via openssl-users wrote:
Hi,
I have recently started developing using OpenSSL and i am
confused/unclear about below topic.
Request you to help me.
I
Hi,
I have recently started developing using OpenSSL and i am confused/unclear
about below topic.
Request you to help me.
I am running a DTLS Server which handles more than 1000 connections.The problem
i am facing is every time I close connections and also connect again I see
there is some RA
Thanks for the clarification David. Your help is much appreciated.
David von Oheimb , 31 Ağu 2021 Sal, 08:50 tarihinde şunu
yazdı:
> Hello Dennis,
>
> here are answers to your questions.
>
>
>- All CRL signatures are (by default) verified - otherwise status
>checking by CRLs would be inse
Hello Dennis,
here are answers to your questions.
* All CRL signatures are (by default) verified - otherwise status
checking by CRLs would be insecure. The function used is
def_crl_verify() in crypto/x509/x_crl.c
* All CRLs are kept in the X509_STORE such that they can be reused for
Hello,
I'm trying to use OpenSSL to validate a certificate chain with CRLs. To
achieve this, I create a X509_STORE and add trusted (root) certificates
into it via X509_STORE_add_cert(). I also add CRLs published by root and
intermediate CAs into the store using X509_STORE_add_crl(). Then I create
Hi,
Tried the example on:
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
On the Linux platform, when I set plaintext to "jason", it works fine.
When I set it to "Jason", it returns an empty string.
It works fine on windows platform for both cases.
Thanks for your h
0x48, 0x60,0xbb, 0x69, 0x49, 0x64, 0xa3, 0x0d,
> 0xdb, 0xaa};
>
>
>
>
>
> unsigned char
> hashnew[]={0x8f,0x43,0x43,0x46,0x64,0x8f,0x6b,0x96,0xdf,0x89,0xdd,0xa9,0x1c,0x51,0x76,0xb1,0x0a,0x6d,0x83,0x96,0x1d,0xd3,0xc1,0xac,0x88,0xb5,0x9b,0x2d,0xc3,0x2
> On Aug 29, 2018, at 5:53 AM, Linta Maria wrote:
>
> As you suggested, signature wasn't correct.
> With below input also it's not working.
Once again, the code is working correct, the key below did not produce
the posted signature. Please use "openssl rsautl" as shown in my
previous message
x51,0x76,0xb1,0x0a,0x6d,0x83,0x96,0x1d,0xd3,0xc1,0xac,0x88,0xb5,0x9b,0x2d,0xc3,0x27,0xaa,0x4};
-- Forwarded message -
From: *Viktor Dukhovni*
Date: Wed 29 Aug, 2018, 11:30 AM
Subject: Re: [openssl-users] Openssl api for signature verification using
digest
To: openssl-users@ope
> On Aug 29, 2018, at 1:05 AM, Linta Maria wrote:
>
> Still its not working.
The code is working correctly. The real problem is that the PEM
format 2048-bit RSA key you posted:
> BEGIN PUBLIC KEY-
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMjyWZfVfBpmNKmIm9HH
> FnrhDLZaCmQvZz57uJH
Thanks Viktor for the help….
Please find below the input format.
Still its not working.
> On Aug 28, 2018, at 7:08 AM, Linta Maria wrote:
>
> I have used below code, but it’s not working. Please help me to get the
correct API.
>
> /*
> * NB: assumes verify_key, sig, siglen md and mdlen are a
[ Please post plain text, not HTML ]
> On Aug 28, 2018, at 7:08 AM, Linta Maria wrote:
>
> I have used below code, but it’s not working. Please help me to get the
> correct API.
>
> /*
> * NB: assumes verify_key, sig, siglen md and mdlen are already set up
> * and that verify_key is an RSA p
Thanks Nicola for the updates.
But I need to verify signature with hashed data or digest not with original
message.
Is there any openssl API to implement that?
On Tue 28 Aug, 2018, 5:18 PM Nicola, wrote:
> Hi!
>
> I would suggest using the newer `EVP_DigestSign` interface.
>
>
Hi!
I would suggest using the newer `EVP_DigestSign` interface.
You could find more documentation about it here:
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
Here is the relevant manpage:
https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerifyInit.html
Best regards,
Nicola
Hi All,
I have started using open ssl recently for implementing some cryptographic
operation.
Now I want to implement signature verification by taking Signature and
hashed data as input, but I am not able to get the proper API.
I have used below code, but it’s not working. Please help me to
On Wed, Jul 15, 2015 at 01:33:08AM +, Salz, Rich wrote:
> >if ASN1_TINE_set_string() avoids that limitation, despite Victor's
> >suggestion to never use it.
>
> It does avoid the limitation, using only |struct tm| to hold parsed fields,
> and not building a |time_t| from it. Not sure why
On 15/07/2015 11:13, Victor Wagner wrote:
On Tue, 14 Jul 2015 20:35:31 +0200
Jakob Bohm wrote:
Does ASN1_TIME_set_string() support dates outside the
time_t range of the local libc?
Why do yo need time dates outside of 64-bit integer range?
Sun would explode into red giant sooner than that amo
On Tue, 14 Jul 2015 20:35:31 +0200
Jakob Bohm wrote:
>
> Does ASN1_TIME_set_string() support dates outside the
> time_t range of the local libc?
Why do yo need time dates outside of 64-bit integer range?
Sun would explode into red giant sooner than that amount of time passes.
> This is import
>if ASN1_TINE_set_string() avoids that limitation, despite Victor's suggestion
>to never use it.
It does avoid the limitation, using only |struct tm| to hold parsed fields, and
not building a |time_t| from it. Not sure why Viktor doesn't like it. It seems
to me it's the only portable thing t
On 14/07/2015 21:50, Salz, Rich wrote:
This is important when creating root certs with expiry dates after 2038
Not an issue for openssl. As long as you use ASN1_TIME values, it's okay.
Might be an issue if converting to time_t on 32-bit platforms.
Victor suggested to use only ASN1_TIME_set()
> This is important when creating root certs with expiry dates after 2038
Not an issue for openssl. As long as you use ASN1_TIME values, it's okay.
Might be an issue if converting to time_t on 32-bit platforms.
___
openssl-users mailing list
To unsubs
On 13/07/2015 12:22, Victor Wagner wrote:
On Mon, 13 Jul 2015 12:25:40 +0530
Nayna Jain wrote:
Hi all,
I am programmatically generating the self signed certificate and need
to specify the "Not Before" and "Not After" date,
Wanted to understand what all formats are acceptable by this API ?
X
On Mon, 13 Jul 2015 12:25:40 +0530
Nayna Jain wrote:
>
> Hi all,
>
> I am programmatically generating the self signed certificate and need
> to specify the "Not Before" and "Not After" date,
>
> Wanted to understand what all formats are acceptable by this API ?
X509_set_notAfter and X509_set_
Hi all,
I am programmatically generating the self signed certificate and need to
specify the "Not Before" and "Not After" date,
Wanted to understand what all formats are acceptable by this API ?
Also, similarly while using API , what exactly is the time format
expected by X509_cmp_time(X509_ge
On Thu, Jun 11, 2015 at 06:01:26AM +0530, Nayna Jain wrote:
> I have similar concern for private key.
> If I have a pem file with private key in that, how do I check if that is
> RSA/DSA ?
In almost all cases don't check. Just load and use the key as a
generic EVP_PKEY.
--
Viktor.
> From: openssl-dev On Behalf Of Nayna Jain
> Sent: Wednesday, June 10, 2015 20:31
> If I have a pem file with private key in that, how do I check if that is
RSA/DSA ?
If it uses a "legacy" format, the BEGIN line specifies the algorithm
-BEGIN RSA PRIVATE KEY-
-BEGIN DSA PRIVATE KEY--
06/10/2015 10:18 AM
Subject:Re: [openssl-users] Is there openssl API to verify certificate
content is DER or PEM format ?
Sent by:"openssl-users"
On Wed, Jun 10, 2015 at 08:48:41AM +0530, Nayna Jain wrote:
> I think I will try with PEM_read_xxx and d2
On Wed, Jun 10, 2015 at 08:48:41AM +0530, Nayna Jain wrote:
> I think I will try with PEM_read_xxx and d2i_, then probably do not have
> to read throu first character as 0x30.
That works, provided you rewind or re-open the file.
> Are all d2i_xxx type of APIs for DER format.
Yes, they decode bi
PEM APIs. or there are DER specific APIs also, I
didn't find though, unless they are d2i_xxx types.
Thanks & Regards,
Nayna Jain
From: Viktor Dukhovni
To: openssl-users@openssl.org
Date: 06/09/2015 10:34 AM
Subject:Re: [openssl-users] Is there openssl API to verify ce
[ Please DO NOT post user questions to openssl-dev, that's rude. ]
On Tue, Jun 09, 2015 at 09:51:52AM +0530, Nayna Jain wrote:
> I need to verify if the certifiate I have received is having its content in
> PEM/DER format.
>
> Is there any API which if given file pointer like (fp) will tell me w
Hi,
I need to verify if the certifiate I have received is having its content in
PEM/DER format.
Is there any API which if given file pointer like (fp) will tell me whether
it has valid format of certificate and if yes then whether it is PEM/DER
format ?
If no API, then what is the other way to
For the primary signature it is "rsaEncryption" (OID 1.2.840.113549.1.1.1) and for the
counter signature it is "RSA-SHA1" (OID 1.2.840.113549.1.1.5).
Thanks.
-Prasad
On Sep 22, 2014, at 09:13 AM, Jakob Bohm wrote:
Ok, look in the SignerInfo structure of the secondary signature.
There is a
Ok, look in the SignerInfo structure of the secondary signature.
There is a separate field (digestEncryptionAlgorithm) indicating
the OID of the signature algorithm. Look at this and see if it is
different from the value in the outer signature, and look up the
value online to see what it means.
Well, I am bit confused here.
I am decrypting the signature using RSA_public_decrypt function passing it a
public key with RSA_PKCS1_PADDING option.
For primary signature, I get back a 35 byte value which is inclusive of the
digestAlgorithm. It is in the v1.5 format that you mention about.
Fo
On 19/09/2014 09:14, Prasad Dabak wrote:
The RFC links helped.
I am able to do decrypt the encrypted digest and match it with the
DigestInfo as explained in rfc2315.
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest }
Digest ::= OCTET STRING
The RFC links helped.
I am able to do decrypt the encrypted digest and match it with the DigestInfo
as explained in rfc2315.
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest }
Digest ::= OCTET STRING
I typically get back 35 byte decrypted digest wh
On 16/09/2014 12:22, Prasad Dabak wrote:
Hello,
I am currently focusing on matching various digests that we talked
about earlier in the thread.
1. Computing the hash of the executable (excluding the areas as
defined by MS) and matching it with the value stored in
spcIndirectData. This is st
Hello,
I am currently focusing on matching various digests that we talked about
earlier in the thread.
1. Computing the hash of the executable (excluding the areas as defined by MS)
and matching it with the value stored in spcIndirectData. This is straight
forward and figured out.
2. Computi
http://msdn.microsoft.com/en-us/windows/hardware/gg463180.aspx is the spec for
the Authenticode PE signature format.
http://msdn.microsoft.com/en-us/gg463119 is the Microsoft PE and COFF
Specification.
Better download them now before they disappear, they appear to be deprecated in
favor of Win
Thanks Jacob for your response. Very informative indeed!
Thanks
-Prasad
Sent from my iPhone
> On 09-Sep-2014, at 10:05 pm, Jakob Bohm wrote:
>
>> On 09/09/2014 09:01, Prasad Dabak wrote:
>> Thanks Jacob for an elaborate answer. Somehow I never received your response
>> to my registered email
On 09/09/2014 09:01, Prasad Dabak wrote:
Thanks Jacob for an elaborate answer. Somehow I never received your
response to my registered email address, hence delay in responding.
This time I have CC-ed you in addition to the mail list.
I have a few follow-up questions on your response.
1. So,
Thanks Jacob for an elaborate answer. Somehow I never received your response to
my registered email address, hence delay in responding.
I have a few follow-up questions on your response.
1. So, "encryptedDigest" has no relation to the stored "messageDigest"? I
thought it's a encrypted version
On 07/09/2014 05:43, Prasad Dabak wrote:
Hello,
Given a signed Windows portable executable, I want to programmatically
verify two things using openssl APIs
1. Verify the digital signature.
2. Confirm that the executable is signed by a specific company using
that company's public key.
It se
Hello,
Given a signed Windows portable executable, I want to programmatically verify
two things using openssl APIs
1. Verify the digital signature.
2. Confirm that the executable is signed by a specific company using that
company's public key.
It seems that part (1) can be done by parsing th
may helps below,
https://www.mail-archive.com/openssl-users@openssl.org/msg31570.html
Depends what you want to achive with openssl, good to start with its
online documents.
-
Saurabh Pandya
On 7/14/14, Kay Shamsa wrote:
> Hi;
>
> Can anybody please specify how I can use Open SSL API?
>
> Thanks
Hi;
Can anybody please specify how I can use Open SSL API?
Thanks
Kay
On Thu, Mar 13, 2014 at 12:07:09PM +0530, Harshal Talele wrote:
> I have now added server cert, private key and intermediate certificates
> in one file and reading them using SSL_CTX_use_certificate_chain_file()
> API.
>
> But one thing I want to understand. My server certificate is self-signed.
Thanks Victor.
I believe this was the problem.
I have now added server cert, private key and intermediate certificates in
one file and reading them using SSL_CTX_use_certificate_chain_file() API.
But one thing I want to understand. My server certificate is self-signed.
And intermediate certificat
On Mon, Mar 10, 2014 at 01:38:46PM +0530, Harshal Talele wrote:
> As a matter of fact with use of with use of
> SSL_CTX_use_certificate_chain_file() API SSL handshake continues to fail
You must put all the PEM certificates (leaf certificate and intermediate CAs)
in the *same* file. With the leaf
As a matter of fact with use of with use of
SSL_CTX_use_certificate_chain_file() API SSL handshake continues to fail
with error "
As you have mentioned Victor, I am using SSL_CTX_use_certificate_file() API
to read cert.pem which contains server certificate & private key.
Now I have another file cha
On Sat, Mar 08, 2014 at 08:26:54PM +0530, Harshal Talele wrote:
> In my case cert.pem file contains private key too.
> I wan to understand if I have to be use intermediate certificates in SSL
> handshake is there any specific way in which we have to populate SSL_CTX
> structure?
>
> I have tried
Thank you for your reply Meer.
In my case cert.pem file contains private key too.
I wan to understand if I have to be use intermediate certificates in SSL
handshake is there any specific way in which we have to populate SSL_CTX
structure?
I have tried using SSL_CTX_use_certificate_chain_file() AP
Harshal,
Check parameter 2 on SSL_CTX_use_PrivateKey_file(). It should be a pointer to
the name of the file that contains the private key, not the certificate file.
As an example on my (working) prototype server I use the following:
// Define whatever ciphers you want. I used AES-128. Client
Hello,
I am creating a SSL server /client architecture.
Wherein I am using code similar to mentioned below for populating my
Server's SSL_CTX
ret = SSL_CTX_use_certificate_file(sslctx, "/tmp/certs.pem",
SSL_FILETYPE_PEM);
if(ret != 1)
{
return false;
}
Have you tried googling for 'openssl license' or reading the second paragraph
of the OpenSSL home page on the web?
Regards,
jjf
From: LN [mailto:lnicu...@yahoo.com]
Sent: Monday, June 10, 2013 3:25 PM
To: openssl-users@openssl.org
Subject: using open
Hi,
Is it allowed to use the OpenSSL API in commercial applications ? What license
governs the OpenSSL library ?
Thanks!
On Tue, Apr 16, 2013, Derek Cole wrote:
> Hello,
>
> I am cross posting this to the list in hopes of getting some more traffic:
>
> http://stackoverflow.com/questions/16026718/how-to-load-a-config-for-cert-signing-request-with-openssl-api
>
> Basically I am trying to modif
> Von: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] im
> Auftrag von Derek Cole [derek.c...@gmail.com]
> Gesendet: Dienstag, 16. April 2013 14:29
> An: openssl-users@openssl.org
> Betreff: Loading a config file with the OpenSSL API
>
> Hello,
>
>
On Mon, Jul 30, 2012 at 5:15 AM, Erwann Abalea
wrote:
> GOST is not a block cipher, it's the acronym for "GOsudarstvennyi STandard",
> which means "State Standard". It's not dedicated to cryptography.
My apologies. I thought you were referring to the GOST block cipher.
(I've never used it, but kne
Hi Jeff
There are two GOST algorithms.
GOST
28147-89 is for symmetric block cyphering and GOST R 34.10-2001 for asymmetric
cyphering and digital signing.
OpenSSL support both algorithms.
I mean GOST
R 34.10-2001 here.
Best Regards
GOST is not a block cipher, it's the acronym for "GOsudarstvennyi
STandard", which means "State Standard". It's not dedicated to cryptography.
Speaking of GOST standard is redundant, but clearer for non russian
locutors.
There's a block cipher (poorly) defined as a GOST standard, referenced
On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo wrote:
> Hi all!
>
> The last problem is how to create GOST key pair for certificate.
> It is clear how to create RSA keys.
> Sample is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
>
> #include
> #include
> EVP_PKEY_CTX *ctx;
>
Hi all!
The
last problem is how to create GOST key pair for certificate.
It is
clear how to create RSA keys.
Sample
is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
#include
#include
EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)
Thank you All
Samples were very useful.
I could create certificates request using RSA keys.
But how to create request usign using GOST keys?
Best Regards
Vladislav
I wrote this a while ago, but I think it was trivially modified from
something I found online. I added a few comments, which perhaps is
helpful__
OpenSSL Project http://www.openssl.org
User Suppor
On Fri, Jul 20, 2012, Abyss Lingvo wrote:
> Hi all!
>
>
> How to
> create certificate request programmatically via OpenSSL API?
>
> This is the solution for command line utility:
>
> openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024
&g
You can take the code in apps/req.c and extract the pieces you need.
On 07/20/2012 10:17 AM, Abyss Lingvo wrote:
Hi all!
How to create certificate request programmatically via OpenSSL API?
This is the solution for command line utility:
openssl genrsa -out server_key.pem -passout pass
Hi all!
How to
create certificate request programmatically via OpenSSL API?
This is the solution for command line utility:
openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024
openssl req -new -key server_key.pem -passin pass:$passwd \
-passout pass:$passwd -out
I've got a project ( https://github.com/zackw/moeller-ref ) which does
a bunch of elliptic curve operations against custom curves, using the
OpenSSL and/or Crypto++ low-level APIs (two parallel implementations
of the same asymmetric cryptosystem). One function in each
implementation performs decry
emory, rather than files.
I know that the OpenSSL API loves storing stuff to and loading it from
files, but we'd prefer to avoid having to put anything at all in files
if at all possible.
cjs
--
Curt Sampson +81 90 7737 2974
Then I ducked into Burger King to scarf down
Is there some document around that discusses best practices for dealing
with memory management for OpenSSL objects? Most or all of the examples
in _Network Security with OpenSSL_ seem to rely on the program ending
to clean up any allocated objects left lying around, which of course is
not really an
I'm writing code to modify the subject key identifier for a cert.
I've noticed that when the new SKI is written out that it doesn't have
the ASN1 tag for the OCTET_STRING prepended to the data (0x0414 for
the SKI). I've written the following code to work around that but it
seems overly complicated
Hi All,
I would like to get each of the field and value of the public key info from
the certificate using the API:
- public key algo: id-ecPublicKey
- Size of the pub key (256 bit).
- pub: 02:1d:7d:69:c5:7e:ef:15:f0:76:6a:60:5a:9e:1e:
68:1f:33:6c:ca:10:62:5a:21:6e:ab:4f:d
pdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF
AAOBgQCfQ89bxFApsb/isJr/aiEdLRLDLE5a+RLizrmCUi3nHX4adpaQedEkUjh5
u2ONgJd8IyAPkU0Wueru9G2Jysa9zCRo1kNbzipYvzwY4OA8Ys+WAi0oR1A04Se6
z5nRUP8pJcA2NhUzUnC+MY+f6H/nEQyNv4SgQhqAibAxWEEHXw==
-END CERTIFICATE-
i hope this will help you.
Thanks
Balamurugan
-
Hi ,
I am using X509* ** pX = * PEM_read_X509*(FILE *fp, X509 **x,
pem_password_cb *cb, void *u);
to get a X509 certificate structure from PEM format File.
My File(fp) looks like below:
-BEGIN CERTIFICATE-
MIIEQzCCAyugAwIBAgIPAMdMAQEALqZRDlTBXHdHMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkd
try rehash the certs
I am loading the certificate stores from /etc/ssl/certs which
contains the stores that mozilla, chrome, and the like all verify
from, but no matter what I do I can't get a single certificate to verify.
On Fri, Aug 06, 2010, Sam Jantz wrote:
> To whomever may have an answer,
>
> I am writing a SSL/TLS proxy server for my work that is multi-threaded.
> I recently replaced my OpenSSL version with 1.0.0a from 0.9.8g. In this
> application I need to verify the server certificate otherwise al
To whomever may have an answer,
I am writing a SSL/TLS proxy server for my work that is multi-threaded.
I recently replaced my OpenSSL version with 1.0.0a from 0.9.8g. In this
application I need to verify the server certificate otherwise all the
security will be bypassed. However, when I
Dear all,
I want to verify server certificate signature. So please tell me how to
verify server certificate signature using Openssl API. What API I need to
use for signature verification?
Thank you.
Regards,
--Ajeet Kumar Singh
Hi All,
We are implementing Mutual TLS for SIP phone(Polycom SoundPoint IP phone).
In SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type),
here generally we pass macros SSL_FILETYPE_PEM/SSL_FILETYPE_ASN1 as
arguments for the type.
Is there any OpenSSL API available through
Hi all,
Is there any OpenSSL API which will give me the value of Authority
Information Access in extensions ? If not , then how to get this value from
a X509 structure
Thanks in advance,
Aravind.
n
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
Hi Aravind:
On November 6, 2008 01:51:20 am Aravinda babu wrote:
> Hi all,
>
> Is there any OpenSSL API which will prepare the certificate chain
from the
> peer certificate given a
On November 7, 2008 06:08:19 am Aravinda babu wrote:
> Hi all,
>
> First of all thanks for all of your suggestions and information.I got a
> clear idea of how to do the required thing.
> I forgot to mention one thing.
>
> We are making one library for certificate management which will be used by
>
ember 6, 2008 01:51:20 am Aravinda babu wrote:
> > Hi all,
> >
> > Is there any OpenSSL API which will prepare the certificate chain from
> the
> > peer certificate given as input ? I have only peer certificate.I
> > have to build the cert chain from this
Hi Aravind:
On November 6, 2008 01:51:20 am Aravinda babu wrote:
> Hi all,
>
> Is there any OpenSSL API which will prepare the certificate chain from the
> peer certificate given as input ? I have only peer certificate.I
> have to build the cert chain from this
>
Hi all,
Is there any OpenSSL API which will prepare the certificate chain from the
peer certificate given as input ? I have only peer certificate.I
have to build the cert chain from this
Thanks in advance,
Aravind.
Hi,
I am trying to create the following certificate file by openssl api()
1. Generating self-signed CA certificate (RSA) - executing by openssl
command
=
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" -keyout
Hi,
I am trying to create the following certificate file by openssl api()
1. Generating self-signed CA certificate (RSA) - executing by openssl
command
=
$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" -keyout
Hi,
I want to use the openssl library on a mobile device. Due to the limited memory
space I want to strip down the openssl api in that way, that I can still offer
proper SSL/TLS functionality to connect to a https webserver yet use as less
memory as possible.
Any advices/ recommendations
Hi,
I want to use the openssl library on a mobile device. Due to the limited memory
space I want to strip down the openssl api in that way, that I can still offer
proper SSL/TLS functionality to connect to a https webserver yet use as less
memory as possible.
Any advices/ recommendations
On Fri, Apr 07, 2006, Tatsuya Tsurukawa wrote:
> Dear Steve,
>
> I've tried it with the following code, but I couldn't get the correct data
> yet. Could you please point out the wrong point of the following code.
>
> // variables
> int iResult = 0;
> unsigned char cert[2000];
> BIO *bioPtr;
> X5
t To-Be-Signed portion of certificate with openssl api ?
>> In case of using JDK, X509Certificat class and getTBSCertificate() method
>> seem to be available for the same purpose.
>>
>> I'm not familiar with the openssl api, and I couldn't find the appropriate
&
On Wed, Mar 01, 2006, Tatsuya Tsurukawa wrote:
> Hi All,
>
> I have a quick question.
> How can I get To-Be-Signed portion of certificate with openssl api ?
> In case of using JDK, X509Certificat class and getTBSCertificate() method
> seem to be available for the same pur
info out
of it, though. You could, however, look at the 'req', 'ca', and
'x509' programs to see what they do.
-Kyle H
On 2/28/06, Tatsuya Tsurukawa
<[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I have a quick question.
> How can I get To-Be-Signed p
Hi All,
I have a quick question.
How can I get To-Be-Signed portion of certificate with openssl api ?
In case of using JDK, X509Certificat class and getTBSCertificate() method
seem to be available for the same purpose.
I'm not familiar with the openssl api, and I couldn't find the a
1 - 100 of 106 matches
Mail list logo
