On Wed, Nov 03, 2010, Alexei Soloview wrote:
> Hello!
>
> I have read earlier messages about support of RSA-PSS, but I'm confused.
>
> I'm trying to verify certificate that signed using RSA-PSS. OpenSSL version
> is 1.0.0a.
>
PSS certificate signatures are not supported in OpenSSL 1.0.0a. Curr
On Sun July 4 2010, Jeremy Farrell wrote:
> > From: Behalf Of Michael S. Zick
> > Sent: Saturday, July 03, 2010 6:51 PM
> >
> > On Sat July 3 2010, Dr. Stephen Henson wrote:
> > > On Sat, Jul 03, 2010, belo wrote:
> > > >
> > > > Damn!
> > > > how can be possible that in the official openssl
> >
> From: Behalf Of Michael S. Zick
> Sent: Saturday, July 03, 2010 6:51 PM
>
> On Sat July 3 2010, Dr. Stephen Henson wrote:
> > On Sat, Jul 03, 2010, belo wrote:
> > >
> > > Damn!
> > > how can be possible that in the official openssl
> > > documentation there's
> > > nothing about this OpenSSL_
On Sat July 3 2010, Dr. Stephen Henson wrote:
> On Sat, Jul 03, 2010, belo wrote:
>
> >
> > Damn!
> > how can be possible that in the official openssl documentation there's
> > nothing about this OpenSSL_add_all_algorithms()?!?!?!?
> >
>
> http://www.openssl.org/support/faq.html#PROG8
>
The O
On Sat, Jul 03, 2010, belo wrote:
>
> Damn!
> how can be possible that in the official openssl documentation there's
> nothing about this OpenSSL_add_all_algorithms()?!?!?!?
>
http://www.openssl.org/support/faq.html#PROG8
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commerci
Damn!
how can be possible that in the official openssl documentation there's
nothing about this OpenSSL_add_all_algorithms()?!?!?!?
that documentation sucks a lot!
anyway thanks :)
--
View this message in context:
http://old.nabble.com/verify-certificate-in-c-tp29043989p29063450.html
Sent fro
Hi,
Just add a call to *OpenSSL_add_all_algorithms* at the beginning of your
main and the certificate verification will be OK.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
>
> Hi, I'm a newbie user of OpenSSL.
> I want to create a simple C program that verify a certificate chain like
> th
On Wed, Feb 10, 2010 at 4:23 AM, Dr. Stephen Henson wrote:
> On Tue, Feb 09, 2010, skillz...@gmail.com wrote:
>
>> I'm trying to programmatically verify that a certificate from a sub-CA
>> is signed by a specific root CA. I get an error of 7
>> (X509_V_ERR_CERT_SIGNATURE_FAILURE) from X509_verify_
On Tue, Feb 09, 2010, skillz...@gmail.com wrote:
> I'm trying to programmatically verify that a certificate from a sub-CA
> is signed by a specific root CA. I get an error of 7
> (X509_V_ERR_CERT_SIGNATURE_FAILURE) from X509_verify_cert. If I verify
> with the openssl command line tool using 'open
* Dr. Stephen Henson wrote on Wed, Sep 02, 2009 at 15:08 +0200:
> Including a public key certificate in no way risks the
> integrity of its private key as several others have said in
> this thread.
I think this theoretically opens the possibility to brute-force
the private key.
I think that Brute
* Serge Fonville wrote on Wed, Sep 02, 2009 at 13:00 +0200:
> The chain always includes all CAs and certificates. I've done some
> googling, and it shows that you can trust 'just' the intermediate CA
> without trusting the root CA, altough this kinda obsoletes the purpose
> of the root CA.
[...]
On Wed, Sep 02, 2009, Yin, Ben 1. (NSN - CN/Cheng Du) wrote:
> OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca
> signed by root ca. and each sub ca used as ca by 1000 terminals.so the total
> network size is 1000*1000. All our ca, including root ca and sub ca, was
> sto
>
> Br
>
> Ben
>
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
> Sent: Wednesday, September 02, 2009 1:30 PM
> To: openssl-users@openssl.org
> Subject: Re: Verify certific
sl-us...@openssl.org]
On Behalf Of ext Serge Fonville
Sent: Wednesday, September 02, 2009 1:30 PM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
If you are using client certificates, use a CRL at the server side.
that way you can assure that only those that you
t;
>
>
> Br
>
> Ben
>
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
> Sent: Wednesday, September 02, 2009 12:52 PM
> To: openssl-users@openssl.org
> Subject: Re:
eptember 02, 2009 12:52 PM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
Wat exactly are the applications you use, are they compiled against
openssl libraries?
On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng
Du) wrote:
> Yes. When server send certifi
: owner-openssl-us...@openssl.org
>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>> Sent: Wednesday, September 02, 2009 11:59 AM
>> To: openssl-users@openssl.org
>> Subject: Re: Verify certificate using subordinate ca
>>
>> If your cli
ext Serge Fonville
Sent: Wednesday, September 02, 2009 12:43 PM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
Everytime an application connects to an ssl-enabled server the
certificate chain is verified.
On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN
without root ca? Thanks.
>>
>>
>> Br
>>
>> Ben
>>
>> -Original Message-
>> From: owner-openssl-us...@openssl.org
>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>> Sent: Wednesday, September 02, 2009 11:
g]
On Behalf Of ext Serge Fonville
Sent: Wednesday, September 02, 2009 11:59 AM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
If your client application supports that, it could be done. but no
standard compliant application allows that to my knowledge.
On Wed,
enssl-us...@openssl.org] On Behalf Of ext Serge Fonville
> Sent: Wednesday, September 02, 2009 11:28 AM
> To: openssl-users@openssl.org
> Subject: Re: Verify certificate using subordinate ca
>
> How do you think compromising a CA would occur, because a CA could
> only becom compro
sl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of ext Serge Fonville
Sent: Wednesday, September 02, 2009 11:28 AM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
How do you think compromising a CA would occur, because a CA could
only
rg] On Behalf Of ext Serge Fonville
> Sent: Tuesday, September 01, 2009 5:14 PM
> To: openssl-users@openssl.org
> Subject: Re: Verify certificate using subordinate ca
>
> I don't see your problem honestly. Figuring out a private key is close
> to impossible.
> And stealing
enssl-us...@openssl.org]
On Behalf Of ext Serge Fonville
Sent: Tuesday, September 01, 2009 5:14 PM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
I don't see your problem honestly. Figuring out a private key is close
to impossible.
And stealing it, well, th
to fix the our whole network. Thanks.
>
>
> Br
>
> Ben
>
> -Original Message-
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
> Sent: Tuesday, September 01, 2009 4:31 PM
> To: openssl-users@
ptember 01, 2009 4:31 PM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
Based on what you state.
There is no purpose for the root CA.
What do you mean by compromised.
If you publish a CA certificate to clients, it does not include the
key. (normally)
So the on
@openssl.org] On Behalf Of ext Yin, Ben 1.
> (NSN - CN/Cheng Du)
> Sent: Tuesday, September 01, 2009 3:06 PM
> To: openssl-users@openssl.org
> Subject: RE: Verify certificate using subordinate ca
>
> Hi Serge,
>
> My intention is to keep my root ca out of compromise. We want to
Ben
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1.
(NSN - CN/Cheng Du)
Sent: Tuesday, September 01, 2009 3:06 PM
To: openssl-users@openssl.org
Subject: RE: Verify certificate using subordinate ca
Hi Serge,
My intenti
e Fonville
Sent: Tuesday, September 01, 2009 2:14 PM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
Hi,
Hmm...
I've had the same issue.
Basically it came down to "how do you know if the sub is reliable if
you do not know whether to trust the root?"
Hi,
Hmm...
I've had the same issue.
Basically it came down to "how do you know if the sub is reliable if
you do not know whether to trust the root?"
If you do not wish to have the root as part of the chain, create a new
chain where the sub is the root
What is the reason you do not want to use the
Thanks!
it works2005/7/21, Jorey Bump <[EMAIL PROTECTED]>:
francesco wrote:> I found some problems to verify the certificate I created with my own CA.> I don't know which certificates have to be included in the -CApath option.> I created a self signed cert and a server cert, then I created a
> clie
francesco wrote:
I found some problems to verify the certificate I created with my own CA.
I don't know which certificates have to be included in the -CApath option.
I created a self signed cert and a server cert, then I created a
client cert (using ever the same key) and I tried to verify it wit
On Tue, Jan 04, 2005, [EMAIL PROTECTED] wrote:
> Hello!
> I send the certificates from this case to You ("Dr. Stephen Henson"). Is my
> problem more clear now?
>
Yes, there are two separate issues here.
One is that OpenSSLs CRL handling isn't currently advanced enough to handle
more complex c
Hello!
I send the certificates from this case to You ("Dr. Stephen Henson"). Is my
problem more clear now?
-
Ten e-mail zostal wyslany z serwera
darmowych kont pocztowych plusik.pl
__
On Wed, Dec 29, 2004, [EMAIL PROTECTED] wrote:
> Hello!
> I have a problem to verify certificate against crl file.
> The situation is:
>1)CA which I use have 2 certificates, one is old certificate but still not
> expired and second is new certificate (becuase CA renew own certificate)
>2)
35 matches
Mail list logo
