return 0;
}
- Mail original -
De: "nicolas kox"
À: openssl-users@openssl.org
Envoyé: Mercredi 24 Septembre 2014 14:07:16
Objet: Re: X509 problem
my bad...
good luck anyway
- Mail original -
De: "Amir Reda"
À: openssl-users@openssl.org
Envoyé: Mercredi 24 S
my bad...
good luck anyway
- Mail original -
De: "Amir Reda"
À: openssl-users@openssl.org
Envoyé: Mercredi 24 Septembre 2014 13:53:30
Objet: Re: X509 problem
no sir it is defined i have a pointer from the server as an attribute in the
client side if it isn't defined
no sir it is defined i have a pointer from the server as an attribute in
the client side if it isn't defined it will give a syntax error and i don't
have a syntax error
thx for reply
On Wed, Sep 24, 2014 at 2:44 PM, wrote:
> it seems that function "CreateCertificate" is not defined in client.cc
it seems that function "CreateCertificate" is not defined in client.cc
Regards
- Mail original -
De: "Amir Reda"
À: openssl-users@openssl.org
Envoyé: Mercredi 24 Septembre 2014 13:37:13
Objet: X509 problem
dear all
i have problem in my code it is a client send a certificate request t
Thanks and also the OID register.
--
View this message in context:
http://openssl.6102.n7.nabble.com/X509-custom-extension-tp44930p44933.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
= SET:dateOfBirth_val
[ dateOfBirth_val ]
id-pda-dateOfBirth.value = GENERALIZEDTIME:"19870427092500Z"
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Walter H.
Sent: Sunday, February 17, 2013 9:07 PM
To: openssl-users@openssl.org
S
On 15.02.2013 07:42, Walter H. wrote:
On Fri, February 15, 2013 07:07, Matthew Hall wrote:
On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote:
Hello,
can someone, please tell me, how to generate a certificate
that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
Thanks,
Walte
On Fri, February 15, 2013 07:07, Matthew Hall wrote:
> On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote:
>> Hello,
>>
>> can someone, please tell me, how to generate a certificate
>> that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
>>
>> Thanks,
>> Walter
>
> Hi Walter,
>
>
On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote:
> Hello,
>
> can someone, please tell me, how to generate a certificate
> that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
>
> Thanks,
> Walter
Hi Walter,
We could help better if we understood what's not working for you a
> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
> Sent: Monday, 11 February, 2013 23:04
Some minor points:
> On Mon, Feb 11, 2013 at 5:15 PM, Dave Thompson
wrote:
> >> On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
> > To "write out" to a file, don't need
On Mon, Feb 11, 2013 at 5:15 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
>> Sent: Monday, 11 February, 2013 00:41
>
>> On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
>>
>> > >> I'm trying to extract a public key (subjectPublicKeyI
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Monday, 11 February, 2013 00:41
> On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
>
> > >> I'm trying to extract a public key (subjectPublicKeyInfo)
> > >> form an X509 certificate.
> > >
> > > from apps
On Mon, Feb 11, 2013 at 12:41 AM, Viktor Dukhovni
wrote:
> On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
>
>> >> I'm trying to extract a public key (subjectPublicKeyInfo) form an X509
>> >> certificate.
>> >
>> > from apps/x509.c in the openssl source:
>> >
>> > EVP_PKEY
On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
> >> I'm trying to extract a public key (subjectPublicKeyInfo) form an X509
> >> certificate.
> >
> > from apps/x509.c in the openssl source:
> >
> > EVP_PKEY *pkey;
> >
> > pkey=X509_get_pubkey(x);
This is not the su
On Sun, Feb 10, 2013 at 11:31 PM, Daniel Black
wrote:
> On 11/02/13 14:12, Jeffrey Walton wrote:
>> Hi All,
>>
>> I'm trying to extract a public key (subjectPublicKeyInfo) form an X509
>> certificate.
>>
>
> from apps/x509.c in the openssl source:
>
> x=load_cert(bio_err,infile,informat,NULL,e,"Ce
On 11/02/13 14:12, Jeffrey Walton wrote:
> Hi All,
>
> I'm trying to extract a public key (subjectPublicKeyInfo) form an X509
> certificate.
>
> Should I look for the subjectPublicKeyInfo in X509_EXTENSION_get_object?
>
> What is the easiest (or recommended) way?
>
> Jeff
>
You can find out if the V1 cert verifies directly with any of the
certificates in the trust store or its own public key. There's pretty
much nothing else you can do with it, other than try to link it to a
Distinguished Name that may or may not be useful.
Also, (EXFLAG_V1|EXFLAG_SS) doesn't tell y
Hi steve,
Thanks. Got it.
That means we can't differentiate between CA and end-entity in case of V1
certificate.
We can only find out if the V1 cert is a self-signed certificate or not.
Correct ?
Regards,
Sanjaya
On Wed, Sep 26, 2012 at 2:36 AM, Dr. Stephen Henson wrote:
> On Tue, Sep 25, 2012
On Tue, Sep 25, 2012, sanjaya joshi wrote:
>
> We can conclude an X509 V1 certificate to be a root ca using
> (EXFLAG_V1|EXFLAG_SS).
> Similarly, is there a way to know whether an X509 V1 certificate is an
> intermediate CA or end-entity certificate ?
>
You can't: there is nothing in a V1 certi
Can you figure out a way to do it from the v1 fields? keyUsage is an
extension requiring v3.
-Kyle H
On Sep 24, 2012 11:28 PM, "sanjaya joshi" wrote:
> Hi,
>
> We can conclude an X509 V1 certificate to be a root ca using
> (EXFLAG_V1|EXFLAG_SS).
> Similarly, is there a way to know whether an X5
On Thu, Aug 16, 2012, Kenneth Goldman wrote:
> I call these:
>
> d2i_X509()
> X509_print_fp()
>
> which calls
> pkey_set_type()
> EVP_PKEY_asn1_find()
> and that call fails.
>
> I've traced the following error down to the rsaOAEP algorithm, which has a
> nid of 919. I
On Fri, Jul 27, 2012, Puneet Khunteta wrote:
> any Update ?
>
> regards,
> Puneet
>
> On Thu, Jul 26, 2012 at 4:27 PM, Puneet Khunteta
> wrote:
>
> > Hello Stephen,
> >
> > On using the suggestion provided by you , got the following output snippet
> >
> >
> > It shows extusage->data Empty.
> >
any Update ?
regards,
Puneet
On Thu, Jul 26, 2012 at 4:27 PM, Puneet Khunteta
wrote:
> Hello Stephen,
>
> On using the suggestion provided by you , got the following output snippet
>
>
> It shows extusage->data Empty.
>
> Regards,
> Puneet
>
> On Wed, Jul 25, 2012 at 4:01 PM, Dr. Stephen Henson
Hello Stephen,
On using the suggestion provided by you , got the following output snippet
It shows extusage->data Empty.
Regards,
Puneet
On Wed, Jul 25, 2012 at 4:01 PM, Dr. Stephen Henson wrote:
> On Wed, Jul 25, 2012, Puneet Khunteta wrote:
>
> > Hello,
> >
> > I am an user of openssl libra
Same Status !!
Regards,
Puneet
On Thu, Jul 26, 2012 at 2:49 PM, Saurabh Pandya
wrote:
> On 7/26/12, Puneet Khunteta wrote:
> > Hello Sukalp,
> >
> > I have tried to use the code snippet provided by use . I am able to
> create
> > the ASN_object and get the data also.but the data is not in readab
On 7/26/12, Puneet Khunteta wrote:
> Hello Sukalp,
>
> I have tried to use the code snippet provided by use . I am able to create
> the ASN_object and get the data also.but the data is not in readable form.
>
> I use X509 instead of X509V3.
>
> Here is the code that i have used :
>
> *Ret = X509_g
Hello Sukalp,
I have tried to use the code snippet provided by use . I am able to create
the ASN_object and get the data also.but the data is not in readable form.
I use X509 instead of X509V3.
Here is the code that i have used :
*Ret = X509_get_ext_by_NID(cert, field_NID, 0);
if ((Ret
On Wed, Jul 25, 2012, Puneet Khunteta wrote:
> Hello,
>
> I am an user of openssl library.
> I am seeking for a method to get the "Extended Key Usage" field from the
> X509 certificate .
> I will be grateful if you can provide me a sample code in c.
>
You can retrieve a structure representing a
Hi,
You will have to go through Openssl source code.
Have a look at following files:
1. x509_v3.c (around line 74), You will find the following method:
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
int lastpos)
{
ASN1_OBJECT *obj;
obj=OBJ_nid2obj(nid);
if (obj == NU
You can use
PEM_write_bio_X509 or PEM_write_X509 to save X509 into a FILE.
You can use PEM_read to read this PEM file when you need it.
Thanks! A couple of questions: what is the difference between
PEM_write_bio_X509, PEM_write_X509 and PEM_AUX_write_X509 (the latter is
what I intended to us
You can use
PEM_write_bio_X509 or PEM_write_X509 to save X509 into a FILE.
You can use PEM_read to read this PEM file when you need it.
On Sun, May 6, 2012 at 10:36 PM, Josh wrote:
I have a very simple query: as a result of SSL/TLS negotiation I know I
> could retrieve a pointer to the remote
> From: owner-openssl-us...@openssl.org On Behalf Of Curt Sampson
> Sent: Tuesday, 06 March, 2012 00:38
> If I run
>
> openssl x509 -nameopt show_type -noout -text -in user-a1.crt
>
> against the certificate below, the openssl command line
> program appears
> to crash in the middle of prin
Also check for error for the status of these two bio write function.
>>
>> hopefully it helps
>>
>> *From:* Andrea Saracino
>> *Sent:* Wednesday, July 27, 2011 6:05 PM
>> *To:* openssl-users@openssl.org
>> *Subject:* Re: X509 verify
>>
>> Hi E
us of these two bio write function.
>
> hopefully it helps
>
> *From:* Andrea Saracino
> *Sent:* Wednesday, July 27, 2011 6:05 PM
> *To:* openssl-users@openssl.org
> *Subject:* Re: X509 verify
>
> Hi Erwin, thanks for your fast answer.
> I dumped both the certificates in
, 2011 6:05 PM
To: openssl-users@openssl.org
Subject: Re: X509 verify
Hi Erwin, thanks for your fast answer.
I dumped both the certificates in 2 PEM files, then I used the X509_print_fp()
to obtain the readable version of both of them. The two resulting files are
identical. Perhaps there is
Hi Erwin, thanks for your fast answer.
I dumped both the certificates in 2 PEM files, then I used the
X509_print_fp() to obtain the readable version of both of them. The two
resulting files are identical. Perhaps there is something wrong in the
invocation of the i2d/d2i functions. I'm posting an ex
The way I would verify this is by writting the original X509 object into PEM
file and dumping the X509 object resulted from d2i_x509() into another PEM
file and compares both files using the openssl ; either using asnparse or
x509 command.
On Wed, Jul 27, 2011 at 9:46 AM, Andrea Saracino
wrote:
On Tue, 2010-05-11 at 09:58 -0400, Chris Bare wrote:
> That's almost perfect, but doesn't putting it inside the X509_STORE like this
> tell the rest of the code it's trusted? If I'm downloading it using AIA I
> can't trust it and still need to chain up to a trusted root.
Hm, true. But surely there
> On Mon, 2010-05-10 at 14:43 -0400, Chris Bare wrote:
> > Is there a way get have X509_verify_cert retry it's path building after it
> > gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
> > My idea is to implement a verify callback that uses the AIA information to
> > download the issuer cert and add
On Mon, 2010-05-10 at 14:43 -0400, Chris Bare wrote:
> Is there a way get have X509_verify_cert retry it's path building after it
> gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
> My idea is to implement a verify callback that uses the AIA information to
> download the issuer cert and add it to the
> On 05/10/2010 08:43 PM, Chris Bare wrote:
> > Is there a way get have X509_verify_cert retry it's path building after it
> > gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
> > My idea is to implement a verify callback that uses the AIA information to
> > download the issuer cert and add it to the
On 05/10/2010 08:43 PM, Chris Bare wrote:
Is there a way get have X509_verify_cert retry it's path building after it
gets an X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT?
My idea is to implement a verify callback that uses the AIA information to
download the issuer cert and add it to the stack of untrust
Dr. Stephen Henson wrote:
[---]
> I'd speculate that "x509" is automated whereas the "ca" utility
> has support for user intervention. You can do almost everything with "x509"
> that you can with "ca". The most notable difference is that you can only
> generate CRLs using the "ca" utility.
Yes,
On Wed, Dec 02, 2009, Jan Danielsson wrote:
> Hello,
>
>I've been trying to wrap my head around certificate signing, and how
> it differs when using "x509" and "ca". Please correct me if I'm wrong:
>
Well they've been about since SSLeay so I can't comment on the precise
motivation.
I'd spe
Hi David,
Thanks for the reply. I will try to explain my best the main
problem i am facing.
I ported OpenSSL 0.9.8g version on Symbian, and using OpenSSL to
verify certificates. Following is the scenario to verify root certificates.
1. Load root certificate fro
> Hello Experties there, could you pls help me?
What's the question exactly?
> On Thu, Sep 4, 2008 at 3:45 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
>>Honestly, I'm not sure. DER says that there is One True Encoding for
>>any given certificate, and I think (but am not sure) that part of it
Hello Experties there, could you pls help me?
On Thu, Sep 4, 2008 at 3:45 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
> Honestly, I'm not sure. DER says that there is One True Encoding for
> any given certificate, and I think (but am not sure) that part of it
> is that "optional" parameters are
Honestly, I'm not sure. DER says that there is One True Encoding for
any given certificate, and I think (but am not sure) that part of it
is that "optional" parameters are not an option if the intended values
match the defaults.
I would guess that one of these is actually in violation of the rule
Hello someone there, i stuck at the problem from quite some time.
Could you guys help me in this? A small help in this regard will greately
appreciated.
Thank you very much.
-Madhu
On 9/1/08, Madhusudhan reddy <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> Thanks for reply.
>
> Yes, it
Hi,
Thanks for reply.
Yes, it is verign certificate. Even though version info NULL
(X509->cert_info->version == NULL), the certifiate verified as valid, the
hash creation is equal to the hash in the certificate. I observed, for some
X509 V1 certificate the version field is NULL, a
Hi,
Hodie Kal. Sep. MMVIII est, Madhusudhan reddy scripsit:
>Thanks for the reply. What i mean here is while loading X509
>V1 certificate using the API "PEM_read_bio_X509_AUX(), the verisn filed
>itself is null, not the value. Pls check the attached .jpg for the screen
>
The version field is offset by one. So, 0=v1, 1=v2, 2=v3
Frans.
On Thu, 2008-08-28 at 12:21 +0530, Madhusudhan reddy wrote:
> Hi All,
>
> I am newbie to OpenSSL. I am facing problem verifying root
> certificate version X509V1. While debugging found the signature
> verification is not
Frank J. Iannarilli wrote:
Hi,
I tried using both the Win32 v0.9.8g and v0.9.8h (along with Shining
Light's Visual C++ 2008 Redistributable install) binaries, to no avail.
Here's the problem:
openssl x509 -inform DER -in smime.p7s -text
unable to load certificate
1036:error:0D0680A8:asn
An easy way is to build the openssl binary as a lib but rename main. Then call
it with the argv and argc you would send from the command line.
-Original Message-
From: ext Richard Koenning
Sent: 05/20/2008 1:02:54 PM
To: openssl-users@openssl.org
Subject: Re: X509 certificates through
On Mon, May 19, 2008, Kenneth Goldman wrote:
>
> Is there sample code anywhere for how to construct X509 certificates
> programmatically, through the API, not the command line?
>
> The documentation includes the serialization API's, but?
> little else.
>
> I assume, since it can be done from th
On May 19, 2008 02:09:54 pm Kenneth Goldman wrote:
> Is there sample code anywhere for how to construct X509 certificates
> programmatically, through the API, not the command line?
>
> The documentation includes the serialization API's, but?
> little else.
>
> I assume, since it can be done from th
Kenneth Goldman wrote:
Is there sample code anywhere for how to construct X509 certificates
programmatically, through the API, not the command line?
The documentation includes the serialization API's, but?
little else.
I assume, since it can be done from the command line, that
the code exists
On Tue, Apr 08, 2008 at 12:22:34AM +0200, Dr. Stephen Henson wrote:
> Couple of minor points...
>
> On Mon, Apr 07, 2008, Victor Duchovni wrote:
> >
> > To parse subjectAlternativeName entries:
> >
> > X509 *cert;
> > STACK_OF(GENERAL_NAME) * gens;
> > const GENERAL_NAME *gn;
> >
Couple of minor points...
On Mon, Apr 07, 2008, Victor Duchovni wrote:
>
> To parse subjectAlternativeName entries:
>
> X509 *cert;
> STACK_OF(GENERAL_NAME) * gens;
> const GENERAL_NAME *gn;
> int num;
> int len;
> char *dnsname;
>
> gens = X509_get_ext_d2i(cert, NID
On Sun, Apr 06, 2008 at 01:24:28AM +0200, Till Elsner wrote:
> is there any simple way to get the common name out of an certificate
> loaded to an X509 object via PEM_read_X509?
It is easy to get *a* common name, usually there is only one. More
interesting questions arise should the certificate
> Hi all. Ok I need to set up a cipher and certificate. But I've a little
> question: How to make a X509 certificate? What is the right way to build
> a X509 certificate in C?
> For example:
>
> X509 *newx509 = NULL;
> newx509 = X509_new();
> assert(newx509 != NULL);
>
> and then? How to set attri
On Wed, Jun 06, 2007, Chaz. wrote:
> Stephen,
>
> Once again thanks so much. I had thought subjectAltName would allow any
> kind of alternate name but have found out how wrong I can be. I noticed
> in the example use of DNS: I have noticed in the spec there is something
> called 'DirName' but I
Stephen,
Once again thanks so much. I had thought subjectAltName would allow any
kind of alternate name but have found out how wrong I can be. I noticed
in the example use of DNS: I have noticed in the spec there is something
called 'DirName' but I tried 'DirName:mystuff' and it didn't get stored
On Wed, Jun 06, 2007, Chaz. wrote:
> I have a need to create X509 Requests that will be authenticated by an
> external CA. In creating the request do I need to sign it?
>
You need to use the private key corresponding to the public key in the
request.
> I also have seen something strange that I
Hello,
> what is the hash algorithm used in the following to output the 8-digit
> string to be used as .0, .1, etc.?
>
> % openssl x509 -noout -hash -in inter.cert.pem
> a0199d1b
This is reversed first four bytes of MD5 message digest
of cert subject in DER format.
For example:
Hello,
>
>
> openssl x509 -modulus -noout -in mycert.crt -out mymod.txt
>
> to output the modulus to the specified "out" file just like all other
> x509 commands with -out specified. It does not. Anybody know how to
> get the modulus sent to a file?
>
> openssl x509 -modulus -noout -in myc
Here is another thread that converts the time to a string. It may be helpful in the future http://www.securitybuzz.org/buzz/emails/id/276651/vipin rathor <[EMAIL PROTECTED]> wrote:hi DS and all, i was just searching the mail archive and fortunately i got the conversation between "Tan Eng T
Stephan, This function "X509_get_notBefore(cert));" returns a ASN1_TIME pointer so u cannot print out the results using %d which is for integers or maybe it prints out something but not correct. Now just call like this: ASN1_TIME *cert_time; char *pstring; cert_time = X509_get_notBefore(cert));
> hi DS,
>here is the code snippet i'm using:
>
> X509 *cert;
> FILE fp;
> fp=fopen("cacert.der","r");
> /* error check*/
> cert=d2i_X509_fp(fp,NULL);
> /* error check*/
> printf("Valid From : %d",X509_get_notBefore(cert));
> /*gives 13 and when printed using %s, it gives
>
hi DS, here is the code snippet i'm using: X509 *cert; FILE fp; fp=fopen("cacert.der","r"); /* error check*/ cert=d2i_X509_fp(fp,NULL); /* error check*/ printf("Valid From : %d",X509_get_notBefore(cert)); /*gives 13 and when printed using %s, it gives segmentation fault*/
> hi all,
>now i'm able to get the certificate timing info. by using the call
X509_get_notAfter() and X509
> _get_notBefore()but they are returning the values in integer type( in
my case, both return 13 and 13)
> so anybody can help me out to get the timing info. in proper date format.
On Tue, Mar 14, 2006, michael Dorrian wrote:
> Here is a function to do what you want that i just wrote today. At least i
> hope its what you want. Good luck!.
> void ShowCerts(SSL* ssl)
> { X509 *cert;
>char buf[100];
>/* get the server's certificate */
> cert = SSL_get_peer_certific
Here is a function to do what you want that i just wrote today. At least i hope its what you want. Good luck!. void ShowCerts(SSL* ssl){ X509 *cert; char buf[100]; /* get the server's certificate */ cert = SSL_get_peer_certificate(ssl); if ( cert != NULL ) { /* issuer */ X509_NAM
vipin rathor wrote:
hi all,
I want to develop a small utility in C to show all information
about the X509 certificate file in a structured comprehensive(as
displayed by browsers like IE). i'm working on SLES 9. so please help
me out
one more thing, i know the routines like X509_get
Thx Brian that's exactly what I was trying to figure out. For the part
on where cert goes and how to tell apps to use it it's ok but almost
from the begining, I though that my cert have been made incorrectly so
that's why I was postinghere. From that point I should be able to make
it work. thanks t
On Thu, Mar 09, 2006 at 10:46:51AM -0500, Doug Frippon wrote:
> I'm not sure that I should post it on a OpenBSD mailling list because
> my ISAKMPD is working well with pre-shared key. The only bog come from
> the certificate. I know that I should create a CA certificate, a
> certificate for the OBS
I'm not sure that I should post it on a OpenBSD mailling list because
my ISAKMPD is working well with pre-shared key. The only bog come from
the certificate. I know that I should create a CA certificate, a
certificate for the OBSD and one for the remote user. but what should
I export to OpenBSD and
On Thu, Mar 09, 2006 at 09:13:05AM -0500, Doug Frippon wrote:
> I most admit that I haven`t tried that search exactly but I ve got
> this error with ISAKMPD adn try with that instead of openssl.
> Thx
> But I'd like to know what should I do with all the certs that I have
> to create. Which should g
I most admit that I haven`t tried that search exactly but I ve got
this error with ISAKMPD adn try with that instead of openssl.
Thx
But I'd like to know what should I do with all the certs that I have
to create. Which should go on the host pc (my OBSD where the CA is and
etc...) and wich on the us
On Wed, Mar 08, 2006 at 03:10:23PM -0500, Doug Frippon wrote:
> Hi, I am trying to generate certificate that i,ll be using for a ipsec
> segment between a OBSD 3.8 and a Windows worstation. I'm using ISAKMPD
> for this on the OBSD side and the security filter on Windows. If I use
> a pre-shared key
There is a utility called "certpatch" developed by
OpenBSD folks for including the SubjAltName extension.
I have modified it a little bit to suit my need.
This utility modifies the certificate in place and
regenerates the hash. Perhaps you can modify it a
little to suit your need.
If all you nee
...you can't, without re-signing the certificate. (changing the
certificate data invalidates the signed hash.)
However, if you want to, you can use openssl x509 -x509toreq -in
currentcert.pem -out currentcert.req .
Then, create a new configuration template file with the information
you want to r
Dr. Stephen Henson wrote:
On Tue, Jan 17, 2006, Daniel Garca Franco wrote:
I would like to use other CRL Revoke Reason as "superseded",
"unspecified", etc... with the
CRL Entry Extension InvalidityDate, not that the use of CRL Entry
Extension InvelidityDate
force to set the CRL Revoke R
On Tue, Jan 17, 2006, Daniel Garca Franco wrote:
>
> I would like to use other CRL Revoke Reason as "superseded",
> "unspecified", etc... with the
> CRL Entry Extension InvalidityDate, not that the use of CRL Entry
> Extension InvelidityDate
> force to set the CRL Revoke Reason to keyCompro
Dr. Stephen Henson wrote:
On Mon, Jan 16, 2006, Daniel Garca Franco wrote:
Hello!
I use the v2 of CRL, and i have to revoke the certificates
with 2 extension, CRL Revoke Reason and InvalidityDate, i Know how to
pass the first extension to openssl when i revoke a certificate, but
i don´t kn
On Mon, Jan 16, 2006, Daniel Garca Franco wrote:
> Hello!
>
> I use the v2 of CRL, and i have to revoke the certificates
> with 2 extension, CRL Revoke Reason and InvalidityDate, i Know how to
> pass the first extension to openssl when i revoke a certificate, but
> i don´t know how to pass the s
On Mon, Jan 09, 2006, Rajeshwar Singh Jenwar wrote:
> Can we have X509 certificate request in PKCS 12 format ?
There is no standard for including certificate requests in PKCS#12 files.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and fre
Dr. Henson,
Looks like the check on the >0 and not just != -1 did
the trick! Thank you for helping me!
Cheers!
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Tue, Oct 25, 2005, M G wrote:
>
> > Hi Dr. Henson,
> >
> > You were wondering what code I used to produce the
> > digest: I
On Tue, Oct 25, 2005, M G wrote:
> Hi Dr. Henson,
>
> You were wondering what code I used to produce the
> digest: I used my X509 certificate to get the
> fingerprint with GetSHAFingerprint() - then I wrote
> the X509 to PEM, then I read it back and called
> GetSHAFingerprint() again and receive
Hi Dr. Henson,
You were wondering what code I used to produce the
digest: I used my X509 certificate to get the
fingerprint with GetSHAFingerprint() - then I wrote
the X509 to PEM, then I read it back and called
GetSHAFingerprint() again and received a different
fingerprint. Is this supposed to
This is the code I used:
(after the generate function code shown earlier in this thread - I have an m_pX509) - this is what I do with it:
m_strPEMText = X509ToPEM(m_pX509); m_strFingerprint = GetSHAFingerprint(m_pX509); ::MessageBox(NULL, m_strFingerprint, "ORIGINAL FINGERPRINT", MB_OK);
// cr
If there is a difference as small as one bit then the digests should be
different.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
This address will be going away; please use [EMAIL PROTECTED]
___
On Sun, Oct 23, 2005, M G wrote:
> Hi Dr. Henson,
>
> Thanks in advance for taking a look: Here is my code that creates the
> certificate (I removed the checks on return values - they were fine)
>
> m_pX509 = X509_new();
>
> X509_set_version(m_pX509, 2);
> X509_gmtime_adj(X509_get_notBefor
Hi Dr. Henson,
Thanks in advance for taking a look: Here is my code that creates the certificate (I removed the checks on return values - they were fine)
m_pX509 = X509_new();
X509_set_version(m_pX509, 2);
X509_gmtime_adj(X509_get_notBefore(m_pX509),0);
X509_gmtime_adj(X509_get_notAfter(m_pX
On Sat, Oct 22, 2005, M G wrote:
> Hi list,
>
> I noticed that the DER string representation was very very similar (longer by
> one byte) and only different by very few bytes... i.e., they are almost
> exactly the same thing I am trying to get to the cause of why the digest
> differs bet
Could this software bug be something I forgot to add to my certificate when creating it? i.e., I newly create the X509 and use PEM_write_bio_X509 and PEM_read_bio_x509... Checking the digest on these 2 X509s is *supposed* to have the same fingerprint? I am really not doing much here - just writi
> Does anyone know why an X509 digest would be different after the X509 is
> written out and read back into another X509 from PEM?
Software bug. No other explanation.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
This add
Thanks guys, you rock!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten
Sent: Thursday, 26 May 2005 12:13 PM
To: openssl-users@openssl.org
Subject: Re: X509 Cert dates
Hi Pj,
U could use memory BIO instead - BIO_new(BIO_s_mem()). Data written
f Of Tan Eng Ten
Sent: Thursday, 26 May 2005 10:30 AM
To: openssl-users@openssl.org
Subject: Re: X509 Cert dates
Hi,
U could try:
BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE);
ASN1_TIME_print(bio, X509_get_notBefore(cert));
BIO_free(bio);
Tell me if it works.
Pj wrote:
ose(fp);
}
_unlink(tmpFile);
free(tmpFile);
//
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten
Sent: Thursday, 26 May 2005 10:30 AM
To: openssl-users@openssl.org
Subject: Re: X509 Cert dates
Hi,
U could try:
BIO
1 - 100 of 134 matches
Mail list logo
