On 10/31/2014 03:24 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of tho...@koeller.dyndns.org
>> Sent: Thursday, October 30, 2014 14:50
>
>> I have... root_ca.pem ... self-signed ... issued host_ca.pem ...
>> I would expect the two to form a valid chain. And indeed,
> From: owner-openssl-us...@openssl.org On Behalf Of tho...@koeller.dyndns.org
> Sent: Thursday, October 30, 2014 14:50
> I have... root_ca.pem ... self-signed ... issued host_ca.pem ...
> I would expect the two to form a valid chain. And indeed,
> verification succeeds:
> ... openssl verify -CAf
Hi,
trying to build a valid certificate chain, I came across the following
problem:
I have two certificates. The first one, contained in file root_ca.pem,
is a self-signed root CA, intended to sign intermediate CA's with. The
second
one, contained in host_ca.pem, is such an intermediate CA, it
On Thu, Aug 29, 2002, Lutz Jaenicke wrote:
> On Thu, Aug 29, 2002 at 09:10:47AM -0400, Shaheed Bacchus wrote:
> > you are correct, "issuer" is not self signed (in fact it's
> > the cert that's provided by default with openssl in the
> > apps/demoCA dir). so how do i tell the verification
> >
> It would take some extensions to the certificate verification code
> to change the behaviour. I don't know how large the interest is
> in such an extension.
Pick me!
--
Harald Koch <[EMAIL PROTECTED]>
"It takes a child to raze a village."
-Michael T. Fry
__
On Thu, Aug 29, 2002 at 10:21:39AM -0400, Shaheed Bacchus wrote:
> that's the general direction i was slowly moving towards.
> i guess one question that i have is since i have to use my
> code to do the verification process anyhow, is there any
> advantage to even using the X509_verify_cert() call
that's the general direction i was slowly moving towards.
i guess one question that i have is since i have to use my
code to do the verification process anyhow, is there any
advantage to even using the X509_verify_cert() call?
thanks once again.
Lutz Jaenicke wrote:
>
> OpenSSL does not support
On Thu, Aug 29, 2002 at 09:10:47AM -0400, Shaheed Bacchus wrote:
> you are correct, "issuer" is not self signed (in fact it's
> the cert that's provided by default with openssl in the
> apps/demoCA dir). so how do i tell the verification
> routine to not walk further down the tree? ideally i
hi lutz,
you are correct, "issuer" is not self signed (in fact it's
the cert that's provided by default with openssl in the
apps/demoCA dir). so how do i tell the verification
routine to not walk further down the tree? ideally i'd
like to give it a cert that may or may not be self signed
and
On Wed, Aug 28, 2002 at 11:25:51AM -0400, Shaheed Bacchus wrote:
> Shaheed Bacchus wrote:
>
> > hi all,
> > i am having some problems getting certificate verification to
> > work. i have two certs
> >
> > X509 *client;
> > Subject: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=MyTest
> > Iss
Hi, all.
It seems my last e-mail is somehow lost, so I'm resending it.
Please give me some advice. :)
Since my program is not for web site but general client/server communication
program, I'd like to add a client certificate verification from the server
side.
I couldn't find any reference on clie
11 matches
Mail list logo
