I have some doubts on understanding the difference between extensions
and reqexts args used in the req command. I have this openssl.cnf
file. Using this I want to generate a certificate for client (extended
key usage=clientAuth) and one for server(extended key usage =
serverAuth).
However, when I
I have some doubts on how to use certificate extensions. I have this
openssl.cnf file:
//cat openssl.cnf
[v3_ca]
basicConstraints = critical,CA:true
keyUsage = digitalSignature, cRLSign, keyCertSign
[ client_ext ]
basicConstraints = CA:false
keyUsage =
critical,digitalSignature,nonRepudiation,ke
Hello experts
I used to load a self-signed cert using a program like below:
X509_STORE_set_verify_cb_func(lCertCtx, UserCert_cb_check_cert);
lLookup = X509_STORE_add_lookup(lCertCtx, X509_LOOKUP_file());
error = X509_LOOKUP_load_file(lLookup, NULL, X509_FILETYPE_DEFAULT);
It was all working great
s to /opt/ssl-v1.02u
Thanks
On Wed, Jul 27, 2022 at 8:14 AM radiatejava wrote:
>
> Hello experts
> I used to load a self-signed cert using a program like below:
>
> X509_STORE_set_verify_cb_func(lCertCtx, UserCert_cb_check_cert);
> lLookup = X509_STORE_add_lookup(
I am a bit confused when an RSA signed ECDSA certificate is being used in TLS.
For example, if you run the test for facebook.com, you will see that
the certificate has ECDSA key but signed with Signature Algorithm:
sha256WithRSAEncryption.
$ openssl s_client -connect www.facebook.com:443
The ci
r secret ECDSA key).
>
> Therefore ECDHE provides key exchange and ECDSA authentication for the
> handshake, while RSA guarantees the authenticity of the Certificate.
>
>
> Best regards,
>
> Nicola Tuveri
>
> On Fri, Aug 26, 2022, 20:49 radiatejava wrote:
>>
>> I a
I want to get the client certificate and the CA certificates that I
set to SSL_CTX. Is there any sample code to do this ? I have not been
successful so far. I set the certificate and CA certs this way.
char* cacertFile = "cacert.crt";
char* certFile = "client.crt";
char* keyFile = "client.key";
i
