Hi Goetz,
Thanks again for the helpful reply.
Let me guess:
root CA -- signs -- client cert
\- signs -- server cert
That's it.
To do verify on both sides you need:
* client: client key, client cert, root cert (to verify server cert)
* server: server key, server cert, root
Anyone have an idea about why the following d2i_PKCS12_fp code fails in
windows using openssl 0.9.7c? It works find in Unix/Linux.
FILE *fp = (FILE *)NULL;
PKCS12 *p12 = (PKCS12 *)NULL;
fp = fopen( p12file, r );
if( (FILE *)NULL != fp )
{
p12 = d2i_PKCS12_fp( fp, (PKCS12 **)NULL );
On Thu, Dec 08, 2005, Perry L. Jones wrote:
Anyone have an idea about why the following d2i_PKCS12_fp code fails in
windows using openssl 0.9.7c? It works find in Unix/Linux.
FILE *fp = (FILE *)NULL;
PKCS12 *p12 = (PKCS12 *)NULL;
fp = fopen( p12file, r );
if( (FILE *)NULL != fp )
How do I add litessl.com chain certificate to openssl?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Hi Arno,
Finally I got it running, with the expense of a stupid call to
ERR_clear_error before each BIO I/O operation, slows down performance
remarkable. Are there alternatives?
Check the return value from each SSL function. If any do not succeed
the call ERR_get_error() in a loop until it
Thank you,
This did not solve my problem but it did point me in the correct direction.
I could not get d2i_PKCS12_fp to work even after changing fopen to use
rb so I switch to using a BIO
BIO *fp = (BIO *)NULL;
PKCS12 *p12 = (PKCS12 *)NULL;
fp = BIO_new_file( p12file, r );
if( (BIO *)NULL
I want to create a public key that is the same strength as the private
key.
These are the openssl commands I am using:
PrivateKey:
openssl genrsa -out mykey.pem 2048
PublicKey:
openssl rsa -in mykey.pem -out mycert.pem -outform PEM -pubout
I need the public key to match the size constraints,
Mark wrote:
I do things pretty much as you described except for the following:
* On server:
* if your server cert is signed by the root,
you can turn off sending of the root to the cert by
SSL_CTX_set_mode(ctx,SL_MODE_NO_AUTO_CHAIN)
I can't find this option (or similar) in the
On Thu, Dec 08, 2005 at 03:33:40PM -0600, Chevalier, Victor T. wrote:
I want to create a public key that is the same strength as the private
key.
Game over, the above demonstrates sufficiently deep confusion about RSA,
that you must not proceed any further until you see why it is absurd.
I
Hi, I am using to OpenSSL as TLS client and server. I am using certificate chain of size 3 on both sides. On Server SideRootCA (root.pem)ServiceProviderCA (
spca.pem)ServerCert (server.pem)On Client SideRootCA (root.pem)ServiceProviderCA (spca.pem)ClientCert (client.pem)I have placed the certs
Hummm Victor ?
You can cipher and decipher what you want as well as with a RSA public
and private keys ;-)
If you cipher with the public key you have to use the private associate
key of course and vice versa.
Best regards,
Philippe
Victor Duchovni wrote:
On Thu, Dec 08, 2005 at
On Fri, Dec 09, 2005 at 07:25:12AM +0100, [EMAIL PROTECTED] wrote:
RSA Public and private keys are not used to encrypt arbitrary data, there
are many complex traps to avoid because RSA is a commutative group. You
use RSA private keys to sign carefully constructed message digests that
avoid
Try using one of these two
-verify arg - turn on peer certificate verification
-Verify arg - turn on peer certificate verification, must have a cert.
in the command, btw u can get the whole list of options in man s_server
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
13 matches
Mail list logo