Hi ,
Since openssl.1.0.1c doesn't support "ECDHE-ECDSA-AES128-CCM" cipher suite,
I added this support in the openssl code.
It works fine with ECC certificates which are not self-signed.
When I process my ECC self-signed certificate, my webserver throughing "X5*
09_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGN
On 30-07-2013 20:53, Walter H. wrote:
On 30.07.2013 19:51, Eisenacher, Patrick wrote:
I was wondering how the root cert gets revoked. Anyway thanks for
posting
that request.
A self-signed certificate can't be revoked via a crl, because you
won't be able to successfully verify its signature.
ke
On 30.07.2013 19:51, Eisenacher, Patrick wrote:
I was wondering how the root cert gets revoked. Anyway thanks for posting
that request.
A self-signed certificate can't be revoked via a crl, because you won't be able
to successfully verify its signature.
keep in mind, that in case you detect a p
> -Original Message-
> From: redpath
>
> I agree with this
>
> "Once again, I would like to advocate that the openssl verification code
> should allow a self-signed certificate to revoke itself, using the same
> mechanisms as for revoking anything else. "
>
> I was wondering how the ro
I agree with this
"Once again, I would like to advocate that the openssl verification code
should allow a self-signed certificate to revoke itself, using the same
mechanisms as for revoking anything else. "
I was wondering how the root cert gets revoked. Anyway thanks for posting
that reques
On 23-07-2013 23:56, Steven Madwin wrote:
The short answers is no. An OCSP response has to be signed by the issuer (or
a delegate of the issuer) and a self-signed cert is issued by itself. As a
general rule certs can't revoke themselves so there is no need to get a
revocation response for a self-
On 20-07-2013 13:39, redpath wrote:
Very nice tutorial
http://pki-tutorial.readthedocs.org/en/latest/
So the issue is that there is no real Certificate Management Trust system
available
handling concurrency issues for a Database that works seamless with
revocation commands and
OCSP responder.
I am using OpenSSL version
OpenSSL 1.0.1e 11 Feb 2013
and the ocsp works fine.
openssl ocsp -index ./demoCA/index.txt -port 8082 -rsigner authocspsign.crt
-rkey ocspsign.key -CA ./demoCA/cacert.pem -text
and I issue a request and get a response nicely. But then I am using
char *url= "http
Thanks saw that Ruby one also was not sure of it either and it was in Ruby
but will look at that much deeper. And I also saw the EJBCA and all the
orphans
I had to take in to have it work was too much for me. Geez its just a
responder come on.
--
View this message in context:
http://openssl.
Hi,
when I was looking for an OCSP responder in January I also found
OpenCA.org and I also think it is dead.
If you want to use it, read the mailing list. Someone posted important
patches (against memory leaks and other things).
Another thing is, that I am not sure if an OCSP responder, which on
10 matches
Mail list logo
