That is much clearer, thank you.
Looking quickly at www.kannel.org I don't see any clear statement that it
uses libssl (and libcrypto)
rather than e.g. GnuTLS or NSS, but I'll trust you've already confirmed
that. It does describe using
openssl commandline to generate key, CSR and possibly
1. I don't know for all CAs, but for the ones I've looked at they want me to
enter the CSR (with my key, subject DN and signature) on one page and then
enter
the desired (SAN) names on a different page (which may charge an additional
fee).
If I come back later with a renewal or other reissue r
Hello Dave,
I would like to simplify the issue as following.
1. Both client and server performs SSL Handshake using cert chain.
2. In our case server responds correctly with the entire chain of cert
(Server is some proprietary system)
3. Client also expected to send the
On 1/7/2014 12:17 AM, Biondo, Brandon A. wrote:
I am using ‘ca’ not ‘x509’. It too ignores/discards extensions. Turning
on copy_extensions solved the issue though, thanks. I have some
follow-up questions:
1.If including SANs in CSRs is non-standard, what is the accepted way of
passing all the me
Okay, I got it working by calling this right after creating the context:
SSL_CTX_set_cipher_list(ctx,
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC
On 1/6/2014 9:05 PM, Andrey Utkin wrote:
Hi all.
It seems subj is not present in OpenSSL as implementation or any helper
functionality.
Hmm, I believe you are right, as I am not aware of any support for
limiting the number of invocation of a a private key, nor am I sure
the OpenSSL code is stru
On 1/7/2014 5:50 AM, Sravanthi wrote:
Hi,
I'm using binary of the openssl for windows. I download the binary from the
openssl site. How should I be applying the vulnerability patches on windows
if I use binaries?
Thanks,
Sravanthi
New binaries are available now. Might have to refresh the pag
Hi,
I'm using binary of the openssl for windows. I download the binary from the
openssl site. How should I be applying the vulnerability patches on windows
if I use binaries?
Thanks,
Sravanthi
If I modify crypto/dso/dso_dlfcn.c:
# define HAVE_DLINFO 1
/* # if defined(_AIX) || defined(__CYGWIN__) || \
defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
(defined(__osf__) && !defined(RTLD_NEXT)) || \
(defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
defined(__ANDROID__)