Preparing a certificate chain from the peer certificate during HTTPS
Hi all, During HTTPS connection establishment server sends its certificate to client for verification. Now i want to prepare a certificate chain from this certificate which got from server. I downloaded the CA bundle from Mozilla website.Now i have to prepare the cert chain from the peer certificate using this CA bundle.Please tell me how to do this ? My idea is i will took the issuer of the peer cert and i will check the CA bundle which matches the subject field in this CA bundle ??? Am i right ? But when i browsed https://www.paypal.com , i got the peer certificate whose issuer is /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA But i didn't find any root CA in the CA bundle with respect to above issuer. How to prepare a chain like this type of case ?? Same in the case when i browsed https://www.citibank.co.in , https://www.axisbank.co.in etc Sorry for long mail Thanks in advance, Aravind.
OPENSSL_NO_STDIO OPENSSL_NO_FP_API
Hi I'm using Open SSL on HP NonStop (Tandem) systems. We have built a DLL containing the OpenSSL code and that works fine. However I now want to use a limited set of functions from privileged (kernel mode) code. The rules for this environment is that you can't call library functions or have any global data. I have addressed the former issue by creating another DLL that provides implementations of or unimplemented stubs for the library routines called by OpenSSL. Although I haven't done an exhaustive search I have found a couple of places where Open SSL code defines global data. I plan to assess these and use an ifdef to suppress the global data definitions or replace them with alternatives. We actually only require a few functions in the kernel mode components... RSA_private_decrypt HMAC PEM_read_PrivateKey EVP_DecryptInit_ex EVP_DecryptUpdate EVP_DecryptFinal_ex EVP_EncryptInit_ex EVP_EncryptUpdate EVP_EncryptFinal_ex So our usage is limited. Does anyone have any advise on how to proceed and would it be possible to get the changes folded back into the official source code, I'm using 0.9.8e? Thanks Paul Carlton Neoview R&D Mobile:+44 (0)7768 994283 EMail: [EMAIL PROTECTED] Hewlett-Packard Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error, you should delete it from your system immediately and advise the sender. To any recipient of this message within HP, unless otherwise stated you should consider this message and attachments as "HP CONFIDENTIAL".
