om: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kyle Hamilton
Sent: Wednesday, 3 December 2008 7:04 AM
To: openssl-dev@openssl.org
Subject: Re: [PATCH] ts verify for expired certificate patch
On Mon, Dec 1, 2008 at 9:13 PM, Brad Mitchell <[EMAIL PROTECTED]>
wrote:
> I d
I have had problems with the C++ compiler for solaris forte developer 6 U2.
Some macros in safestack.h pass in void* and do not cast the values first.
Patch details:
--- ../../../../openssl-orig/crypto/stack/safestack.h Tue Oct 14 20:00:13
2008
+++ safestack.h Tue Dec 2 15:01:48 200
I've made a PATCH to address this issue but may or may not be the correct
way to go about it.
If you sign a digest with a certificate and want to verify this later on,
the current library does not support being able to set the time for
verification in the X509 cert store when verifying the cert
You bring up a good issue about revocation and it isn't something I've
thought about, just some details from RFC3161:
A) Time-stamping information needs to be obtained soon after the
signature has been produced (e.g., within a few minutes or hours).
1)The signature is presented
Problem Description:
I was getting compile issues when changing from openssl 0.9.8 to openssl
current snapshot. The errors were in safestack.h. It appears that some
functions do indeed cast but others do not. void* is currently being passed
in due to CHECKED_PTR_OF being part of the macro. Thi
Problem Description:
When a digest has been signed and a response is produced, the current
version of openssl will not verify the contents correctly if the certificate
used to sign the digest has expired.
Solution:
When verifying the response/token, the time at which the digest was signed
is use
Hi guys,
I am fairly new to OpenSSL and have been using this over the past couple of
months.
I've been especially interested in the time stamping functionality
introduced by the OpenTSA project so I have up until now been using openssl
v0.9.8c patched with the TS functions.
I have been
