I think the only cases you will get this are:
A. Name miss match in certificates exist, it's a binary compare so then
smallest change can cause this.
B. key miss match, name looks good bit keys are bit as expected.
Ryan
Sent from my iPhone
On Aug 9, 2012, at 4:18 AM, Mithun Kumar wrote:
> Hel
David,
Failing when a server sends the certificates out of order would result in a
large % of transactions failing. On platforms other than Windows the order is
determined by the server administrator and what order they put them in the
configuration.
I recommend not changing the behavior here,
Olga -
Do you have a higher resolution PDF that is readable on screen? I
used to work at CyberSafe and worked on several projects that would
potentially be related; as such I would be very interested in reading your
paper but would hate to kill a tree to see it :)
Ryan
-Original Mes
This was (key word being "was") originally a requirement by Identrus (a
financial community of trust) however this brought many strange problems and
most vendors products (both CAs and chaining implementations) did not
support this well if at all. As such Identrus made it an "option" not a
require
ion 8-p
Ryan
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 09, 2001 12:42 PM
To: Ryan Hurst
Cc: '[EMAIL PROTECTED]'; Openssl-Users ([EMAIL PROTECTED])
Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip
sets.
R
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 09, 2001 4:50 AM
To: [EMAIL PROTECTED]
Cc: 'Rich Salz'; Openssl-Users ([EMAIL PROTECTED])
Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip
sets.
Ryan Hurst wrote:
>
>
Generator (RNG) for Intel Chip
sets.
Ryan Hurst <[EMAIL PROTECTED]> writes:
> I have just read the Intel "technical brief" covering the Intel hardware
RNG
> device (ftp://download.intel.com/design/security/rng/techbrief.pdf)
> interesting read; although it and
in detail and of the afore mentioned items.
Ryan
-Original Message-----
From: Ryan Hurst [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08, 2001 7:42 PM
To: 'Rich Salz'
Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users
([EMAIL PROTECTED])
Subject: RE: OpemSSL Hardware Random N
, 2001 7:36 PM
To: Ryan Hurst
Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users
([EMAIL PROTECTED])
Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip
sets.
> I am not sure I understand what you are saying
You called the intel h/w rng "excellent." I beli
linux/*bsd interface to the Intel rng
device.
Rya
-Original Message-
From: Rich Salz [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 08, 2001 1:38 PM
To: Ryan Hurst
Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users
([EMAIL PROTECTED])
Subject: Re: OpemSSL Hardware Random Number G
Did you know that many of the new Intel desktop and server
chipsets have a built in Hardware Random Number generator? I did not until a
while ago. If your computer uses the Intel® 815 chipset, Intel® 820
chipset, Intel® 840 chipset, Intel® 850 chipset, or Intel® 860
chipset you have a excel
Is the new ASN1 code complete? Or it they still be changing?
Ryan
-Original Message-
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 4:41 PM
To: [EMAIL PROTECTED]
Subject: Re: 0.9.7
Ajay Nerurkar wrote:
>
> ValiCert's ASN.1 parser has been upgraded t
Massimiliano --
Would you be interested in having your CA's CRLs published to our
public validation service? If you can provide me the CRL signing
certificates I can arrange this.
Ryan
__
OpenSSL Project
A quick brain dump of the exisiting OCSP implementations and clients that
are available include:
Applications:
ValiCert Apache Validator
ValiCert Netscape (NSAPI) Validator
ValiCert IIS (ISAPI) Validator
ValiCert Desktop Validator (All CryptoAPI applications such as Outlook,
, 2001 at 11:56:26AM -0700, Ryan Hurst wrote:
> David --
> That is great news, given your current status how far do you think
> you are from being able to verify a ECDSAwithSHA1 signed object?
>
> Ryan
>
> -Original Message-
> From: David Stes [mailto:[E
+5BALtvNI5yRgxh7jLB1oyAwHjALBgNVHQ8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zALBgcqhkjOPQQBBQADMQAwLgIVAbrUhBk9wcScc4FgCR208uGcN30LAhUB
+fy2MRIUp21/XUso0WNGlZ9INwk=
-END CERTIFICATE-
-Original Message-
From: Ryan Hurst [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 27, 2001 12:51 PM
To: '[EMAIL PROTECTED]
om: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 27, 2001 11:28 AM
To: [EMAIL PROTECTED]
Subject: Re: ECDSAwithSHA1 support in OpenSSL
Ryan Hurst wrote:
>
> Has any work been done to add ECDSAwithSHA1 (1.2.840.10045.4.1) to
OpenSSL?
> I see that the appropriate NIDs have bee
Massimiliano --
Glad to see your working on this effort :), I have a responder
available for testing information about this responder can be found at
http://www.valicert.com/ocsp. I am including a set of certificates for the
CAs found at that page as well.
VeriSign operat
: Re: ECDSAwithSHA1 support in OpenSSL
On Thu, Jul 26, 2001 at 07:36:24PM -0700, Ryan Hurst wrote:
> Has any work been done to add ECDSAwithSHA1 (1.2.840.10045.4.1) to
OpenSSL?
> I see that the appropriate NIDs have been added in but I am assuming this
is
> simply a result of their inc
to verify the Certicom ECC root, I am aware
of the patent issues involved in ECC but am curious if there are appropriate
patches available to OpenSSL to support ECC natively or with a patch that
would utilize the Certicom Security Builder SDK.
Your help is appreciated,
Ryan Hurst
20 matches
Mail list logo