Re: Certtificate chain broken

2012-08-08 Thread Ryan Hurst
I think the only cases you will get this are: A. Name miss match in certificates exist, it's a binary compare so then smallest change can cause this. B. key miss match, name looks good bit keys are bit as expected. Ryan Sent from my iPhone On Aug 9, 2012, at 4:18 AM, Mithun Kumar wrote: > Hel

RE: [RFC] OpenSSL accepts "invalid" server cert chain

2012-07-12 Thread Ryan Hurst
David, Failing when a server sends the certificates out of order would result in a large % of transactions failing. On platforms other than Windows the order is determined by the server administrator and what order they put them in the configuration. I recommend not changing the behavior here,

RE: making use of an SSL handshake in a new way

2001-10-10 Thread Ryan Hurst
Olga - Do you have a higher resolution PDF that is readable on screen? I used to work at CyberSafe and worked on several projects that would potentially be related; as such I would be very interested in reading your paper but would hate to kill a tree to see it :) Ryan -Original Mes

RE: separate CA certs for certificates and CRLs

2001-10-07 Thread Ryan Hurst
This was (key word being "was") originally a requirement by Identrus (a financial community of trust) however this brought many strange problems and most vendors products (both CAs and chaining implementations) did not support this well if at all. As such Identrus made it an "option" not a require

RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets.

2001-09-09 Thread Ryan Hurst
ion 8-p Ryan -Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 09, 2001 12:42 PM To: Ryan Hurst Cc: '[EMAIL PROTECTED]'; Openssl-Users ([EMAIL PROTECTED]) Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets. R

RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets.

2001-09-09 Thread Ryan Hurst
-Original Message- From: Ben Laurie [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 09, 2001 4:50 AM To: [EMAIL PROTECTED] Cc: 'Rich Salz'; Openssl-Users ([EMAIL PROTECTED]) Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets. Ryan Hurst wrote: > >

RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets.

2001-09-09 Thread Ryan Hurst
Generator (RNG) for Intel Chip sets. Ryan Hurst <[EMAIL PROTECTED]> writes: > I have just read the Intel "technical brief" covering the Intel hardware RNG > device (ftp://download.intel.com/design/security/rng/techbrief.pdf) > interesting read; although it and

RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets.

2001-09-08 Thread Ryan Hurst
in detail and of the afore mentioned items. Ryan -Original Message----- From: Ryan Hurst [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 08, 2001 7:42 PM To: 'Rich Salz' Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users ([EMAIL PROTECTED]) Subject: RE: OpemSSL Hardware Random N

RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets.

2001-09-08 Thread Ryan Hurst
, 2001 7:36 PM To: Ryan Hurst Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users ([EMAIL PROTECTED]) Subject: Re: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets. > I am not sure I understand what you are saying You called the intel h/w rng "excellent." I beli

RE: OpemSSL Hardware Random Number Generator (RNG) for Intel Chip sets.

2001-09-08 Thread Ryan Hurst
linux/*bsd interface to the Intel rng device. Rya -Original Message- From: Rich Salz [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 08, 2001 1:38 PM To: Ryan Hurst Cc: Openssl-Dev ([EMAIL PROTECTED]); Openssl-Users ([EMAIL PROTECTED]) Subject: Re: OpemSSL Hardware Random Number G

OpemSSL Hardware Random Number Generator (RNG) for Intel Chipsets .

2001-09-08 Thread Ryan Hurst
Did you know that many of the new Intel desktop and server chipsets have a built in Hardware Random Number generator? I did not until a while ago. If your computer uses the Intel® 815 chipset, Intel® 820 chipset, Intel® 840 chipset, Intel® 850 chipset, or Intel® 860 chipset you have a excel

RE: 0.9.7

2001-09-05 Thread Ryan Hurst
Is the new ASN1 code complete? Or it they still be changing? Ryan -Original Message- From: Dr S N Henson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 05, 2001 4:41 PM To: [EMAIL PROTECTED] Subject: Re: 0.9.7 Ajay Nerurkar wrote: > > ValiCert's ASN.1 parser has been upgraded t

RE: openssl req BUG ( -passin env:pwd ignored)

2001-08-23 Thread Ryan Hurst
Massimiliano -- Would you be interested in having your CA's CRLs published to our public validation service? If you can provide me the CRL signing certificates I can arrange this. Ryan __ OpenSSL Project

RE: OCSP daemon

2001-07-30 Thread Ryan Hurst
A quick brain dump of the exisiting OCSP implementations and clients that are available include: Applications: ValiCert Apache Validator ValiCert Netscape (NSAPI) Validator ValiCert IIS (ISAPI) Validator ValiCert Desktop Validator (All CryptoAPI applications such as Outlook,

RE: ECDSAwithSHA1 support in OpenSSL

2001-07-27 Thread Ryan Hurst
, 2001 at 11:56:26AM -0700, Ryan Hurst wrote: > David -- > That is great news, given your current status how far do you think > you are from being able to verify a ECDSAwithSHA1 signed object? > > Ryan > > -Original Message- > From: David Stes [mailto:[E

RE: ECDSAwithSHA1 support in OpenSSL

2001-07-27 Thread Ryan Hurst
+5BALtvNI5yRgxh7jLB1oyAwHjALBgNVHQ8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zALBgcqhkjOPQQBBQADMQAwLgIVAbrUhBk9wcScc4FgCR208uGcN30LAhUB +fy2MRIUp21/XUso0WNGlZ9INwk= -END CERTIFICATE- -Original Message- From: Ryan Hurst [mailto:[EMAIL PROTECTED]] Sent: Friday, July 27, 2001 12:51 PM To: '[EMAIL PROTECTED]

RE: ECDSAwithSHA1 support in OpenSSL

2001-07-27 Thread Ryan Hurst
om: Dr S N Henson [mailto:[EMAIL PROTECTED]] Sent: Friday, July 27, 2001 11:28 AM To: [EMAIL PROTECTED] Subject: Re: ECDSAwithSHA1 support in OpenSSL Ryan Hurst wrote: > > Has any work been done to add ECDSAwithSHA1 (1.2.840.10045.4.1) to OpenSSL? > I see that the appropriate NIDs have bee

RE: OCSP daemon

2001-07-27 Thread Ryan Hurst
Massimiliano -- Glad to see your working on this effort :), I have a responder available for testing information about this responder can be found at http://www.valicert.com/ocsp. I am including a set of certificates for the CAs found at that page as well. VeriSign operat

RE: ECDSAwithSHA1 support in OpenSSL

2001-07-27 Thread Ryan Hurst
: Re: ECDSAwithSHA1 support in OpenSSL On Thu, Jul 26, 2001 at 07:36:24PM -0700, Ryan Hurst wrote: > Has any work been done to add ECDSAwithSHA1 (1.2.840.10045.4.1) to OpenSSL? > I see that the appropriate NIDs have been added in but I am assuming this is > simply a result of their inc

ECDSAwithSHA1 support in OpenSSL

2001-07-26 Thread Ryan Hurst
to verify the Certicom ECC root, I am aware of the patent issues involved in ECC but am curious if there are appropriate patches available to OpenSSL to support ECC natively or with a patch that would utilize the Certicom Security Builder SDK. Your help is appreciated, Ryan Hurst