Hi Goetz,
Thanks again for the helpful reply.
> Let me guess:
>
> root CA -- signs --> client cert
> \- signs --> server cert
That's it.
> To do verify on both sides you need:
> * client: client key, client cert, root cert (to verify server cert)
> * server: server key, server cert
Anyone have an idea about why the following d2i_PKCS12_fp code fails in
windows using openssl 0.9.7c? It works find in Unix/Linux.
FILE *fp = (FILE *)NULL;
PKCS12 *p12 = (PKCS12 *)NULL;
fp = fopen( p12file, "r" );
if( (FILE *)NULL != fp )
{
p12 = d2i_PKCS12_fp( fp, (PKCS12 **)NULL );
On Thu, Dec 08, 2005, Perry L. Jones wrote:
> Anyone have an idea about why the following d2i_PKCS12_fp code fails in
> windows using openssl 0.9.7c? It works find in Unix/Linux.
>
> FILE *fp = (FILE *)NULL;
> PKCS12 *p12 = (PKCS12 *)NULL;
>
> fp = fopen( p12file, "r" );
> if( (FILE *)NULL
How do I add litessl.com chain certificate to openssl?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Hi Arno,
> Finally I got it running, with the expense of a stupid call to
> ERR_clear_error before each BIO I/O operation, slows down performance
> remarkable. Are there alternatives?
Check the return value from each SSL function. If any do not succeed
the call ERR_get_error() in a loop until i
Thank you,
This did not solve my problem but it did point me in the correct direction.
I could not get d2i_PKCS12_fp to work even after changing fopen to use
"rb" so I switch to using a BIO
BIO *fp = (BIO *)NULL;
PKCS12 *p12 = (PKCS12 *)NULL;
fp = BIO_new_file( p12file, "r" );
if( (BIO *)NUL
I want to create a public key that is the same strength as the private
key.
These are the openssl commands I am using:
PrivateKey:
openssl genrsa -out mykey.pem 2048
PublicKey:
openssl rsa -in mykey.pem -out mycert.pem -outform PEM -pubout
I need the public key to match the size constraints, a
Mark wrote:
I do things pretty much as you described except for the following:
* On server:
* if your server cert is signed by the root,
you can turn off sending of the root to the cert by
SSL_CTX_set_mode(ctx,SL_MODE_NO_AUTO_CHAIN)
I can't find this option (or similar) in the
On Thu, Dec 08, 2005 at 03:33:40PM -0600, Chevalier, Victor T. wrote:
> I want to create a public key that is the same strength as the private
> key.
Game over, the above demonstrates sufficiently deep confusion about RSA,
that you must not proceed any further until you see why it is absurd.
> I
Hi, I am using to OpenSSL as TLS client and server. I am using certificate chain of size 3 on both sides. On Server SideRootCA (root.pem)ServiceProviderCA (
spca.pem)ServerCert (server.pem)On Client SideRootCA (root.pem)ServiceProviderCA (spca.pem)ClientCert (client.pem)I have placed the certs an
Hummm Victor ?
You can cipher and decipher what you want as well as with a RSA public
and private keys ;-)
If you cipher with the public key you have to use the private associate
key of course and vice versa.
Best regards,
Philippe
Victor Duchovni wrote:
On Thu, Dec 08, 2005 at 0
On Fri, Dec 09, 2005 at 07:25:12AM +0100, [EMAIL PROTECTED] wrote:
> >RSA Public and private keys are not used to encrypt arbitrary data, there
> >are many complex traps to avoid because RSA is a commutative group. You
> >use RSA private keys to sign carefully constructed message digests that
> >
Try using one of these two
-verify arg - turn on peer certificate verification
-Verify arg - turn on peer certificate verification, must have a cert.
in the command, btw u can get the whole list of options in man s_server
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PR
13 matches
Mail list logo
