On 22/03/2011 09:24, Crypto Sal wrote:
Me thinks they don't understand Client Authentication/Digital
Certificates. The server doesn't typically need to verify up to the
root, they provide a list of acceptable client CA names during the
handshake.
I'm using a CAfile that has all of the
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ikuzar
Sent: Friday, March 18, 2011 5:41 AM
To: openssl-users@openssl.org
Subject: Re: data size issue with SSL_read( ) / SSL_write
Ryan, what is the suitable cipher suite that works fine (
Hi all
I am working on implementing hierarchical pki in java. For that i am using
openssl for certificate purpose.All work fine for me but i am struck at one
point.
*
1. openssl ca -config abhi1\rootca1\rootca1.conf -batch -notext -out
abhi1\i2\ca.crt -in abhi1\i2\ca.csr
ExitValue: 1*
Using
Hello,
1) I do not know when must I use pem or der format when I deal with data
encoding.
For example, now, I have to read DHparam file. I created it with command
line. I chose DHparam.pem because PEM is commonly used...
2) So, I am looking for PEM encode/decode functions which help me to
Hello,
I 'd like to know what is the real signature of d2i_DHhparams. When I run my
appli, I have got this error :
error: cannot convert ‘unsigned char (*)[256]’ to ‘const unsigned char**’
for argument ‘2’ to ‘DH* d2i_DHparams(DH**, const unsigned char**, long
int)’
In openssl doc, we have :
DH
Hi,
I though this was already discussed, but I cannot find pointers.
When some entity verifies a certificate, finds a valid signature
etc but the current date is not between Valid From to Valid
To, meaning the certificate seems not yet valid or expired,
what is recommended to do?
I think,
I have a signed personal certificate and a list of CAs that chain
together. Towards the top of the chain, I run into problems because
the CAs are cross-signed. The Issuer: field for CA1 is CA2, and
the Issuer: field for CA2 is CA1.
When I run openssl verify kdreyer.pem, OpenSSL is able to follow
On Thu, Mar 10, 2011, Christian Weber wrote:
Hi there,
in the past we have implemented some templates for x509v3
extensions for certificates due to being able to handle
some attributes defined in common-pki 2.0.
One of the more structured attributes is admission:
id-isismtt-at-admission
On 3/22/2011 9:07 AM, Steffen DETTMER wrote:
When some entity verifies a certificate, finds a valid signature
etc but the current date is not between Valid From to Valid
To, meaning the certificate seems not yet valid or expired,
what is recommended to do?
It depends what you're doing.
I
I have pushed a BIO_f_buffer onto my BIO stack to get output buffering, This
works fine. However, when I read from the BIO_f_buffer, it only returns when
the buffer I give it is full. This is unlike the normal behavor of the below
it in the stack, and different from a direct read.
Is this the
Hello,
I 'd like to know :
1) if exponent x in g^x must be a great prime number. In some docs I saw, it
is said that x must b a GREAT number but no information about primality ..
2) May generation of 'x' run for hours like related here :
Although the generator g can be any number, it is typically 2 or 5.
In fact, this is all that OpenSSL supports (values 2 or 5 for g). The
typical situation is this:
(1) Alice and Bob generate random secret values a and b. If a or b
happen to be prime, that is fine - but they need not be.
(2)
4 numbers to make signs curvilinear. make a 1 in the ratings this
made orthogonal form which brings up four primitive imagination. This
is the next civilization
Le mercredi 23 mars 2011 à 01:12 +0100, ikuzar a écrit :
Hello,
I 'd like to know :
1) if exponent x in g^x must be a great prime
1)The exponent x in DH can be any number.It should be big enough to
bear attack.The source in DH told us what exponent x can be.
ref:dh_key.c
if (generate_new_key)
{
l = dh-length ? dh-length : BN_num_bits(dh-p)-1; /* secret exponent
length */
if (!BN_rand(priv_key,
On Tue, Mar 22, 2011, Victor Duchovni wrote:
client() has some code like this:
SSL_CTX_set_ex_data(a_ctx-a_ssl_ctx, myidx, a_ctx-cb_arg);
No, don't do that, the SSL_CTX application context object is global.
I was demonstrating that the callback API has some problems.
If the common(?)
15 matches
Mail list logo