Jakob,
thanks for your reply.
> most server
> software can be configured with a list of valid
> client-cert-issuers and the SSL protocol supports that
I didn't know this is possible. I'll start researching in this direction
immediately as this sounds like the solution to the problem.
Thanks a
Hello Jeff,
Thanks for that. But IDE still needs a server and binary secrets to be
held. I just want a simple pass phrase based scheme. It is odd that this
is not more commonplace.
Anthony
On Wed, Feb 15, 2012 at 12:36 PM, Jeffrey Walton wrote:
> On Tue, Feb 14, 2012 at 7:53 PM, anthony be
On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas wrote:
> Hello All,
>
> I want to set up a simple system in which the private key is derived
> entirely from a pass phrase.
>
> I.e. the pass phrase provides all the "Entropy" that is used. This means
> that the private key can be regenerated from
Hello All,
I want to set up a simple system in which the private key is derived
entirely from a pass phrase.
I.e. the pass phrase provides all the "Entropy" that is used. This means
that the private key can be regenerated from the pass phrase at any time,
without needing to maintain a secure key
On Tue, Feb 14, 2012, Timothy Kay wrote:
> We have been baffled for a long time that curl cannot access websites that
> work just fine in the browser (unless we use --insecure, of course). The
> curl documentation points you to http://curl.haxx.se/docs/sslcerts.html,
> which explains that your ser
On Tue, Feb 14, 2012 at 4:42 PM, Johan Samyn wrote:
> Hi,
> I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
> except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
> in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added
> to the Avira VDF
On 14-02-2012 22:58, Wim Lewis wrote:
> On 14 Feb 2012, at 1:42 PM, Johan Samyn wrote:
>> Hi,
>> I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
>> except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
>> in the file .../openssl-1.0.0g/test/asn1test.exe. Th
Hi,
> I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
> except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
> in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added
> to the Avira VDF file on 2012-01-18.
> Avira denies access to it, so th
Hi,
I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added
to the Avira VDF file on 2012-01-18.
Avira denies access to it, so that file is
On 2/14/2012 6:46 PM, Timothy Kay wrote:
> We have been baffled for a long time that curl cannot
> access websites that work just fine in the browser
> (unless we use --insecure, of course). The curl
> documentation points you to
> http://curl.haxx.se/docs/sslcerts.html, which explains
> that you
I have code that takes a pem and does the PEM_read_bio_X509 to load
the certificate, then does
doStuff(SSL_CTX* actx, X509 *cert509) {
X509_STORE *store = SSL_CTX_bet_cert_store(actx);
X509_STORE_add_cert(store, cert509);
}
And everything is all hunky and dory if the subject and issuer match, the
On Tue, Feb 14, 2012, Timothy Kay wrote:
> Erik,
>
> Thanks for the pointer. It's very helpful.
>
> HOWEVER, I can give you dozens of different sites that do it wrong, yet
> they all work in the browsers. Clearly that particular part of the spec is
> no longer relevant, and openssl should be upd
On Tue, Feb 14, 2012 at 3:22 PM, Timothy Kay wrote:
>
> Thanks for the pointer. It's very helpful.
>
> HOWEVER, I can give you dozens of different sites that do it wrong, yet they
> all work in the browsers. Clearly that particular part of the spec is no
> longer relevant, and openssl should be up
Erik,
Thanks for the pointer. It's very helpful.
HOWEVER, I can give you dozens of different sites that do it wrong, yet
they all work in the browsers. Clearly that particular part of the spec is
no longer relevant, and openssl should be updated. It's not a complicated
fix, after all.
What's the
The SSL specification indicates that the ServerCertificate message should
contain:
certificate_list: This is a sequence (chain) of X.509.v3
certificates, ordered with the sender's certificate first followed
by any certificate authority certificates proceeding sequentially
up
On 2/14/2012 1:09 PM, T. Valent wrote:
Hi!
My root-cert will expire in a few months. I'm now planning a migration
to renew the certificates. The goal is to ensure a seamless migration
without loss of service by updating the servers and clients certificates.
Currently I'm lacking a plan how to d
Hi!
My root-cert will expire in a few months. I'm now planning a migration
to renew the certificates. The goal is to ensure a seamless migration
without loss of service by updating the servers and clients certificates.
Currently I'm lacking a plan how to do the migration. The problem is
that I ca
17 matches
Mail list logo
