Thanks Dave for explanation.
One doubt regarding sentence " If a subjectAltName extension of type dNSName
is present, that MUST
be used as the identity(RFC 2818)"
What does this line means ?
Does it says if a certificate have different CN in issuer & subject field
but SubAltname: x.x.x.x which m
Hey Crypto guys,
I have a basic questions regarding Certificate validation. Basically in a
Server Authentication a TLS client should validate the CN/SN with Host
portion of the ACS.URL. If it matches then handshake will succeed else will
fail. Am I right ?
e.g.
if Host.Url=x.x.x.x then CN (in b
On Fri, May 18, 2012, Li, David wrote:
> Hi Experts,
>
> First time I am using AES-GCM mode to run the NIST test vectors. The API is:
>
> void AES_gcm128_encrypt(GCM128_CONTEXT *ctx,
> const unsigned char *in, unsigned char *out,
> size_t len)
>
>
> After initi
David:
This is just a quick and dirty superficial guess, but are you copying from
the correct place in memory? I.e., is the value of: ctx.Xi.c, a pointer to
the address that holds the first byte of the tag? If you do a byte-wise
dump of the entire structure and then do visual pattern matching for
Hi Experts,
First time I am using AES-GCM mode to run the NIST test vectors. The API is:
void AES_gcm128_encrypt(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len)
After initialization and encryption, my cipher text matched the one fro
On Thu, May 17, 2012, Greg Wittmeyer wrote:
> Hello all, hope someone can help.
>
> I upgraded from 1.0.0d to 1.0.1c and immediately started getting this error:
>
> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>
It's a known issue. The latest snapshots could fix it, or appl
Gentle people,
I am encoding some extra fields in the request (and the signed cert). And have
two related puzzels:
1) I had naively expected below construct to create a single sequence of
two object/integers under a single object:
# openssl.cnf snippet.
[v