Hi steve,
Thanks. Got it.
That means we can't differentiate between CA and end-entity in case of V1
certificate.
We can only find out if the V1 cert is a self-signed certificate or not.
Correct ?
Regards,
Sanjaya
On Wed, Sep 26, 2012 at 2:36 AM, Dr. Stephen Henson wrote:
> On Tue, Sep 25, 2012
> That shouldn't be happening at all. The translation of OpenSSL calls to
the
> FIPS_* form should only occur in the FIPS module itself, the FIPS capable
> OpenSSL should have the same functionality as normal but it will call the
> FIPS_* functions when necessary.
>
Thanks for the heads up. I so
Oh! Also,
1. whenever I have problems with VS I *always* suspect precompiled header
issues. Try turning off pre-compiled headers, do a Clean, and a Rebuild, and
see if the problems go away.
2. Watch out for Unicode issues. This project is compiled "Use multi-byte
character set" which is MS-speak
The following compiles without error in MS VS 2010 C++. Yes, I know
is in there twice: no reason, it just is.
#include "targetver.h"
// Watch out! winsock2 and friends has to be ahead of most things
#include "Ws2tcpip.h"
// Ws2tcpip always needs Ws2_32.lib. You can put it here or in the linker
i
>From: owner-openssl-us...@openssl.org On Behalf Of David William
>Sent: Tuesday, 25 September, 2012 07:07
>I am writing a soap request and I am using SSL_VERIFY_NONE flag mode
>because that was the only way that I could actually do the request
>to the server.
>I tried the others mode flags (SSL
>From: owner-openssl-us...@openssl.org On Behalf Of Gloria Binette
>Sent: Tuesday, 25 September, 2012 07:42
>I have been tasked with using OpenSSL to create certificates and
>then use them with Glassfish. I have created the CA, CSRs and CRTs,
>have tried various ways to import them into
Since I have access to these messages with Gmane, I surely don't need the
email as well. Does anyone have a clue how I can stop getting the email sent
to my account? It is the busiest of them by far. Thanks.
> -Original Message-
> From: owner-openssl-us...@openssl.org [mailto:owner-opens
I'll send you my exact VS 2010 .h sequence tomorrow.
--
Sent from my mobile phone. Please excuse my brevity.
Charles
"Dr. Stephen Henson" wrote:
On Tue, Sep 25, 2012, david preetham wrote:
> am trying to build wpa_supplicant which is referencing openssl header file
> x509v3.h on Visual studio
On Tue, Sep 25, 2012, david preetham wrote:
> am trying to build wpa_supplicant which is referencing openssl header file
> x509v3.h on Visual studio 2005. while i am building compiler hitting
> x509v3.h header file and finding hell lot of errors. Can anybody please
> help me.
>
> 1>D:\Interworki
On Tue, Sep 25, 2012, sanjaya joshi wrote:
>
> We can conclude an X509 V1 certificate to be a root ca using
> (EXFLAG_V1|EXFLAG_SS).
> Similarly, is there a way to know whether an X509 V1 certificate is an
> intermediate CA or end-entity certificate ?
>
You can't: there is nothing in a V1 certi
On Tue, Sep 25, 2012, blaan...@rockwellcollins.com wrote:
> I've been using openssl-fips for a couple of years. I'm looking to
> upgrade to 2.0 because of the slow (~10 seconds) integrity check on my
> platforms when using version 1.2 when I call "FIPS_mode_set()".
>
> I've got the FIPS canist
I've been using openssl-fips for a couple of years. I'm looking to
upgrade to 2.0 because of the slow (~10 seconds) integrity check on my
platforms when using version 1.2 when I call "FIPS_mode_set()".
I've got the FIPS canister built, and I've got the openssl 1.0.1c
libraries all compiled, an
Can you figure out a way to do it from the v1 fields? keyUsage is an
extension requiring v3.
-Kyle H
On Sep 24, 2012 11:28 PM, "sanjaya joshi" wrote:
> Hi,
>
> We can conclude an X509 V1 certificate to be a root ca using
> (EXFLAG_V1|EXFLAG_SS).
> Similarly, is there a way to know whether an X5
>>> I remember seeing somewhere that OpenSSL supports Intel AES instruction
>>> set. If so, which release is that and what flag is needed to
enable it.
>>> Does the 'no-asm' flag in 'Configure' disable the use of these
instructions?
Look on the Contribution page.
http://openssl.org/contrib/
On 9/25/2012 6:12 PM, Erwann Abalea wrote:
Bonjour,
Le 25/09/2012 14:16, Jakob Bohm a écrit :
> On 9/25/2012 11:11 AM, Erwann Abalea wrote:
>> Le 24/09/2012 21:03, Jakob Bohm a écrit :
>> > Does that work with any other serious X.509 validation toolkit?
>>
>> It should.
And in fact, OpenSSL wor
Is the AES-NI support enabled by default for x84/x86_64 architecture or do we
need to set specific flags to 'Configure' to enable the support?
I found a link from Intel:
http://software.intel.com/en-us/articles/boosting-openssl-aes-encryption-with-intel-ipp/
What does it offer that is differen
Bonjour,
Le 25/09/2012 14:16, Jakob Bohm a écrit :
On 9/25/2012 11:11 AM, Erwann Abalea wrote:
Le 24/09/2012 21:03, Jakob Bohm a écrit :
> Does that work with any other serious X.509 validation toolkit?
It should.
And in fact, OpenSSL works correctly, at least versions 1.0.1 (Ubuntu),
and 1
What is the code in x509v3.h in the vicinity of lines 180 to 200?
My line 192 does not have a ')' in it.
Do you get any errors *preceding* the errors in x509v3.h?
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of david preetham
Sent: Tu
Hi Praveen,
In linux you would expect extension to so files as such
you have received. I think when we use system.loadlibrary method will get
errors so have to execute using system.load method.
Regards,
kondlada
On Tue, Sep 25, 2012 at 10:23 AM, Thakur, Praveen Kumar <
praveenk
Hello,
I'm trying to get FIPS enabled openssl 0.9.8x for iOS (armv7), but all my
attempts do not succeed. There is a very good guide how to build FIPS Object
Module for iOS at http://www.openssl.org/docs/fips/UserGuide-1.2.pdf, but it
does not describe how to build openssl with FIPS enabled for
Hi,
I have compiled OpenSSL 1.0.1c. After compilation libs which are generated
contains version number as 1.0.0.
For example: libssl.so.1.0.0, libcrypto.so.1.0.0
Is this a defect with OpenSSL 1.0.1c? Ideally library names should have been
libssl.so.1.0.1, libcrypto.so.1.0.1
Thanks,
Praveen
On 9/25/2012 11:11 AM, Erwann Abalea wrote:
Bonjour,
Le 24/09/2012 21:03, Jakob Bohm a écrit :
> Does that work with any other serious X.509 validation toolkit?
It should.
When trying to build a valid certification path, all possibilities have
to be tested until one of them succeeds. If a CA gi
Hi,
I am writing a soap request and I am using SSL_VERIFY_NONE flag mode
because that was the only way that I could actually do the request to the
server.
I tried the others mode flags (SSL_VERIFY_PEER,
SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE) but none of
them worked. I got the
On 24.09.2012 23:56, Alex Chen wrote:
Sorry I did not use new mail command to start a new topic. Let me start
over again.
I remember seeing somewhere that OpenSSL supports Intel AES instruction
set. If so, which release is that and what flag is needed to enable it.
Does the 'no-asm' flag in
Just for the records: my workaround was to check the expiration date
while dumping the certificates into the file, and skipping the expired
ones. Further, I dump the certificates once a day to avoid issues with
certificates expired after doing the dump.
regards
Klaus
On 13.09.2012 17:09, Erik
Bonjour,
Le 24/09/2012 21:03, Jakob Bohm a écrit :
Does that work with any other serious X.509 validation toolkit?
It should.
When trying to build a valid certification path, all possibilities have
to be tested until one of them succeeds. If a CA gives a good signature,
but fails for whateve
26 matches
Mail list logo