> Dave Thompson said:
>
> The problem is not in accepting the cert, the problem is you received no
> response (serverhello) at all, much less a cert.
> When I try with vanilla 1.0.1c it works, but only TLSv1.0.
>
> There have been reports of some server software failing because the
> clienthello
On Fri, Dec 7, 2012 at 5:05 AM, LN wrote:
>
> ...
>
>> MS CAPI has an option to mark a private key as "exportable" when you
>> create or install it, which means that the private key can then be read
>> anyway, but I don't know if that feature is used by the OpenSSL "CAPI
>> Engine". It is almost
Inline.
--
Erwann ABALEA
Le 07/12/2012 11:26, Ralph Holz a écrit :
Hi,
Yes, that clarifies the issue for me.
One thing I am wondering about now (as a user) would be how to get
openssl to disregard any local trusted cert list - i.e. how do I get it
to act on the provided CAFile only?
"openss
Hi,
Yes, that clarifies the issue for me.
One thing I am wondering about now (as a user) would be how to get
openssl to disregard any local trusted cert list - i.e. how do I get it
to act on the provided CAFile only?
Do I need to remove the complete local root store? Or can I set the
CAPath to "
On 12/07/2012 11:05 AM, LN wrote:
> I have a feeling it does so because I tried to save that returned
> EVP_PKEY to a PEM file with PEM_write_bio_PrivateKey and then to load it
> back from the same file with PEM_read_bio_PrivateKey.
> Saving worked, but loading failed (with some decoding error
Thanks for reply, Jakob.
> Your are probably right. Microsoft CAPI essentially treats all its key
> storages like physical smart cards, which means that by default, you cannot
> extract the private key using any documented method (if at all),
> ...
It's confusing... OpenSSL provides an API t