Hello guys,
I would like to know whether my understanding about certificate renewal is
correct or not.
To renew the certificate:
1. we need to generate a new CSR from the private key
2. revoke the old certificate
3. get the new CSR signed by the CA with validity extended
The fields that are com
This should happen if and only if the client cert is revoked.
If you don't give the server the CRL(s), and since openssl (so far)
doesn't use OCSP itself (though it supports an app using it),
the server doesn't know the client cert is revoked and it accepts
the connection, which may be fr
> From: owner-openssl-us...@openssl.org On Behalf Of Matt Caswell
> Sent: Monday, January 20, 2014 15:45
> On 20 January 2014 15:34, khan wahid wrote:
> > Hi,
> > I am trying to implement DH key exchage using openssl in the same
program,
> > so I generate DH parameters once, and then transfer th
On Mon, Jan 20, 2014, no_spam...@yahoo.com wrote:
>
> Can you give me any information with regards to how the exploitation of
> CVE-2013-6450 against 0.9.8y may manifest itself? If not a DoS, could it
> cause a process using libssl to core, cause libssl to return an "okay" when
> it should retur
Dr. Henson,
Can you give me any information with regards to how the exploitation of
CVE-2013-6450 against 0.9.8y may manifest itself? If not a DoS, could it cause
a process using libssl to core, cause libssl to return an "okay" when it should
returned an error status, leak sensitive informatio
On 20 January 2014 15:34, khan wahid wrote:
> Hi,
> I am trying to implement DH key exchage using openssl in the same program,
> so I generate DH parameters once, and then transfer the p and g to another
> DH object, here is my code-
>
> #include
> #include
> #include
> #include
> #includ
Hi,
I am trying to implement DH key exchage using openssl in the same program, so I
generate DH parameters once, and then transfer the p and g to another DH
object, here is my code-
#include
#include
#include
#include
#include
void hexprint(unsigned char *printBuf, int len)
{
On Mon, Jan 20, 2014, Chinmaya Dwibedy wrote:
> Hi Dr. Stephen,
> I had downloaed the openssl-1.0.0d.tar.gz
> from http://www.openssl.org/source/.
> After installation in my Linux system , the #openssl version shows the openSSL
> 1.0.0d-fips.
>
By default OpenSSL is installed under /usr/local/
Hi Dr. Stephen,
I had downloaed the openssl-1.0.0d.tar.gz
from http://www.openssl.org/source/.
After installation in my Linux system , the #openssl version shows the openSSL
1.0.0d-fips.
Regards,
Chinmaya
On Monday, January 20, 2014 5:50 PM, Dr. Stephen Henson
wrote:
On Mon, Jan 20, 2014
On Mon, Jan 20, 2014, Chinmaya Dwibedy wrote:
> Hi All,
> I downloaded the openssl-1.0.0d.tar.gz. Build the openssl with
> enabled the ec and ecdh (Elliptic curve Diffie???Hellman Group) support as
> stated
> below.
> 1. ./config enable-ec enable-ecdh
> 2. make
> 3. make test
>
Hello guys,
seen in changelog
The functions X509_STORE_add_cert() now checks for an
exact match, rather than just subject name.
Can someone please explain me how to debug this and make things work?
Maybe because certificates are wrong...or using deprecated api?
PS: the problem with
Hi All,
I downloaded the openssl-1.0.0d.tar.gz. Build the openssl with
enabled the ec and ecdh (Elliptic curve Diffie–Hellman Group) support as stated
below.
1. ./config enable-ec enable-ecdh
2. make
3. make test
4. make install
But upon checking whether ECDH has b
Mario Lombardo wrote:
> Hi *,
>
> this is just an idea. However it would increase the security of our crypto
> system in case a trusted CA has been compromised.
>
> The idea is to implement a DNS lookup of a host whenever a ssl connection is
> going to be established. The lookup may search the TX
Hi *,
this is just an idea. However it would increase the security of our
crypto system in case a trusted CA has been compromised.
The idea is to implement a DNS lookup of a host whenever a ssl
connection is going to be established. The lookup may search the TXT
record of the domain. This re
14 matches
Mail list logo