Hi Wim,Thank you for your quick response.1. Yes. I called EVP_PKEY_new()
before calling EVP_PKEY_assign_RSA(pEvpkey, rsa);
2. For your second quetion: no. I have not checked there is anything in the
openssl error stack.
I will check the openssl error stack.
3. (1). If it works, is
On 4. des. 2018, at 4:00 e.h., zhongju li via openssl-users
wrote:
> Now I need to convert the key in RSA format to EVP_PKEY, then to PKCS#8. I
> have tried the following functions, all of these functions return 0 (failure)
> without any further debugging information/clues:
>
Hello,I am working on a small homework which requires convert pvk private key
to PKCS#8 format. The code is based on OpenSSL 1.0.2. I can get pvk private key
components (Public exponent, modulus, prime1, prime2, exponent1, exponent2,
coefficient, private exponent) properly, and convert to a
On Tue, Dec 04, 2018 at 04:15:11PM +0100, Jakob Bohm via openssl-users wrote:
> > Care to create a PR against the "master" branch? Something
> > along the lines of:
> >
> > "Provided chain ends with untrusted self-signed certificate"
> >
> > or better. Here "untrusted" might mean not
> "Provided chain ends with unknown self-signed certificate".
I like this.
IMHO "unrecognized" would be more confusing.
I hope the team makes up their mind quickly.
On 12/4/18, 6:17 PM, "openssl-users on behalf of Michael Wojcik"
wrote:
> From: openssl-users
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jakob Bohm via openssl-users
> Sent: Tuesday, December 04, 2018 08:15
> > Care to create a PR against the "master" branch? Something
> > along the lines of:
> >
> > "Provided chain ends with untrusted self-signed
Thanks again Rich. If anyone else has any ideas please share.
From: "Salz, Rich"
Date: Tuesday, December 4, 2018 at 12:56 PM
To: "anipa...@cisco.com" , "openssl-users@openssl.org"
Subject: Re: [openssl-users] OCSP response signed by self-signed trusted
responder validation
Perhaps you can
Perhaps you can build a trust store to handle your needs. I am not sure.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Thanks for the quick response Rich!
Just a quick follow on.
Per RFC6960 for OCSP, there are 3 options:
All definitive response messages SHALL be digitally signed. The key
used to sign the response MUST belong to one of the following:
- the CA who issued the certificate in question
The responder isn’t supposed to be self-signed. It’s supposed to be signed by
the CA issuing the certs. That way you know that the CA “trusts” the responder.
Now, having said that, what you want to do is reasonable – think of it as “out
of band” trust. You will probably have to modify the
Have a question with implementing an OCSP requestor that can handle validating
an OCSP response that is not signed by the CA who issued the certificate that
we are requesting the OCSP status for but rather, the OCSP response is signed
by a self-signed trusted responder that includes the OCSP
On 04/12/2018 04:56, Sam Roberts wrote:
> Do they overlap in purpose, so the cipher list can be used to limit
> the signature algorithms? Or are the signature algorithms used for
> different purposes than the cipher suites in the cipher list?
The answer varies depending on whether you are
On 01/12/2018 21:53, Viktor Dukhovni wrote:
On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
Are there compatibility concerns around changing error message
text for which users may have created regex patterns in scripts?
I agree the text could be better, but not sure in what
13 matches
Mail list logo