Jackob,
I thank you for all this. I will be studying it over the coming week(s).
Bob
On 8/15/19 5:39 PM, Jakob Bohm via openssl-users wrote:
[Top posting to match]
Note that the actual DC name element is still used for actual domains
when interacting with Microsoft Active Directory authenti
[Top posting to match]
Note that the actual DC name element is still used for actual domains
when interacting with Microsoft Active Directory authentication,
including associated X.509 certificates. So it shouldn't be used for
something contrary.
The shortest useful form in terms of certifi
On 8/15/19 4:13 PM, Salz, Rich wrote:
subjectAltName is rarely marked as critical; sec 4.2.1.6 of PKIX says "SHOULD mark
subjectAltName as non-critical"
Fine with me.
I can believe that OpenSSL doesn't support empty subjectName's. An empty one,
with no relative disintuished name compone
subjectAltName is rarely marked as critical; sec 4.2.1.6 of PKIX says "SHOULD
mark subjectAltName as non-critical"
I can believe that OpenSSL doesn't support empty subjectName's. An empty one,
with no relative disintuished name components, is not the same as not present.
There are a number of things I am not clear on, and so far my searching
and reading is coming up short.
If there is no subjectName, only subjectAltName, is the subjectName
still present in the cert only empty or is it totally gone.
I have found that if I put
-subj /
in the openssl req, I en
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Dan Heinz
> Sent: Thursday, August 15, 2019 13:19
> blows up. Not entirely conventional, but it might be revealing.
>
> It is actually in a call to libxml2 and does not
> appear to be related to OpenSSL. Now I just nee
>The output certainly suggests something is calling TlsAlloc between the call
>made for destructor_key.value and the one for private_drbg, and that index is
>never freed. You always get 7 when allocating destructor_key.value because
>that >index was freed when you unloaded OpenSSL, and so it's t
Hi,
I want to read several bespoke ASN1 types from a BIO. DECLARE_ASN1_FUNCTIONS
does not include d2i bio routines, so what is the best way to define them?
I have seen both ASN1_item_d2i_bio() and ASN1_d2i_bio_of() and it is not clear
to me why one might be used over the other.
E.g. cms_io.c
On 8/14/19 6:47 PM, Michael Richardson wrote:
Robert Moskowitz wrote:
> I am fiddling around with an intermediate CA signing cert that the CA's
> 'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address. Actually a
> Hierarchical HIT as in draft-moskowitz-hierarchical-hip
Richard Levitte wrote:
> On Thu, 15 Aug 2019 00:47:41 +0200, Michael Richardson wrote:
>>
>>
>> Robert Moskowitz wrote: > I am fiddling around
>> with an intermediate CA signing cert that the CA's > 'name' is it HIP
>> (RFC 7401) HIT which is a valid IPv6 address. Actua
10 matches
Mail list logo