Hi, all,
I recently created a certificate chain, on which some certificates
happen to have “empty” issuers/subjects. Clearly, these certificates
violate Section 4.1.2.4, RFC5280: “The issuer field MUST contain
a non-empty distinguished name (DN)”. Meanwhile, the chain can
still pass certifica
I ran into the same issue on my FIPS journey a few years ago. I'm assuming
you are building for windows in which case setting the /FIXED flag is the
right thing to do, however you cannot be guaranteed to get the address you
specify - it may already be occupied in which case the dll will be re-based
*Appreciate any help on the following.*
1.
Built OpenSSL Fips Module and then 'static binaries' of FIPS capable
OSSL which 'statically link to the windows run-time'. Thus, my application
binary (FipsApp.exe) does not depend on OSSL DLLs.
2.
Consumed these static binaries namely
> There isn't a key specific format for Ed25519.
> You need to use i2d_PUBKEY() for that.
I used EVP_PKEY_get_raw_public_key which got added for these raw keys,
works fine for Ed25519.
On the EVP_PKEY_get_raw_public_key.html page, it would help if it
mentioned that *len should be set to the pa
On 04/12/2019 11:22, Angus Robertson - Magenta Systems Ltd wrote:
>>> It seems the EVP_PKEY_RSA_PSS addition was only committed 28th
>>> October 2019, so need to wait for 1.1.1e, hopefully real soon...
>>
>> Ah, that explains it!
>
> Now tested with 1.1.1e-dev and I can generate a JWK from an
> > It seems the EVP_PKEY_RSA_PSS addition was only committed 28th
> > October 2019, so need to wait for 1.1.1e, hopefully real soon...
>
> Ah, that explains it!
Now tested with 1.1.1e-dev and I can generate a JWK from an RSA-PSS key.
Since JWK is for signing, I also tried to support ED25519 p
On 03/12/2019 19:07, Angus Robertson - Magenta Systems Ltd wrote:
>>> Agreed, code looks clear enough, but was this was for 1.1.1 or
>>> master?
>>
>> This code looks the same in 1.1.1 and master.
>
> It seems the EVP_PKEY_RSA_PSS addition was only committed 28th October
> 2019, so need to wai
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I'm trying to sign a csr by running
`CA=signing-ca openssl ca -verbose -config /etc/simple-pki/ca-ssl.conf -name
signing_ca -in /tmp/tmp.Qz3EoKa0S4/fileserver-lo.ddns.eckner.net.csr -out
/tmp/tmp.Qz3EoKa0S4/fileserver-lo.ddns.eckner.net.crt -