George Adams wrote:
1) Why isn't everyone using stronger public/private key pairs? Nobody
who seems to offer SSL certs (Verisign, Thawte, GoDaddy, Comodo) tells
their customers to generate 2048-bit keys with OpenSSL. Obviously
they're not worried - why not?
It's really up to you to
Look at X509_REQ_* functions.
Subash Kalbarga wrote:
Hi all
I am trying to fit a CSR generating capability into a small footprint
embedded system.
Note that I already have the openssl library in there
Openssl is about 300K in size which I want to avoid copying over if I
can just for
Orginally I was using SSL_get_peer_cert_chain() func, which I though
was giving me the cert chain built up
to verify the peer cert from the certs that i added to the
SSL_CTX-cert_store , but then I discovered that
it really is the cert chain given by the client during the TLS
handshake. That
I am looking at adding OCSP to a TLS handshake, and trying to figure out
the intended use of the callback function
in SSL_CTX_set_verify().
From what I gather for each certificate in a chain it will call the
verify_callback func() .
In that function that I provide, I can make my OCSP or SCVP
Does OpenSSL's path validation logic support Bridge PKIs?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
The man pages says for EncryptInit It is possible to set all parameters
to NULL except type in an initial call and supply the remaining parameters
in subsequent calls, all of which have type set to NULL. This is done
when the default cipher parameters are not appropriate.
Does that mean you