Re: openssl can't connect from a single host

On 11/07/13 19:20, Ben Schmidt wrote: > Hello everyone, > > I got a problem that I don't understand. When I try to check the Cert of > a website from a single specific host I get: > ### > $ openssl s_client -connect www.example.com:443 > CONNECTED(0003) > -

Re: Possible to create a CSR from just a certificate?

On 15/05/13 18:37, Felipe Gasper wrote: > If I have an SSL certificate, it is possible to create a CSR with that > certificate’s subject and public key? A certificate request is signed by the private key so no, its not possible.

Re: SNI: What *doesn’t* support it?

On 20/04/13 06:06, Felipe Gasper wrote: > Hi folks, > > What are the big things out there that still don’t have SNI support? > > As far as I know: > > CentOS 5 (by default) > Android 2.x > original iPhone & iPod Touch > IE on WinXP > > I’m looking for “major obstacles to deployment”

Re: how to STORE encrypted string in database

On 29/03/13 05:24, Matthias Apitz wrote: > El día Thursday, March 28, 2013 a las 01:14:35PM -0500, Salz, Rich escribió: > >> Encrypted data is not a text string, it is an array of binary octets. You >> will have to do something like base64 encode/decode when treating it as a >> text string. >

Re: X509* and Extract Public Key?

On 11/02/13 14:12, Jeffrey Walton wrote: > Hi All, > > I'm trying to extract a public key (subjectPublicKeyInfo) form an X509 > certificate. > > Should I look for the subjectPublicKeyInfo in X509_EXTENSION_get_object? > > What is the easiest (or recommended) way? > > Jeff >

Re: BIO/SSL concepts and multiple connections

On 03/12/12 14:25, TJ wrote: > Can someone please explain these concepts to me? I can't find much > that explains it in plain English in the docs... I'd suggest using the apps/s_server.c of the openssl source as a reference. Its the implementation of the command "openssl s_server" and will contain

Re: SSL_set_tlsext_host_name and IDN

On Wednesday 23 September 2009 13:25:09 Victor Duchovni wrote: > On Wed, Sep 23, 2009 at 11:03:55AM +1000, Daniel Black wrote: > > Should SSL_set_tlsext_host_name convert the domain name to ACE as per > > RFC4366 3.1 where it talks about IDNA (RFC 3490)? > > On the wire, do

SSL_set_tlsext_host_name and IDN

Should SSL_set_tlsext_host_name convert the domain name to ACE as per RFC4366 3.1 where it talks about IDNA (RFC 3490)? __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: ( beginner ) how to send starttls command in smtp protocol ( as in the s_client )

On Sunday 09 August 2009 14:47:35 Meir Yanovich wrote: > Hello all > im trying to find the right code ( c++/c) to connect to smtp server using > starttls > i know it can be done using openssl according this tutorial : > http://qmail.jms1.net/test-auth.shtml > i need to translate it to real code . t

Re: TLS extension support

On Friday 18 September 2009 15:29:29 tensy joseph wrote: > but this all extensions are not supported in openssl 9.8k. > I have another query . > > If my server is using older openssl version like 9.8d which does not > support tls extension by default and my client is using openssl 9.8k which > s

Re: TLS extension support

On Wednesday 05 August 2009 17:09:54 rajanchittil wrote: > Hi ALL, Hi rajanchittil > I was trying to figure out the TLS extension supported by openssl. I have > gone thorough RFC 3546 (http://www.faqs.org/rfcs/rfc3546.html) .It mentions > 6 TLS extension could look at the updated rfc4366 too >

Re: Real-Time CRL handling

Vadim, >David, Daniel actually. >thanks a lot for the info. >If i understood correctly OSCP is a protocol which permits real-time >CRL retreival... its real time verification of a single certificate. >My sittuation is a little bit different: a third party application >will retrieve CRLs and wil

Re: Real-Time CRL handling

> Any idea how to approach this problem? OCSP > Maybe there is an example code somewhere? https://issues.apache.org/bugzilla/show_bug.cgi?id=41123 __ OpenSSL Project http://www.openssl.org User Su