Hi,
I am using openssl 1.0.2 on windows. as on windows, openssl could not
use os's default root ca folder as on ubuntu (/etc/ssl/certs).
and I do not use X509_STORE_add_cert() to add any root ca certificate files.
But when I use X509_verify_cert() to verify certificate that I get
from some url (e
After I set -tls1 -servername, I can get certificate chain information.
But in my code. I have used SSL_set_tlsext_host_name() to set host
name, but it can not get certificate chain.
On Tue, May 26, 2015 at 1:32 PM, Jeffrey Walton wrote:
> On Mon, May 25, 2015 at 11:17 PM, Jerry OELoo wr
Hi.
I found there is a website which has https support.
https://www.ib-channel.net/miegin/web/jsp/B02-01.jsp
and browser can show its certificate chain.
but when I use openssl to connect website, it returns fail.
openssl s_client -connect www.ib-channel.net:443
CONNECTED(0003)
write:errno=104
Hi.
I am using openssl 1.0.2 to do some ssl connection, now I am facing
some memory leak issue.
ssl = SSL_new(m_ctx);
sbio = BIO_new_socket(server, BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio);
SSL_connect()
...
//After handle, release resource
if(ssl)
SSL_shutdown(ssl);
Now I have some q
So, I can re-use g_ctx, but I need create a new g_ssl everytime, right?
BTW, X509_STORE *store = X509_STORE_new(); for store, Can I reuse it
as a global object?
On Wed, Mar 25, 2015 at 11:33 AM, Salz, Rich wrote:
>> From document, I think CTX can be initialize only once. But I do not know
>> g_
Hi.
Now when my application running, I will use SSL_connect() to connect
1000 different URLs.
I want to keep some openssl object as global variable then I do not
need to initialize/uninitialize again and again.
Here is my sample code.
g_ctx = SSL_CTX_new(method);
g_ssl = SSL_new(g_ctx );
//SSL_
);
X509_VERIFY_PARAM_free(param);
On Mon, Nov 17, 2014 at 3:43 PM, Viktor Dukhovni
wrote:
> On Mon, Nov 17, 2014 at 03:13:22PM +0800, Jerry OELoo wrote:
>
>> When I construct google's (www.google.com) certificate chain, it is
>> different with browser's
>>
>> [openssl A
Hi All:
I am using openssl 1.0.2 on windows 7 OS.
I have put some root certificate files into a folder certs. when I
using X509_STORE_load_locations() to load this folder into store, it
returns 1 means success,
but when I using X509_verify_cert(), it will return 0, and error shows
19(self signed
As I heard, OpenSSL 1.0.2 will do some improvement for
AuthorityInfoAccess, Am I right? Thanks!
On Wed, Jan 28, 2015 at 3:49 PM, Dave Thompson wrote:
>> From: openssl-users On Behalf Of Kurt Roeckx
>> Sent: Tuesday, January 27, 2015 17:14
>
>> On Tue, Jan 27, 2015 at 11:42:51PM +0300, Serj wrote:
Thanks Michael's information.
I am on Ubuntu OS, And I found that If I fopen file with rb, it will work fine.
On Tue, Jan 20, 2015 at 9:57 PM, Michael Wojcik
wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Jerry OELoo
>> Sent: Tuesd
Hi All:
I am reading cer file into X509 object,
http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer
cert = d2i_X509_fp(fp, NULL);
it will return fail, as below
Error: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
Lib: asn1 encoding routines
Func: ASN1_get_object
Reason: h
Hi All:
I am using X509_STORE_CTX_get1_chain() to get web site's full certificate chain.
Now I am encounter an issue that some web site does not return
intermediate CA certificate but only web site leaf certificate.
For example. https://globaltrade.usbank.com
Below is certificate I get.
Subject:
tion,
or what is correct coding process when support sni and non-sni
webiste. Thanks!
On Mon, Dec 29, 2014 at 5:20 PM, Matt Caswell wrote:
>
>
> On 29/12/14 08:32, Jerry OELoo wrote:
>> Hi.
>> I am using X509_STORE_CTX_get1_chain() to construct certificate chain
>> base
Hi.
I am using X509_STORE_CTX_get1_chain() to construct certificate chain
base on local root ca store. Now it works fine.
But when I access this website, https://www.sgetvous.societegenerale.fr/
I get a very strange result.
Peer cert subject[/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA] depth[1] er
Hi All:
I have used openssl command line to get some website's certificate
chain. Now, I want to show root certificate information. but I do not
find any command argument to do it.
openssl s_client -showcerts -CApath /etc/ssl/certs -connect
studentexclusives.hsbc.co.uk:443
I use -CApath to set ro
Hi Rich:
But why browser Chrome can show all certificate path? How did it do? Thanks!
On Wed, Dec 17, 2014 at 5:49 PM, Richard Moore wrote:
>
>
> On 17 December 2014 at 08:08, Jerry OELoo wrote:
>>
>> Hi All:
>> I am using openssl api to get website's certi
Hi All:
I am using openssl api to get website's certificate chain. Now, For
normal website, it works fine.
Now I encounter a website which certificate is expire,
https://soknad.sparebank1.no
I use X509_STORE_CTX_get1_chain() to get certificate chain, and from
online help
(https://www.openssl.org/
Hi All:
I am installing openssl in local path, and when I use
SSLeay_version(SSLEAY_VERSION); to get version, it will return "SSL
version: OpenSSL 1.0.1f 6 Jan 2014", But installed version is 1.0.1j.
It seems to get system installed version not my manually installed
version, So How can I get it.
P
Hi All:
I wonder when openssl 1.0.2 will officially release? Is there any
exact schedule? Thanks!
--
Rejoice,I Desire!
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
Hi All:
Now I want to create a certificate chain by myself.
It will looks like as below:
Server Certificate -> Intermediate CA -> Root CA.
Now I am using openssl command to create these certificate files.
# Create CA
openssl genrsa -out ca.key 4096
openssl req -new -x509 -nodes -sha1 -days 1825
Hi All:
Now I want to create a certificate chain by myself.
It will looks like as below:
Server Certificate -> Intermediate CA -> Root CA.
Now I am using openssl command to create these certificate files.
# Create CA
openssl genrsa -out ca.key 4096
openssl req -new -x509 -nodes -sha1 -days 1825
Hi All:
I have used openssl 1.0.1j to construct certificate chain from https
web site. Now I can construct certificate chain correctly for
facebook, twitter.
When I construct google's (www.google.com) certificate chain, it is
different with browser's
[openssl API]
www.google.com -> Google Interne
Hi
I have put some(100+) root CA certificate files in a folder, and Use
x509_store_load_locations() to set to store load location.
Then Use X509_STORE_CTX_init(), X509_verify_cert() to verify a certificate,
When X509_verify_cert() return 1, I want to know which Root CA passed
verify the certific
Hi All:
As I know, When calculate Public key in certificate, it's SHA1 value
is equal to Subject Key Identifier in certificate, and I verify this,
and found that some websites are follow this.
But when I go to www.google.com website, I find the leaf certificate
and intermediate certificate is ok,
-openssl-us...@openssl.org On Behalf Of Jerry OELoo
>> Sent: Tuesday, October 28, 2014 02:03
>
>> I use SSL_get_peer_certificate(), X509_get_pubkey() API to get web
>> site https certificate public key, when I dump public key, I find
>> which is not same as I see in browser (In Chrom
Hi All:
I use SSL_get_peer_certificate(), X509_get_pubkey() API to get web
site https certificate public key, when I dump public key, I find
which is not same as I see in browser (In Chrome, click padlock in URL
address bar, -> Connection -> Certificate information ->
Certificate->Details -> Publi
Hi
I have put some(100+) root CA certificate files in a folder, and Use
x509_store_load_locations() to set to store load location.
Then Use X509_STORE_CTX_init(), X509_verify_cert() to verify a certificate,
When X509_verify_cert() return 1, I want to know which Root CA passed
verify the certific
27 matches
Mail list logo