Option to disable NSURLErrorSomain:-1205? (Safari bug with SSL-client-auth)

Apple/Safari browsers (all current versions) have a bug where if they attempt to connect to a SSL client-authenticated website, and have client certs in their keystore whos signers/chain is not solicited during SSL handshake.. then Safari may send the unsolicited cert anyway. This is a problem even

Re: Option to disable NSURLErrorSomain:-1205? (Safari bug with SSL-client-auth)

Most SMTP clients send client certificates even when the signing CA isnot solicited. The Postfix SMTP server does not complain if the client certificate verification fails. The key issue is coding the server-sideverification callback correctly, so that the session is not rejecteddespite the unverif

Howto add cert extensions for x500UniqueIdentifier, and logos?

Hi all, I'm trying to add the x500UniqueIdentifier attrib to a cert request, and/or at the signing stage, but am not having success. Using 0.9.8c, the [x509_extensions] attrib: x500UniqueIdentifier = 'foo' causes: Error Loading extension section local_ca_extensions 1972:error:0E06D06C:configura

Howto add cert extensions for x500UniqueIdentifier, and logos?

Hi all,I'm trying to add the x500UniqueIdentifier attrib to a cert request,and/or at the signing stage, but am not having success. Using 0.9.8c,the [x509_extensions] attrib:x500UniqueIdentifier = 'foo'causes:Error Loading extension section local_ca_extensions1972:error:0E06D06C:configuration file

Support for octet (file) import by the built-in ASN.1 compiler, from openssl.cnf?

Hello, Does anyone know if there is some syntactical sugar that will allow us to import binary data from a file, from within openssl.cnf? Specifically, I want to experiment with importing photo-ids (jpegs) into the a cert/req. I found, and am able to use, the new arbitrary-oid/built-in compiler

Support for octet (file) import by the built-in ASN.1 compiler, from openssl.cnf?

Hello, Does anyone know if there is some syntactical sugar that will allow us to import binary data from a file, from within openssl.cnf? Specifically, I want to experiment with importing photo-ids (jpegs) into the a cert/req. I found, and am able to use, the new arbitrary-oid/built-in compiler

Cannot create custom OIDs: a2d_ASN1_OBJECT:first num too large

With the following in my config file, and trying to create a new OID (the example below being some from the new EV-SSL draft): HOME= . oid_section = new_oids [ new_oids ] 1.3.6.1.4.1.311.60.2.1.1= jurisdictionOfIncorporationLocalityName 1.3.6.1.4.1.311.60

Re: Cannot create custom OIDs: a2d_ASN1_OBJECT:first num too large

Patrick Patterson wrote: Hi Ken: On Thursday 30 November 2006 14:13, Ken Johanson wrote: With the following in my config file, and trying to create a new OID (the example below being some from the new EV-SSL draft): ..snip problem creating object 1.3.6.1.4.1.311.60.2.1.1