Re: [openssl-users] self-signed certificate won't work in my app but works with s_client

"error 18:self signed certificate" is the expected result if you are validating a self-signed cert. In certificate verification, the code needs to check for X509_V_OK, X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. X509_V_OK is a normal cert verification

Re: [openssl-users] How to encode text request of 'req -text -noout''s output?

The file ca.csr is already readable by an application. It is a PEM-encoded ASN.1 formatted file. You can use the openssl library calls to decode the CSR and extract individual fields. The printed output of the -text option is generated by X509_REQ_print_ex() (which you can find in openssl/crypto

[openssl-users] Help with OpenSSL running on OSX

One of Imapfilter's users is having problems verifying certificates. They are running Imapfilter on OSX, which I don't have access to. In addition, I understand that OSX runs a custom version of OpenSSL, which has changes to the way certificates are verified. Could someone help me debug the issu

Re: How to determine when data is finished on an SSL socket

> but from what I know, not all HTTP responses have "Content-Length" field. > responses with "chunked" payload are one of them. what can I do then? > > Thank you. > > > > > On Saturday, January 11, 2014 1:23 PM, Matthew Donald < > matthew.b.don...

Re: How to determine when data is finished on an SSL socket

Sockets (SSL or otherwise) are layer-3 objects while content is a layer-7 object. To get an accurate end-of-content marker, you'll need to parse the output, buts since you are using the https protocol, that's going to be easy. Essentially, parse out the "Content-Length" header and read that many

Re: KDF algorithms

Ansi X9.63 is pretty trivial to implement using the OpenSSL libraries - less than a days work. The algorithm is defined in SEC1 §3.6.1. >From memory, the main logic was only around 50LOC, with another 50-100LOC wrapping various library calls. There's not m