Alright, I got it.
After inserting the structs etc. in order to hop through the extension, I got
down to the ASN1_OBJECT representing the professionOID.
OBJ_obj2txt(buf,buflen,obj,1) gives the OID I was looking for (first approach
was to create an object with that OID and use obj_cmp, which als
Hi and thanks for your continued help!
Meanwhile I did indeed define the syntax of the extension and get my way
through to the leaf being an ASN1_OBJECT representing the professionOID. Now my
lack of knowledge strikes back:
I want to check, whether a professionOID of "1.2.276.0.76.4.88" is incl
Hello,
what I've been doing lately is repeatedly grep-ing my way through OpenSSL
source code in order to find examples and definitions of such functions. Very
helpful to my mind. :)
Mit freundlichen Grüßen / Kind regards
Natanael Mignon
> -Ursprüngliche Nachricht-
> Von: owner-openssl
Hello,
ok, what I did so far is get the extension by OID. At least I know by now,
whether the extension is present or not:
[...]
X509 *client_cert = X509_STORE_CTX_get_current_cert(ctx);
const char *admoid = "1.3.36.8.3.3";
ASN1_OBJECT *admobj = NULL;
X509_EXTENSION *admext = NULL;
int
Dear list,
another trial. ;)
We need to validate the existence and value of an X.509 extension in a client
certificate from within Apache/mod_ssl. The extension "Admission" is described
by ISIS-MTT and has OID 1.3.36.8.3.3:
AdmissionSyntax ::= SEQUENCE {
admissionAuthority GeneralName OPTI
> -Ursprüngliche Nachricht-
> Von: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] Im Auftrag von Dr. Stephen Henson
> Gesendet: Dienstag, 28. Juli 2009 23:43
> An: openssl-users@openssl.org
> Betreff: Re: OCSP_basic_verify:root ca not trusted
>
> On Tue, Jul 28
Hello Steve,
thanks for the quick and enlightening reply - I was wondering about the ocsp
signer cert being issued by a different CA as unusual, but the idea of global
responders was not familiar. We will check this with the provider/trustcenter.
Mit besten Grüßen
- Natanael Mignon
Blackberry
Dear list,
another problem with the OCSP-handling in Apache/mod_ssl:
[Tue Jul 28 14:27:12 2009] [error] SSL Library Error: error:27069070:OCSP
routines:OCSP_basic_verify:root ca not trusted
[Tue Jul 28 14:27:12 2009] [error] failed to verify the OCSP response!
Now, of course this could be just
Dear list,
another update - we got it.
[Fri Jul 10 10:28:39 2009] [error] [client 172.30.64.154] MWDE/nm: OCSP
response line unstripped: HTTP/1.1 200 OK
[Fri Jul 10 10:28:39 2009] [debug] ssl_util_ocsp.c(217): [client 172.30.64.154]
OCSP response header: Date: Fri, 10 Jul 2009 09:29:06 GMT
[Fri
Updated details. If we do compare the two requests (one failing because of "not
enough data", one working fine), there are obvious differences in receiving the
response.
Working fine:
[Tue Jul 07 14:32:24 2009] [debug] ssl_util_ocsp.c(104): [client 10.200.48.140]
sending request to OCSP respond
Hello and thanks so far,
it seems there could something wrong with the responder, indeed. With the
working responder the log looks like this (different headers, different
content-length, two content parts...):
[Tue Jul 07 13:57:39 2009] [debug] ssl_util_ocsp.c(104): [client 10.200.48.140]
send
Dear list,
regarding the same project as my last question, we are many steps further by
now.
Situation is as follows: Apache with mod_proxy and mod_ssl authenticates Client
by certificate including online OCSP request. OCSP uri is correct, response is
received, but then:
[Fri Jul 03 12:37:27
> -Ursprüngliche Nachricht-
> Von: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] Im Auftrag von Dr. Stephen Henson
> Gesendet: Freitag, 26. Juni 2009 16:26
> An: openssl-users@openssl.org
> Betreff: Re: How to get a string from an X509_NAME
>
> The standard wa
Dear list,
as this is a case of *using* OpenSSL libraries from Apache's mod_ssl, I hope
I'm on the right list. ;)
I am currently working on - dirty, please have mercy - customizations of
mod_ssl and especially OCSP-handling for a specific project (on basis of Apache
2.3 code). As I am neither
14 matches
Mail list logo