I am on my way to learn more about OpenSSL. My current task is to create
a script, similar to CA.pl, to ease cert handling.
Ideally I would want to have one config file, holding different values
for a CA cert, a server cert and a client cert separated by sections.
This would require to have (at l
* Dr. Stephen Henson <[EMAIL PROTECTED]> [041116 00:45]:
> On Mon, Nov 15, 2004, Patrick Ben Koetter wrote:
>
> > I am on my way to learn more about OpenSSL. My current task is to create
> > a script, similar to CA.pl, to ease cert handling.
> >
> > Ideally
I am looking for a way to override settings in the default config file
for openssl when I call openssl on command line.
Ideally, in a script, I would switch this for a mail client cert:
nsCertType = client, email
and that for a mail server client:
nsCertType = server, email
without using a di
* Dr. Stephen Henson <[EMAIL PROTECTED]> [041122 00:48]:
> Firstly you should note that nsCertType is largely obsolete now, the
> standard way to do things is with the extended key usage extension
> instead.
Can you recommend a good source to learn more about what must, should,
may be in certs? I
* Dr. Stephen Henson <[EMAIL PROTECTED]>:
> Yes that's basically it. While it is also possible to restrict CA purposes
> not all software supports and it is non standard.
Could you recommend a good book on openssl?
I really want to learn more about it, but I find it hard to find some good
docs.
T
* Christian Kreibich <[EMAIL PROTECTED]>:
> > Could you recommend a good book on openssl?
>
> The O'Reilly book by Viega, Messier and Chandra is useful -- they show
> you one way to OpenSSL-enable an existing application, plus other parts
> of the API. It also shows you how to do nonblocking I/O w