Is there any plan to support OCSP verification over LDAP (or LDAP/s)?
OT: BTW, could anyone recommend an LDAP client library (C or C++) that works
on Windows? Preferably open source.
thanks
coco
_
Express yourself instantly with
Wow, Steve, I must say, you are a god-send!
I was still digging in the registry and the msdn site last night for a
clue...
Had I input the right keyword (TimeStampURL) in google, that would've solved
my problem. But I was looking at the wrong place (msdn, which is a pretty
useless site), also
Thanks for replying.
From: Dr. Stephen Henson [EMAIL PROTECTED]
I looked at this some time ago so this may not be up to date...
There wasn't anything special about an authenticode certificate provided
you
didn't set the extensions to specifically exclude the usages. So a
vanilla
CA and EE
Just found a link which may help:
http://www.thawte.com/support/code/msauth.html#timestamp
Thanks a lot. Sorry to sound like a dumbass, but how do I put that
information into the certificate when I signed it? :) I mean, how do I
specify the URL of the tsa, which extension to use ?
If
Hmmm, I don't have access to the relevant tools for that. Do you have a
sample
signed macro or certificate that includes this information?
hehe, I don't, that's why I can't figure out what to put in there. I tried
different extensions, looked up all the stuff I can use in x509v3, to no
Hi,
Sorry if this is a bit OT, can someone explain what is the difference
between
an MS Authenticode certificate, a normal certificate, and a certificate
for signing Netscape object?
What are the bits and bytes that are different? I can't find info
detailed enough to give a satisfactory
Did you got any break through.
Sorry, didn't read this list for a while. Actually, the code I put up in my
question
was correct. The problem was with a Base64 lib that I linked with in C++.
The implementation of the library has a small bug, which does not handle
the '+' char properly.
To rule out any problems with your OpenSSL code I'd suggest you check the
signatures using the dgst command and if there are problems analyze them
using
rsautl.
Thanks for the reply. I got it, by examining basically every function that
touches
my data. So, in the end, it was the base64
Thanks all for replying. More heated debates I guess.
How can there be a heated debated when there is not yet one argument
advanced in favor of the double certificate scheme?
I got what you meant, sorry for not being clear. I meant there will be more
heated debate between us (the
Like everyone else, I say this consultant doesn't know what he's
talking about (I'm tempted to ask you to tell me who it is, so I can
avoid him/her). Can I suggest a different line of attack, though?
It's obvious that confronting the consultant by calling bull doesn't
win you any points, so how
I am also facing the similar problem. I am generating signature
using OpenSSL and passing in to JAVA to verify (running JAVA test
suite). Signature format is in DER encoded PKCS#7 format.
But JAVA is not able to parse the SignedData content in the
PKCS#7 format. It is giving
Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
Hehe, I was
Like the commentator, I'm also a little guy. In my case, I'm a retired guy
who got his intro to this stuff from Entrust. I got convinced that their
two (or more) -certificate solution was right, based upon the following:
If you are an employee in an organization, it is valid for the
I thought the problem was that you were using the same keypair
for encryption and signing. So that there really is only one key.
I know, the key escrow was designed when the requirements were
only for encryption only. Digital signature requirement was added when
the consultant got on board.
Then perhaps your company should hire a security expert to design the
security. Defects in portability or performance are low-risk and easily
detected, and the cost scales with the time until a patch is deployed.
Security vulnerabilities are much more tricky and expensive to detect and
the
I'm trying to get a client application written in C++ using OpenSSL to
verify a signature sent by a
server (in Java) and vice versa. Not sure I specified it correctly, but the
signatures generated on
both sides, from the same input data, are not the same, and therefore, can't
be verify. And
Sorry if this is a dumb question, I'm not sure why EVP_SignInit_ext() is
giving me unhandled exception error. My code is a very simple testing code:
char * clearText = testing openssl;
char cryptText[MAX_LEN];
char buf[MAX_LEN];
unsigned char ubuf[MAX_LEN];
try a EVP_MD_CTX_init() before using the EVP_MD_CTX objects
Thanks, not very familiar with openssl at all, this is the first time trying
to get
something quickly done with openssl.
Is there any developer guide, like giving better description of the API
provided by openssl, beside the
Thanks all for replying. More heated debates I guess.
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
19 matches
Mail list logo
