Re: OpenSSL FIPS Certification

Are you going to support not only 0.9.7 branch, but also 0.9.8 branch? +Kiyoshi Kiyoshi Watanabe - Original Message - From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: Sent: Monday, January 30, 2006 10:07 PM Subject: Re: OpenSSL FIPS Certification On Sun, Ja

secure code guidance

Hi Team, This might be dev topic, but let me ask. Is there any coding guidance for the core team and application developer? Is anybody doing the source code review like open bsd team does for their code? Thanks! With Best Regards, Kiyoshi Kiyoshi Watanabe

Re: Doubt regarding x509_verify_cert

The Bridge CA is a CA(hub) to bridge the two different CAs, so no need to have a Self-signed certificate for BridgeCA. If you are relying party in Root CA1 domain and if you want to create a certificate path, you will probably have: SelfCert1byRootCA1, CrossCertFromRootCA1toBridgeCA, CrossCert

installation problem on openssl 0.9.8a to solaris 10 x86 intel under virtual pc

  from randfile.c:64:/usr/include/sys/wait.h:86: error: parse error before "siginfo_t"*** Error code 1make: Fatal error: Command failed for target `randfile.o'Current working directory /home/kiyoshi/tmp/openssl-0.9.8a/crypto/rand*** Error code 1The following command caus

Re: Certificate fetching for bridge CA configuration

. -Kiyoshi Kiyoshi Watanabe > So, this is perhaps the most simple "bridge" PKI arrangement: > > +-+---++-+---+ > |T| |

Re: crlDistributionPoints with DirName value?

Hi, > crlDistributionPoints = DirName:/C=FI/O=SSH Communications Security Corp/CN=SSH Test > CA 2 No Liabilities How about crlDistributionPoints = @crl_dist [ crl_dist ] DirName = /C=FI/O=SSH Communications Security Corp/CN=SSH Test CA 2 No Liabilities -Kiyoshi Kiyoshi Wa

Re: retrive the private key from RSA KEON CA certificate

> Why don't you convert or issue the PKCS#11 in DER format. I believe PKCS#12, not PKCS#11 sorry for my typo. -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User

Re: retrive the private key from RSA KEON CA certificate

openssl will read the starndard PKCS12 binary file without having any problem and you can use FORMAT_PKCS12. -Kiyoshi Kiyoshi Watanabe > I have a CA certificate exported from RSA KEON, which is PEM encoded pkcs#12 > certificate (listed below.) > It seems encoded by base64 , I hav

Re: why -issuer option in OCSP client options must be PEM format?

Hello, As you can see, the default certificate format is PEM in openssl command. I do not know the excact reason, but I agree that the ocsp command had better to have format option if you are requesting so. -Kiyoshi Kiyoshi Watanabe > Hi,all, > > Could some one tell me kindly why th

Re: Queries on SubjAltName

nssl.cnf file as a comment? -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager

Re: ASK: any option for CERTID in OCSP using AKID of the cert tobe checked

use of authority key identifer to avoid the hash calculation at the client side. Or am i misunderstanding about the calculation over the two values? #The authority Key identifer has different methods to calculate, so #it is not good to rely on the authority key identifer value only. -Kiyoshi

Re: Help for openssl verify command and its strange error message

x in apps/verify.c, I would not get the error? or does it check in somewhere else? Sincerely, -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailin

Help for openssl verify command and its strange error message

6 13 02 4A 50 31 0D 30 0B 06 03 55 04 0A I think that the two values are the same to me. Please let me know why the verify command tells me the subject issuer mismatch and how I could correct this problem. I am attaching the 2 certificate for your reference. Sincerely, -Kiyoshi Kiyoshi

JP GPKI OCSP extension

multiple exntensions or multiple values in one (Bextension...) (B (BAnyway, if you like it, please drop me a line. (B (B-Kiyoshi (BKiyoshi Watanabe (BTokyo, Japan /* v3_gpki.c */ (B (B#include (B#include "cryptlib.h" (B#include (B#include (B#include (B#include (B

Re: How to set a CRLNumber extension in CRL

Dear Steve, Thank you for your comment. I understand the usage of this extension and fully agree with you. Best Regards, -Kiyoshi Kiyoshi Watanabe > On Thu, Oct 03, 2002, Kiyoshi WATANABE wrote: > > > > > Dear all, I want to know the way to implement to > > set

How to set a CRLNumber extension in CRL

ou give me some suggestion. Sincerely, -Kiyoshi Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated Li

Re: Checking certs against CRLs

been unable to locate any such function to use in the library. Any help > appreciated See in crypto/x509/x509_vfy.c around static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) funcions This can be found from 0.9.7 JUST Info... -kiyosh

Creating v1 certificate?

! Thanks in advance! Kiyoshi, Kiyoshi Watanabe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager

Netscape Extension

, Kiyoshi, Kiyoshi WATANANBE Hitachi, Ltd. ---openssl.cnf-- # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # # # For an object signing certificate this would be used