Hi!
What return code(s) from OCSP_basic_verify() signals that the
verification process went ok, regardless of any flags set ?
Best Regards
Steffen Fiksdal
__
OpenSSL Project http
Hi,
I have been trying to figure out what the flags are for this function and
have come up with the following, can someone verify?
int OCSP_basic_verify(OCSP_BASICRESP *bs, // the OCSP response
STACK_OF(X509) *certs, // intermediate signing certs
Hi,
I am getting the following error in calling OCSP_basic_verify():
error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus
Could somebody advice what is going wrong?
Regards,
-wenwu
__
OpenSSL Project
On Tue, Oct 25, 2005, Steffen Fiksdal wrote:
> Hi!
>
> What return code(s) from OCSP_basic_verify() signals that the
> verification process went ok, regardless of any flags set ?
>
Anything >0 though at present it will only return 1 for success.
Steve.
--
Dr Stephen N. Hen
On Tue, Oct 25, 2005, Steffen Fiksdal wrote:
Hi!
What return code(s) from OCSP_basic_verify() signals that the
verification process went ok, regardless of any flags set ?
Anything >0 though at present it will only return 1 for success.
I see in the function that if ocsp_check_iss
0x400
#define OCSP_NOTIME 0x800
What are they?
Tat.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr S N Henson
> Sent: 11 December 2001 18:21
> To: [EMAIL PROTECTED]
> Subject: Re: OCSP_basic_ver
to the flag it sets.
Most of the time you wont need any of the flags. However for the
OCSP_basic_verify operation here's a summary...
OCSP_NOINTERN don't look internally in the OCSP response for the
signer's certificate only look in the certs STACK. Same as -no_intern i
: [EMAIL PROTECTED]
Subject: Re: OCSP_basic_verify
Tat Sing Kong wrote:
>
> (sobbing) I have been looking for the documentation, but there is none.
All
> I can see i the definition of
> some flags:
>
> #define OCSP_NOCERTS0x1
> #define OCSP_NOINTERN
Hello,
I am facing a problem with the OCSP_basic_verify call.
I have a client certificate which is having the signature algorithm as
sha1RSA.
I have made sure that i call SSL_library_init with initialization of the
EVP_sha1 digest.
But i still see the error while processing the OCSP response
Hello,
> I am getting the following error in calling OCSP_basic_verify():
>
> error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus
>
> Could somebody advice what is going wrong?
In RSA you can encrypt/decrypt only as much data as RSA key size
(size of RSA
Hi,
I am implementing the OCSP for my application. Have a doubt on the
'certs' argument for the API "OCSP_basic_verify":
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
Here the second
t.crt -text
After that I try to verify 01.crt via OCSP and I get the above error.
If I would use the root CA as the OCSP responder's cert all is ok: OCSP_basic_verify not failed and I get OCSP status
"GOOD".
I see docs on openssl.org: ocsp(1) section OCSP "Response verifica
I made an error. I didn't actually add OCSPSigning extended key usage to the
OCSP responder cert.
My attempt(which I found at the mailing list archive) was bad:
openssl x509 -in 03.crt -inform PEM -addtrust OCSPSigning -out
ocsp_resp_cert.pem
"-addtrust" is another command for another purpose
Hi,
I have a question about the behavior of OCSP_basic_verify() and the
meaning of the OCSP_NOEXPLICIT flag. The OCSP_basic_verify() function is
the only place where this flag has an effect in the whole OpenSSL
source, and in the "openssl ocsp" application it can be se
ion. What exactly is checked by the
X509_check_trust() call above with respect to the relevant RFCs?
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for "openssl ocsp", should I file a documentation
defect in RT for that?
If I understand the co
On Wed, Feb 18, 2015, Stephan M?hlstrasser wrote:
>
> What is the meaning of setting the OCSP_NOEXPLICIT flag resp. using
> the "-no_explicit" command line option. What exactly is checked by
> the X509_check_trust() call above with respect to the relevant RFCs?
>
If the responder root CA is set
> As there is no documentation and as noone seems to know the meaning of
> the -no_explicit for "openssl ocsp", should I file a documentation defect in
> RT
> for that?
yes, please.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
> > As there is no documentation and as noone seems to know the meaning of
> > the -no_explicit for "openssl ocsp", should I file a documentation
> > defect in RT for that?
>
> yes, please.
Never mind, Stephen already fixed the doc in master :)
___
ope
Am 24.02.15 um 14:47 schrieb Dr. Stephen Henson:
If the responder root CA is set to be trusted for OCSP signing then it can be
used to sign OCSP responses for any certificate (aka a global responder). This
comes under:
1. Matches a local configuration of OCSP signing authority for the
c
On Tue, Feb 24, 2015, Stephan M?hlstrasser wrote:
>
> Do I understand it correctly then that "a local configuration of
> OCSP signing authority" here means that it is a deliberate choice
> inside OpenSSL itself to look for the OCSPSigning flag in the
> extended key usage of the root CA, although
Am 24.02.2015 um 16:19 schrieb Salz, Rich:
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for "openssl ocsp", should I file a documentation
defect in RT for that?
yes, please.
Never mind, Stephen already fixed the doc in master :)
Sorry, I sent alrea
On Wed, Jun 06, 2012, Vladimir Belov wrote:
> Hello.
>
> OCSP_basic_verify failed(returns -1) although "openssl ocsp -respin
> ..." show "Response verify OK" with the same OCSP response and root
> CAs.
>
> I attached to this email the ZIP and TAR a
: OCSP_basic_verify FAILED(returns -1) (all details in email)
On Wed, Jun 06, 2012, Vladimir Belov wrote:
Hello.
OCSP_basic_verify failed(returns -1) although "openssl ocsp -respin
..." show "Response verify OK" with the same OCSP response and root
CAs.
I attached to this email the ZIP a
23 matches
Mail list logo
