RE: Query on OpenSSL for Certificate verification

2009-04-15 Thread Vijay Kothamasu (vikotham)
: Wednesday, April 15, 2009 2:40 AM To: Vijay Kothamasu (vikotham) Cc: openssl-users@openssl.org; Kamalakanta Palei (kpalei); Jagadish Mynampati (jmynampa); Uma Sankar Panda (upanda) Subject: Re: Query on OpenSSL for Certificate verification I'd be happy to, if you engage me as a contractor.

Re: Query on OpenSSL for Certificate verification

2009-04-15 Thread Dr. Stephen Henson
On Wed, Apr 15, 2009, Vijay Kothamasu (vikotham) wrote: > Hi Kyle, > > Thanks for your valuable inputs, find my response inline. > > > Then don't return from the original SSL_CTX_set_verify callback until you > either: > a) receive a valid OCSP response that says it's okay, > b) receive a val

RE: Query on OpenSSL for Certificate verification

2009-04-15 Thread Vijay Kothamasu (vikotham)
riginal Message- From: Kyle Hamilton [mailto:aerow...@gmail.com] Sent: Tuesday, April 14, 2009 7:57 AM To: Vijay Kothamasu (vikotham) Cc: openssl-users@openssl.org; Kamalakanta Palei (kpalei); Jagadish Mynampati (jmynampa); Uma Sankar Panda (upanda) Subject: Re: Query on OpenSSL for Certific

Re: Query on OpenSSL for Certificate verification

2009-04-14 Thread Victor Duchovni
On Mon, Apr 06, 2009 at 11:56:15PM -0700, Kyle Hamilton wrote: > Third, the > entire point of X.509 is to allow for clients to have all the > information they need to verify certificates in the absence of an > online authority. This said, it is now widely understood that this particular "entire p

Re: Query on OpenSSL for Certificate verification

2009-04-14 Thread Kyle Hamilton
. > > Regards > Vijay > > -Original Message- > From: Kyle Hamilton [mailto:aerow...@gmail.com] > Sent: Tuesday, April 14, 2009 7:57 AM > To: Vijay Kothamasu (vikotham) > Cc: openssl-users@openssl.org; Kamalakanta Palei (kpalei); Jagadish > Mynampati (jmynamp

RE: Query on OpenSSL for Certificate verification

2009-04-14 Thread Vijay Kothamasu (vikotham)
[mailto:aerow...@gmail.com] Sent: Tuesday, April 07, 2009 12:26 PM To: openssl-users@openssl.org Cc: Kamalakanta Palei (kpalei); kvi...@gmail.com; Vijay Kothamasu (vikotham) Subject: Re: Query on OpenSSL for Certificate verification This is a protocol called OCSP, with its "designated resp

Re: Query on OpenSSL for Certificate verification

2009-04-13 Thread Kyle Hamilton
12:26 PM > To: openssl-users@openssl.org > Cc: Kamalakanta Palei (kpalei); kvi...@gmail.com; Vijay Kothamasu (vikotham) > Subject: Re: Query on OpenSSL for Certificate verification > > This is a protocol called OCSP, with its "designated responder" mechanism. > > If you want

Re: Query on OpenSSL for Certificate verification

2009-04-06 Thread Kyle Hamilton
This is a protocol called OCSP, with its "designated responder" mechanism. If you want to implement it, call the OCSP functions with the DR address and the fields that OCSP needs during the SSL_CTX_set_verify() callback invocation; if you really need to, create two separate SSL_CTX contexts, one o

Query on OpenSSL for Certificate verification

2009-04-06 Thread Vijay Kothamasu (vikotham)
Hi, I am just wondering if there is a way to realize the following scenario with the help of OpenSSL libraries, here is the brief explanation in this regard. - I have a client and Server who need to setup a secure connection using TLS/SSL. But as part of handshak