: Wednesday, April 15, 2009 2:40 AM
To: Vijay Kothamasu (vikotham)
Cc: openssl-users@openssl.org; Kamalakanta Palei (kpalei); Jagadish Mynampati
(jmynampa); Uma Sankar Panda (upanda)
Subject: Re: Query on OpenSSL for Certificate verification
I'd be happy to, if you engage me as a contractor.
On Wed, Apr 15, 2009, Vijay Kothamasu (vikotham) wrote:
> Hi Kyle,
>
> Thanks for your valuable inputs, find my response inline.
>
>
> Then don't return from the original SSL_CTX_set_verify callback until you
> either:
> a) receive a valid OCSP response that says it's okay,
> b) receive a val
riginal Message-
From: Kyle Hamilton [mailto:aerow...@gmail.com]
Sent: Tuesday, April 14, 2009 7:57 AM
To: Vijay Kothamasu (vikotham)
Cc: openssl-users@openssl.org; Kamalakanta Palei (kpalei); Jagadish Mynampati
(jmynampa); Uma Sankar Panda (upanda)
Subject: Re: Query on OpenSSL for Certific
On Mon, Apr 06, 2009 at 11:56:15PM -0700, Kyle Hamilton wrote:
> Third, the
> entire point of X.509 is to allow for clients to have all the
> information they need to verify certificates in the absence of an
> online authority.
This said, it is now widely understood that this particular "entire p
.
>
> Regards
> Vijay
>
> -Original Message-
> From: Kyle Hamilton [mailto:aerow...@gmail.com]
> Sent: Tuesday, April 14, 2009 7:57 AM
> To: Vijay Kothamasu (vikotham)
> Cc: openssl-users@openssl.org; Kamalakanta Palei (kpalei); Jagadish
> Mynampati (jmynamp
[mailto:aerow...@gmail.com]
Sent: Tuesday, April 07, 2009 12:26 PM
To: openssl-users@openssl.org
Cc: Kamalakanta Palei (kpalei); kvi...@gmail.com; Vijay Kothamasu (vikotham)
Subject: Re: Query on OpenSSL for Certificate verification
This is a protocol called OCSP, with its "designated resp
12:26 PM
> To: openssl-users@openssl.org
> Cc: Kamalakanta Palei (kpalei); kvi...@gmail.com; Vijay Kothamasu (vikotham)
> Subject: Re: Query on OpenSSL for Certificate verification
>
> This is a protocol called OCSP, with its "designated responder" mechanism.
>
> If you want
This is a protocol called OCSP, with its "designated responder" mechanism.
If you want to implement it, call the OCSP functions with the DR
address and the fields that OCSP needs during the SSL_CTX_set_verify()
callback invocation; if you really need to, create two separate
SSL_CTX contexts, one o
Hi,
I am just wondering if there is a way to realize the following scenario
with the help of OpenSSL libraries, here is the brief explanation in
this regard.
-
I have a client and Server who need to setup a secure connection using
TLS/SSL. But as part of handshak