Re: expired ssl certificate

2012-04-13 Thread Erwin Himawan
). Hence, server cert renew or reky is transparent to client. Erwin -- From: "Dinh, Thao V CIV NSWCDD, K72" Sent: Thursday, April 12, 2012 7:56 AM To: Subject: RE: expired ssl certificate Thank You very, very much for all for help. I hav

Re: expired ssl certificate

2012-04-12 Thread Dr. Stephen Henson
On Thu, Apr 12, 2012, Dinh, Thao V CIV NSWCDD, K72 wrote: > Thank You very, very much for all for help. I have a couple more questions: > > 1) what is max time you can have on expiration ?? > Technically the 31st December but you have to consider the security strength of the key used and h

RE: expired ssl certificate

2012-04-12 Thread Dinh, Thao V CIV NSWCDD, K72
-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erwin Himawan Sent: Wednesday, April 11, 2012 2:57 PM To: openssl-users@openssl.org Subject: Re: expired ssl certificate Reading Nou's proposal, I have the impression that the

Re: expired ssl certificate

2012-04-12 Thread Dr. Stephen Henson
On Thu, Apr 12, 2012, Ashok C wrote: > Hi, > > I had almost the same requirement and eventually achieved it by patching my > openssl package's x509_verify code to do the check_cert_time() method > optionally depending on some conditions. Ideally I feel openSSL should > provide a validation flag l

Re: expired ssl certificate

2012-04-11 Thread Ashok C
changing anything. If it's not ok and you look at the >> cert and it's expired but you don't care, return 1 and it will be accepted. >> Look at the examples in the pdf for some examples. >> As I said earlier, standard warnings apply - you're overruling standard >> sec

Re: expired ssl certificate

2012-04-11 Thread Erwin Himawan
> --- > Nou Dadoun > ndad...@teradici.com > 604-628-1215 > > > -Original Message- > From: owner-openssl-us...@openssl.org [mailto: > owner-openssl-us...@openssl.org] On Behalf Of Dinh, Thao V CIV NSWCDD, K72 > Sent: April 11, 2012 4:19 AM > To: opens

RE: expired ssl certificate

2012-04-11 Thread Nou Dadoun
expired cert being accept ?? 3. what is the different between standard verify operation and the verify callback ??? Thank You Thao Dinh -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nou Dadoun Sent: Tuesday, April 10, 2012

RE: expired ssl certificate

2012-04-11 Thread Dinh, Thao V CIV NSWCDD, K72
Thank You Thao Dinh -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Nou Dadoun Sent: Tuesday, April 10, 2012 3:15 PM To: openssl-users@openssl.org Subject: RE: expired ssl certificate You can use a verification callback to l

RE: expired ssl certificate

2012-04-10 Thread Nou Dadoun
You can use a verification callback to look at the certificate after the standard verify operation has been performed to decide whether or not to allow the certificate anyway. Look at the O'Reilly book (http://doc.hackbbs.org/Reseaux/O_Reilly_-_Network_Security_with_OpenSSL.pdf ) page 132 or so