publickey.)
>
> hope I made it clear
> good luck!
>
>
> - Mail d'origine -
> De: Hafedh TRIMECHE
> À: openssl-users@openssl.org
> Envoyé: Fri, 13 Jun 2014 10:22:46 +0200 (CEST)
> Objet: Re: Re : Re: Re : Re: 2 Server certificates
>
> Hi Nicolas,
On 6/13/2014 3:15 AM, nicolas@free.fr wrote:
> the fact is a server can only send a single certificate, however this one can
> be signed by multiple CAs
I wish. Unfortunately, it's a single certificate, signed by a single
CA. Which itself can be signed by another single CA, and so on until
me websites)
hope I made it clear
good luck!
- Mail d'origine -
De: Hafedh TRIMECHE
À: openssl-users@openssl.org
Envoyé: Fri, 13 Jun 2014 10:22:46 +0200 (CEST)
Objet: Re: Re : Re: Re : Re: 2 Server certificates
Hi Nicolas,
pit-ca issued another certificate to a client w
ficates by itself (this happens the
first time you connect to a SSH server for which you have no certificate, or on
some websites)
hope I made it clear
good luck!
- Mail d'origine -
De: Hafedh TRIMECHE
À: openssl-users@openssl.org
Envoyé: Fri, 13 Jun 2014 10:22:46 +0200 (CES
--END CERTIFICATE-
Regards.
- Original Message -
From: nicolas@free.fr
To: openssl-users@openssl.org
Date: Fri, 13 Jun 2014 02:02:51 +0200 (CEST)
Subject: Re : Re: Re : Re: 2 Server certificates
> Hi,
>
> sorry for the first answer, I didn't read in details :-/
> looki
Hi Nicolas,
pit-ca issued another certificate to a client wanting to connect to the same
server identified by secure.payerspot.com.
I'm looking for a solution allowing two clients to connect to the same
server using certificates issued by different CAs.
In this case the client forces the server
Jun 2014 16:39:23 +0200 (CEST)
Objet: Re: Re : Re: 2 Server certificates
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the set
tions can't help because the certificates are stored in
blob not in files.
Regards
- Original Message -
From: nicolas@free.fr
To: openssl-users@openssl.org
Date: Thu, 12 Jun 2014 16:22:36 +0200 (CEST)
Subject: Re : Re: 2 Server certificates
> Hi
>
> it seems tha
4 9f 15 c3
k..?B:..L...4...
Start Time: 1402558752
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
- Original Message -
From: Saurabh Pandya
To: openssl-users
Date: Thu, 12 Jun 2014 12:05:09 +0530
Subject: Re: 2 Server certificate
Hi Nico,
As described in OpenSSL documentation the 2 functions are equivalent:
SSL_set_client_CA_list() sets the list of CAs sent to the client when
requesting a client certificate for the chosen ssl, overriding the setting
valid for ssl's SSL_CTX object.
SSL_CTX_add_client_CA() adds the CA name
+0200 (CEST)
Objet: Re: 2 Server certificates
I used this pascal procedure to handle other CAs
procedure TWEBStandaloneServer.InsertCA(CA,Root:UnicodeString);
var
x509 : pX509;
begin
{ The next four functions are only useful for TLS/SSL servers.
f_SSL_CTX_add_client_CA : function(
I used this pascal procedure to handle other CAs
procedure TWEBStandaloneServer.InsertCA(CA,Root:UnicodeString);
var
x509 : pX509;
begin
{ The next four functions are only useful for TLS/SSL servers.
f_SSL_CTX_add_client_CA : function(C: PSSL_CTX; CaCert:
PX509): Integer; cdecl
Yes,
The client certificate is excepted.
- Original Message -
From: Saurabh Pandya
To: openssl-users
Date: Thu, 12 Jun 2014 12:05:09 +0530
Subject: Re: 2 Server certificates
> To handle CA cert chain, you can use SSL_CTX_add_extra_chain_cert..
>
> are you expect certifi
To handle CA cert chain, you can use SSL_CTX_add_extra_chain_cert..
are you expect certificate form client ?
-
Saurabh
On Thu, Jun 12, 2014 at 7:09 AM, Hafedh TRIMECHE
wrote:
> Hi,
> I would implement an OpenSSL Server which can handle authentication
> initiated by 2 client certificates issue
14 matches
Mail list logo
