Accidentally sent privately, copying to list for anyone else interested
From: Dave Thompson [mailto:dthomp...@prinpay.com]
Sent: Friday, 02 December, 2011 17:47
To: 'Ashok C'
Subject: RE: Usage of CAPath/CAFile options in int
SSL_CTX_load_verify_locations Reg.
From: Ashok C
Hi Dave,
But even with that done/fixed in my test environment I DO get
verify error 24 invalid CA cert depth 1 (my only intermediate).
Is that what you're getting? If so, it looks like maybe the
'purpose' checks have been made stricter since the last time
I did this in test, where I have
From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
Sent: Wednesday, 30 November, 2011 00:51
Some more followup questions here:
In case of a server application, it is expected to send
the intermediate certificates to the client. And in this case,
Hi Dave,
Keeping the things you have mentioned in mind, this is how it goes.
In server side, EE key is loaded using
SSL_CTX_use_RSAPrivateKey_file(ctx,eekeyfile,SSL_FILETYPE_PEM);
EE certificate is loaded using SSL_CTX_use_certificate_file(ctx,
eepemfile,SSL_FILETYPE_PEM);
And the intermediate
Hi Dave,
Thanks for the reply.
Some more followup questions here:
In case of a server application, it is expected to send
the intermediate certificates to the client. And in this case,
is this API -- SSL_CTX_load_verify_locations(
) sufficient to be used?
Or is there a separate API to send
From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
Sent: Monday, 28 November, 2011 00:35
One more question here:
In case of a server application, it is expected to send
the intermediate certificates to the client. And in this case,
is this API --
to the client?
P.S. My previous query also is unanswered. It would be great if I get some
responses to that also ;)
Regds,
Ashok
-- Forwarded message --
From: Ashok C ash@gmail.com
Date: Wed, Nov 23, 2011 at 12:55 PM
Subject: Usage of CAPath/CAFile options in int
Hi,
We are implementing multi-layer support for our openssl-based PKI solution
and had the following query:
Currently our PKI solution supports only single layer CA support and we use
SSL_CTX_load_verify_locations API with the CAFile option, meaning that the
service loads the CA certificate from