[openssl.org #3106] [PATCH] Fix build with OPENSSL_NO_NEXTPROTONEG.

Hello, attached patch fixes build with OPENSSL_NO_NEXTPROTONEG. While it cannot be enabled via ./config options, compiling OpenSSL with this define turned out to be extremely useful while adding ALPN support to 3rd-party software (i.e. to make sure that nothing in the added ALPN support relies on

OpenSSL and the APLN Patch

Hello OpenSSL, I'm wearing the hat of IETF HTTPbis Working Group Chair for the duration this message. We're currently developing HTTP/2.0: https://github.com/http2/http2-spec/ … and are starting to get initial implementations: https://github.com/http2/http2-spec/wiki/Implementations We

Re: OpenSSL and the APLN Patch

Hey Mark, ALPN support is already in the mainline: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f017a8f9db3a79f3a3406cf8d493ccd346db691 Best regards, Piotr Sikora __ OpenSSL Project

Re: OpenSSL and the APLN Patch

Well there you go then. Thanks! On 06/08/2013, at 10:53 AM, Piotr Sikora pi...@cloudflare.com wrote: Hey Mark, ALPN support is already in the mainline: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f017a8f9db3a79f3a3406cf8d493ccd346db691 Best regards, Piotr Sikora

[openssl.org #3106] [PATCH] Fix build with OPENSSL_NO_NEXTPROTONEG.

On Tue Aug 06 10:05:56 2013, pi...@cloudflare.com wrote: While it cannot be enabled via ./config options, Why not? The standard way to include such options is via config or Configure and some platforms (e.g. Windows) require this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer.

[openssl.org #3102] s_server does not reject invalid client certificates in OpenSSL 1.0.1 14 Mar 2012 with -verify or -Verify options

On Fri Aug 02 10:23:23 2013, j...@jimkeener.com wrote: With -verify and -Verify I believe that the server should reject the connection if the certificate isn't signed by a valid CA. Is there a way to emulate such behaviour, or is there a reason that this behaves in such a manner? The

Help needed with OpenSSL API (Using TLS to establish SSH-like key based trust model (fwd))

Hello, first let me apologise in advance since this list is probably inappropriate but I got no answer in openssl-users in more than one week, that list seems more user-tools oriented. I forward the whole email, but please have a look at least in the summary that prepends it. I appreciate

Re: [openssl.org #3102] s_server does not reject invalid client certificates in OpenSSL 1.0.1 14 Mar 2012 with -verify or -Verify options

Steve, Thank you! That worked. That option doesn't exist in the man page for s_server (1.0.1 2013-06-04) for me, so this may be a documentation bug then? Thanks again! Jim On 08/06/2013 10:46 AM, Stephen Henson via RT wrote: On Fri Aug 02 10:23:23 2013, j...@jimkeener.com wrote: With

Re: [openssl.org #3102] s_server does not reject invalid client certificates in OpenSSL 1.0.1 14 Mar 2012 with -verify or -Verify options

Steve, Thank you! That worked. That option doesn't exist in the man page for s_server (1.0.1 2013-06-04) for me, so this may be a documentation bug then? Thanks again! Jim On 08/06/2013 10:46 AM, Stephen Henson via RT wrote: On Fri Aug 02 10:23:23 2013, j...@jimkeener.com wrote: With

Re: [openssl.org #3106] [PATCH] Fix build with OPENSSL_NO_NEXTPROTONEG.

Hey Steve, While it cannot be enabled via ./config options, Why not? The standard way to include such options is via config or Configure and some platforms (e.g. Windows) require this. Actually, it turns out that I was wrong, so please ignore that part. For the reference: What I meant is

Re: [openssl.org #3106] [PATCH] Fix build with OPENSSL_NO_NEXTPROTONEG.

Hey Steve, While it cannot be enabled via ./config options, Why not? The standard way to include such options is via config or Configure and some platforms (e.g. Windows) require this. Actually, it turns out that I was wrong, so please ignore that part. For the reference: What I meant is