get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
Is there a clear point in time after which the OpenSSL 1.1.0 API is
expected to be fully frozen for the release (well, other than the final
public release showing up)?
(*) https://www.openssl.org/p
nd
SSL_SESSION_print(). In addition to that, it seems to be changing
DTL1_BAD_VER value for SSL_SESSION_print().
It should also be noted that the new implementation does not match the
man page for SSL_get_version():
https://www.openssl.org/docs/manmaster/ssl/SSL_get_version.htm
that can currently be
added:
00 05 00 05 01 00 00 00 00
Parsing ServerHello:
Accept status_request_v2 extension
Parsing CertificateStatus:
Accept certificate status type ocsp_multi(2)
--
Jouni MalinenPGP id EFC895FA
--
openssl-dev mailing list
ory leaks, those were not caused by the OpenSSL
library itself. As such, I've already added the #ifdef based on OpenSSL
version. This has the additional benefit of marking up code for cleanup
once OpenSSL 1.0.2 support terminates in the future.
--
Jouni Malinen
On Mon, Feb 15, 2016 at 09:34:33PM +, Matt Caswell wrote:
> On 15/02/16 21:25, Jouni Malinen wrote:
> > Is this change in OpenSSL behavior expected? Is it not allowed to call
> > EVP_cleanup() and then re-initialize OpenSSL digests with
> > SSL_library_init()?
>
>
On Mon, Feb 15, 2016 at 10:52:27PM +0200, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote:
> >OpenSSL version 1.1.0 pre release 3 (alpha)
> It looks like something in pre release 3 has changed behavior in a way
> that results in SSL_CTX_ne
or is there supposed to be some
changes needed in applications using OpenSSL to work with this auto
init/de-init libssl change?
--
Jouni MalinenPGP id EFC895FA
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
ify -trusted ca-incorrect.pem -purpose sslclient user.pem
$OPENSSL verify -trusted ca.pem -purpose sslserver server-eku-client.pem
$OPENSSL verify -trusted ca.pem -purpose sslserver server-expired.pem
--
Jouni MalinenPGP id EFC895FA
_
1E48C1FF: ???
==627==by 0xFFF00038F: ???
==627==by 0xFFF00038F: ???
==627==by 0x1: ???
==627==by 0x654653F: ???
==627== Address 0x1003029407 is not stack'd, malloc'd or (recently) free'd
--
Jouni MalinenPGP id EFC895FA
__
Thanks! I confirmed that both the patch on top of pre-rel 2 (+ CRL fix)
and the current master branch snapshot fixed all the test cases that I
saw failing previously.
--
Jouni MalinenPGP id EFC895FA
___
openssl
; Date: Thu Jan 14 12:23:35 2016 -0500
>
> Always initialize X509_STORE_CTX get_crl pointer
Thanks! This applied on top of pre-rel 2 does indeed resolve the CRL
issue I saw.
--
Jouni MalinenPGP id EFC895FA
_
error 19 (self signed certificate in
certificate chain) depth 1 for '/C=FI/O=w1.fi/CN=Root CA'
So this has to be something with how the chain verification code gets
configured.. I'll see if I can find the commit that changed the behavior
to make it a bit more easier to figure out what exactly may have
ble to pass all my EAP regression tests.
--
Jouni MalinenPGP id EFC895FA
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Fri, Jul 31, 2015 at 08:36:46PM +0100, Matt Caswell wrote:
https://github.com/openssl/openssl/commit/e1e088ec7f2f33c4c4ad31312d62c536441d4358
Thanks! With this, all my EAP test cases are now passing with the
OpenSSL master branch snapshot.
--
Jouni Malinen
On Thu, Jul 30, 2015 at 11:00:45AM +0100, Matt Caswell wrote:
On 28/07/15 15:09, Jouni Malinen wrote:
The remaining issue for EAP-FAST server is in the
SSL_set_session_secret_cb() callback not having access to the correct
server_random through SSL_get_server_random().
Is this still
it seems to work now).
--
Jouni MalinenPGP id EFC895FA
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
from
OpenSSL without having to implement the PRF for this externally (and
without exporting the master key for that matter).
--
Jouni MalinenPGP id EFC895FA
___
openssl-dev mailing list
To unsubscribe: https
OpenSSL releases, so I should at least notice regressions in the
relevant areas pretty quickly. In theory, I could also do this on
snapshot builds (or repository snapshots in general).
--
Jouni MalinenPGP id EFC895FA
,
server_random + client_random, 48)).
--
Jouni MalinenPGP id EFC895FA
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Tue, Dec 15, 2009 at 10:18 AM, Tomas Mraz via RT r...@openssl.org wrote:
If you call just SSL_library_init() and PKCS12_PBE_add some pkcs12 files
will not be loadable and moreover the openssl will crash due to missing
checks for ciphers not found. I've reported the crash in a separate
in the latest wpa_supplicant release
(openssl-0.9.8i-tls-extensions.patch applies to OpenSSL 0.9.8k).
--
Jouni MalinenPGP id EFC895FA
__
OpenSSL Project
Here's a backport version of the session ticket override patch against
OpenSSL 0.9.8i. This provides the same API that was committed into 0.9.9
tree and it can be used with the current development snapshot of
wpa_supplicant/hostapd 0.6.x for EAP-FAST.
--
Jouni Malinen
to be working fine and will
make it much easier for distributions to include EAP-FAST support in the
future.
--
Jouni MalinenPGP id EFC895FA
__
OpenSSL Project
to be working fine and will
make it much easier for distributions to include EAP-FAST support in the
future.
--
Jouni MalinenPGP id EFC895FA
__
OpenSSL Project
is also inconsistent with the rest of OpenSSL.
The attached version should clean up indentation to match with rest of
the code.
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS SessionTicket extension (RFC 5077) for
the parts used by EAP-FAST
is also inconsistent with the rest of OpenSSL.
The attached version should clean up indentation to match with rest of
the code.
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS SessionTicket extension (RFC 5077) for
the parts used by EAP-FAST
/wpa_supplicant, but I haven't committed the matching changes yet
into my repository since I did not want to change the API use there
before the modified version gets into the OpenSSL repository.
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS
/wpa_supplicant, but I haven't committed the matching changes yet
into my repository since I did not want to change the API use there
before the modified version gets into the OpenSSL repository.
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS
the initial patch that was done
before the session ticket support was added to OpenSSL. In practice,
SSL_set_hello_extension() is only used to replace the SessionTicket
extension (ext_type=35) and any mechanism that allows this to be done
would be fine.
--
Jouni Malinen
the initial patch that was done
before the session ticket support was added to OpenSSL. In practice,
SSL_set_hello_extension() is only used to replace the SessionTicket
extension (ext_type=35) and any mechanism that allows this to be done
would be fine.
--
Jouni Malinen
patch update must be removed from the patch. This
version was tested with openssl-SNAP-20080928.tar.gz.
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS SessionTicket extension (RFC 5077) for
the parts used by EAP-FAST (RFC 4851
to
OpenSSL development as someone outside the core development team would
also be appreciated if no one in the core team is interested in looking
into this or providing comments.
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS
and would welcome any recommendations
on how to handle this issue for EAP-FAST (RFC 4851).
--
Jouni MalinenPGP id EFC895FA
__
OpenSSL Project http
would be very helpful.
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS SessionTicket extension (RFC 5077) for
the parts used by EAP-FAST (RFC 4851).
This is based on the patch from Alexey Kobozev [EMAIL PROTECTED]
(sent to openssl-dev
with EAP-FAST?
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS SessionTicket extension (RFC 4507) for
the parts used by EAP-FAST (RFC 4851).
This is based on the patch from Alexey Kobozev [EMAIL PROTECTED]
(sent to openssl-dev mailing
with EAP-FAST?
--
Jouni MalinenPGP id EFC895FA
This patch adds support for TLS SessionTicket extension (RFC 4507) for
the parts used by EAP-FAST (RFC 4851).
This is based on the patch from Alexey Kobozev [EMAIL PROTECTED]
(sent to openssl-dev mailing
+SSL_set_hello_extension_cb 302 EXIST::FUNCTION:TLSEXT
+SSL_set_session_secret_cb 303 EXIST::FUNCTION:TLSEXT
--
Jouni MalinenPGP id EFC895FA
__
OpenSSL Project
be a
combination of adding the PAC-Opaque extension (a.k.a. SessionTicket TLS
extension) and taking care of a callback for fetching pre-shared secret
for session resumption.
--
Jouni MalinenPGP id EFC895FA
. Has anyone taken a look at that and are
there plans on adding support for it in 0.9.9-dev? The patch mentioned
above includes at least the parts of this that are needed for peer side
implementation of EAP-FAST. tls-ticket draft may include somewhat more
generic mechanism, though.
--
Jouni Malinen
. If you are
outside US, it looks like the only missing part would be in adding
string [PATCH] to the subject line when sending the patch to this
mailing list.
--
Jouni MalinenPGP id EFC895FA
diff -uprN openssl-0.9.8.orig/include/openssl/ssl.h
openssl
mentioned above. This is against OpenSSL 0.9.8 beta 6.
--
Jouni MalinenPGP id EFC895FA
diff -uprN openssl-0.9.8-beta6.orig/include/openssl/ssl.h
openssl-0.9.8-beta6/include/openssl/ssl.h
--- openssl-0.9.8-beta6.orig/include/openssl/ssl.h 2005-06-10
12
41 matches
Mail list logo