[openssl-users] [Question] What are the current secure Configure Parameter?

Hello. I am using OpenSSL from within the Qt Project / QtWebEngine. The Qt Wiki says, the following Parameters are minimum recommended: no-ssl2 no-ssl3 no-idea no-mdc2 no-rc5 Since 1.0.2g, SSL2 has been removed completely. So no-ssl2 is not needed anymore. My Questions are: 1.) Are there any

Re: [openssl-users] SSL_accept returning error

On Wed, Mar 9, 2016 at 9:21 PM, Matt Caswell wrote: > > The problem is caused by the client complaining that the server has sent > it an unexpected message. What is the client here? Is that OpenSSL too? Yes the client is OpenSSL too. > Are there any errors reported client side

Re: [openssl-users] Trouble compiling in version 0.9.8h

> On Jan 7, 2016, at 12:51 PM, Scott Neugroschl wrote: > > 0.9.8h…. REALLY The latest is 0.9.8zh. And on top of that 0.9.8 got > EOL’ed as of the beginning of the year. > Can you update to 1.0.1? (Latest is 1.0.1q). Latest is 1.0.1s from 01/Mar/2016 (you also missed

[openssl-users] Build OpenSSL-Release on Linux: "make tests" problems with certificates

My linux environment is linux-elf. I'm logged in as su. When I run "make tests" from the command line, at the tail end of the tests I get some errors about expired certificates: testing pkcs7 conversions p -> d p -> p d -> d p -> d d -> p p -> p testing pkcs7 conversions (2) p -> d p ->

[openssl-users] How to properly use ui_method in ENGINE_load_private_key()?

I am writing an app that needs to use RSA keys on a PKCS11-accessible token to encrypt and decrypt symmetric keys. For the context (no pun intended :) think of creating or mounting an existing encrypted file system. To begin with, and to grasp the finer details of the programmatic interface of

Re: [openssl-users] Trouble compiling in version 0.9.8h

0.9.8h…. REALLY The latest is 0.9.8zh. And on top of that 0.9.8 got EOL’ed as of the beginning of the year. Can you update to 1.0.1? (Latest is 1.0.1q). From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Luiz Laranjeira Sent: Sunday, December 27, 2015 7:02 AM To:

Re: [openssl-users] Something causing "Error 12"/Expired CRL during CRL processing

On Wed, Mar 09, 2016, o haya wrote: > > Question: What exactly is determines the ORDER in which the CRLs would be > selected? > > In other words, say there were two CRL files (the previous one and the > current one) but one hash (only .r0) pointing to the current CRL file. The > reason for

Re: [openssl-users] SSL_accept returning error

On 09/03/16 12:51, Sahib Jakhar wrote: > Hi, > > I am getting the following error while doing SSL_accept on the server > side. It comes once in many tries. The error seems to come only on > windows, Linux and other platforms seem to do well. > > The error is: > > .\ssl\s3_pkt.c:1146

Re: [openssl-users] smime -sign changes?

Sorry, my fault. The file to de signed couldn't be hashed correctly due to an error while applying a patch to the original sources. Please ignore the issue. -- Christian Weber Am 09.03.2016 um 15:13 schrieb we...@infotech.de: Dear openssl users, we're using openssl since quite a longer

Re: [openssl-users] Something causing "Error 12"/Expired CRL during CRL processing

Dr. Henson, It turns out that the app apparently makes copies of the old CRL files before downloading new ones, i.e., so there were multiple copies of CRL files for the same CA. They cleaned out the directory and left only one CA CRL and the ROOT CA CRL and then it worked. Question: What

[openssl-users] smime -sign changes?

Dear openssl users, we're using openssl since quite a longer time. For code signing we're still using separate p2s files. Hence, in our development environment, we integrated code signing by commandline (batch): openssl smime -sign -in %1 -out %1.p7s -outform der -signer

[openssl-users] OpenSSL cannot decrypt RC4-encrypted CMS object

Hi, I create a self-signed certificate, encrypt some data as a CMS message with "-rc4", and try to decrypt it. This fails with an error message (tested with OpenSSL 1.0.2): $ echo "abcdefg" >data.txt $ openssl req -x509 -newkey rsa:2048 -keyout key.pem -nodes -out cert.pem -days 100 -subj

[openssl-users] SSL_accept returning error

Hi, I am getting the following error while doing SSL_accept on the server side. It comes once in many tries. The error seems to come only on windows, Linux and other platforms seem to do well. The error is: .\ssl\s3_pkt.c:1146 error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected