Re: [openssl-users] Help with making a SHA >1 certificate

Both the validity and the hash in the certificate are decided by the "ca" command, which you didn't tell about wanting sha512 and 10 years. sha512 on req determines only the hash used by the requestor to prove he has the private key and sign the name etc. *suggested* to the ca. -days on req

[openssl-users] How to know maximum sendable fragment size?

I've been developing this NodeJS plugin, it implements HTTPS server and now client. I was having an issue with HTTPS request getting ECONNRESET for no apparent reason; so I implemented my own request, and ran into the same sort of issue. What I was requesting was some .js files from the server,

Re: [openssl-users] Potential memory leak in RSA_private_decrypt

➢ http://openssl.6102.n7.nabble.com/Memory-issues-with-ssl-handshake-td20851.html#a20854. ➢ Don't understand why this issue is not encountered by other users and why it has not been fixed for so many years. The first part answer the second. It is not encountered by others,

Re: [openssl-users] Potential memory leak in RSA_private_decrypt

The product can be build in threaded or non-threaded mode. The memory leak can be detected only in threaded mode. Hence I think I hit the same issue reported by Thomas in 2012. "One thing I noticed is that all goes well if I cause the code to run sequentially (e.g. cause requests to come one

[openssl-users] Cross-compile runtime issues

I am currently cross compiling for an embedded linux platform running mips64 hardware. It successfully compiles using linux-generic64. Also, openssl with the fips parameter successfully compiles. However, once I install it on the platform, I just get an encrypted string back from it no

Re: [openssl-users] Help with making a SHA >1 certificate

Charles, I am no expert either - sorry. However, the question about why is your signed certificate at least not getting to be over 1 year in "length?" What is the duration of the CA's certificate? -- Warron French On Mon, Nov 6, 2017 at 5:04 PM, Charles Mills

[openssl-users] Help with making a SHA >1 certificate

Please forgive my ignorance here. I'm really not a certificate expert. I'm a software developer trying to make certificates to use in a testing situation. I've got some scripts that I have been using for years. I've just upgraded to 1.10f (but there are no upgrade issues that I know of -

Re: [openssl-users] SSL_renegotiate for DTLS client

On 06/11/17 12:52, Viney Yadav wrote: > Going through the documentation of SSL_renegotiate > , it > says "For historical reasons, DTLS clients will not attempt to resume > the session in the new handshake". The paragraph is about

[openssl-users] SSL_renegotiate for DTLS client

Going through the documentation of SSL_renegotiate , it says "For historical reasons, DTLS clients will not attempt to resume the session in the new handshake". The paragraph is about how OpenSSL client would handle a renegotiation