I would like to use OpenSSL to compute the DigestInfo structure to
pass to a TPM for a TPM side RSA_Decrypt() operation when the TPM
doesn't support the digest algorithm.
I see in crypt/rsa_sign.c the routine encode_pkcs1() seems to do what
I want. Is their
a public version of this or a better
Bonjour,
The prospective certification path excludes the Trust Anchor.
Therefore, the « max_path_length=0 » step is attained only when dealing with
your EvilCA cert.
Cordialement,
Erwann Abalea
> Le 8 oct. 2018 à 14:47, Peter Magnusson a
> écrit :
>
> That is not correct behaviour as far as
ot be distributed,
used or copied without authorisation.
If you have received this email in error, please notify the sender and
delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
--
On 08/10/18 16:43, Sean Glazier wrote:
> Hi,
>
> I have an issue with using a TLS client-server set up.
>
> on the client side I am using 32 open ssl library version 1.1 and the
> same set on the server side in VA smalltalk. Both are on windows.
>
> On the c side I set the
> On Oct 8, 2018, at 8:47 AM, Peter Magnusson
> wrote:
>
> RFC5280 Certification Path Validation algorithm process from root to
> leaf, i.e. (Root, EvilCA, EvilServer). 6.1.2 Initialization and 6.1.4
> Preparation for Certificate i+1 is expected to occur upon Root
> certificate, i.e. the
Hi,
I have an issue with using a TLS client-server set up.
on the client side I am using 32 open ssl library version 1.1 and the same
set on the server side in VA smalltalk. Both are on windows.
On the c side I set the SSL_CTX_new(TLS_client_method()) on the server I
restricted to TLS only as
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Short, Todd via openssl-users
> Sent: Monday, October 08, 2018 09:56
> Looks to be debug (d) and multi-thread (MT?) versions of the libraries; not
> sure what MD stands for.
It's Microsoft's naming convention for
See the error message about looking at the FAQ? Here it is:
https://www.openssl.org/docs/faq.html#USER1
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
aakash.ku...@orange.com
Sent: Sunday, October 07, 2018 22:51
To: openssl-users@openssl.org
Cc:
Tested mbedtls to see how other code bases handle thus.
mbedtls rejects the EvilCA certificate when connecting to openssl
s_server (as opposed to openssl c_client -verify that accepts the
connection).
Verify requested for (Depth 1):
cert. version : 3
serial number : 10:00
issuer name
Could that be LibreSSL? (Or some similar wrapper for OpenSSL?)
https://github.com/Ruzzz/LibreSSL
This above repo creates libraries in the named format below; to match how
Microsoft provides multiple versions of libraries.
Looks to be debug (d) and multi-thread (MT?) versions of the libraries;
sorry, typo on the verify line, this was what I should have written:
VERIFY(max_path_length>0) error upon preparing transition from i=2
(EvilCA) to i=2 (EvilServer).
On Mon, Oct 8, 2018 at 2:47 PM Peter Magnusson
wrote:
>
> That is not correct behaviour as far as I can understand.
>
> RFC5280
That is not correct behaviour as far as I can understand.
RFC5280 Certification Path Validation algorithm process from root to
leaf, i.e. (Root, EvilCA, EvilServer). 6.1.2 Initialization and 6.1.4
Preparation for Certificate i+1 is expected to occur upon Root
certificate, i.e. the following
It was my interpretation that 0 pathlen on the root self signed meant
infinite.
The pathlen only applies on the certs between root and the leaf (which
obviously can be 0, and CA true or not, but bad form to say true I'd
imagine.)
On Mon, Oct 8, 2018 at 1:57 AM Peter Magnusson <
One more logic confusion in the OpenSSL Path Length Constraint check.
Any Path Length Constraint set by Root (or any other Self-Issued
Certificate) is ignored.
Root cause appears to be !(x->ex_flags & EXFLAG_SI)=0 incorrectly
applied to the checker (i.e. the checker and the calculation logic
have
Hi,
I did not run this in the debugger, but one issue is that you are not
initializing `pub` before calling EC_POINT_mul : try adding
pub = EC_POINT_new(curve);
(and check for errors making sure pub is not null afterwards).
Hope this helps!
Best regards,
Nicola
On Mon, Oct 8, 2018, 00:31
15 matches
Mail list logo
