On 26/11/2018 20:04, Viktor Dukhovni wrote:
On Nov 26, 2018, at 11:33 AM, Jakob Bohm via openssl-users
wrote:
In TLS 1.2 and older it was an extension "Trusted CA Indication" (3),
defined in RFC6066 Chapter 6.
So I would suggest that any OpenSSL API to control that feature in
TLS 1.3 also
> On Nov 26, 2018, at 11:33 AM, Jakob Bohm via openssl-users
> wrote:
>
> In TLS 1.2 and older it was an extension "Trusted CA Indication" (3),
> defined in RFC6066 Chapter 6.
>
> So I would suggest that any OpenSSL API to control that feature in
> TLS 1.3 also affects the matching TLS < 1.3
> On Nov 26, 2018, at 1:08 PM, Ken wrote:
>
> Is it "better" to use
>
> X509_STORE_CTX_set_default(csc, "ssl_server");
This does take care of all the niggly details, but see below...
> or something more like
>
> purpose = X509_PURPOSE_SSL_SERVER;
> verify_param =
Hi Viktor,
Is it "better" to use
X509_STORE_CTX_set_default(csc, "ssl_server");
or something more like
purpose = X509_PURPOSE_SSL_SERVER;
verify_param = X509_STORE_CTX_get0_param(csc);
X509_VERIFY_PARAM_set_purpose(verify_param, purpose);
X509_verify_cert(csc)
When we tried the second
Hi,
The ability of a TLS client to optionally send a list of trusted
CAs to the TLS server is not new in TLS 1.3.
In TLS 1.2 and older it was an extension "Trusted CA Indication" (3),
defined in RFC6066 Chapter 6.
So I would suggest that any OpenSSL API to control that feature in
TLS 1.3 also
On 25/11/2018 22:30, Viktor Dukhovni wrote:
On Nov 25, 2018, at 4:23 PM, Jeremy Harris wrote:
That isn't the package name, it is text defined in openssl/opensslv.h
That happens when "OPENSSL_FIPS" is defined:
# define OPENSSL_VERSION_NUMBER 0x101000b0L
# ifdef OPENSSL_FIPS
#
* I am unable to get the API to access bn->top value or any bn members in
openssl 1.1.1 .
Can you help me with the pointers to those APIs ?
They do not exist. This is the first time someone has asked for them. You
will need to open an issue on GitHub, and explain *why* you need access.
> On Nov 26, 2018, at 12:45 AM, priya p wrote:
>
> I am trying to fix this part of code:
>
> int Func1 (var, bn) {
> *var = rc_vmalloc(bn->top * BN_BYTES); --> Trying to fix
> this. Error it throws is " error: dereferencing pointer to incomplete type".
>
> (*var)->l =
Hi Todd,
That is exactly what I am trying to do. The final goal is to implement
this in hardware. Anyways I figured out that the key expansion routine is
slightly different, more specifically the equivalent inverse cipher routine
defined in: