To clarify, I will probably just use the API you suggested to make it more
simple. Was distracted by my obvious oversight.
From: openssl-users on behalf of Jason
Schultz
Sent: Friday, November 5, 2021 1:59 PM
To: Tomas Mraz ; openssl-users@openssl.org
Sorry, accidentally skipped that part, which was sort of important. I think I
can use the same fix because the part I skipped is the problem:
X509 *cert;
cert = PEM_read_X509(fp, NULL, 0, NULL);
status = X509_STORE_add_cert(trusted_store,cert);
So, I need to this sequence:
X509
On Fri, 2021-11-05 at 13:48 +, Jason Schultz wrote:
> For setting up the trusted store, when the application starts, it
> calls:
>
> ssl_trusted_certs = X509_STORE_new()
>
> ...and then reads all of the certificates in /etc/ssl/certs/ calling
> X509_STORE_add_cert(trusted_store,cert);
>
Setup of the non_fips_libctx (after help from this list a week or two ago):
non_fips_libctx = OSSL_LIB_CTX_new();
defp = OSSL_PROVIDER_load(non_fips_libctx, "default");
I also call
OSSL_PROVIDER_available(non_fips_libctx, "default")
...to verify this worked. I only load the default
On Fri, 2021-11-05 at 13:04 +, Jason Schultz wrote:
> I know I've been raising a lot of issues this week, because of
> varying reasons, but I've hit another one that seems like either an
> OpenSSL problem, or something new/different I need to do with OpenSSL
> 3.0 in connection establishment.
I know I've been raising a lot of issues this week, because of varying reasons,
but I've hit another one that seems like either an OpenSSL problem, or
something new/different I need to do with OpenSSL 3.0 in connection
establishment.
To recap, I'm using two non-default library contexts, one
On 04/11/2021 17:39, Max Larsson wrote:
But now I’m wondering how I can “cascade” using this method to influence
the encoding
to avoid the writing of the additional bytes after the OID gest encoded
and before
the innerToken is encoded:
*….. *0x05 0x05 0x02 *0x04 0x76* 0xa0 0x74….(here
