Hi team,
Do you know how to programmatically specify the path of fipsmodule.cnf and load
it in application without using openssl.cnf in OpenSSL 3.0?
Historically, my product uses customized OpenSSL and doesn't have an
openssl.cnf.
I need to use FIPS module, and I try to load it, it fails until I
Am 11.11.2022 um 17:44 schrieb Matt Caswell:
On 11/11/2022 12:41, f...@plutonium24.de wrote:
My apologies. I tested the code you supplied and of course it also fails with 1.1.1. The
code was changed without my knowledge when updating to 3.0 and the version that was
working used the
Answering myself here. It appears this is pretty logical. Openssl 3.0 has a
"legacy" provider which is normally compiled as a separate legacy.so module
which is loaded on demand at run time. Now, when compiled with
-fvisibility=hidden, this does not work because neither side ca
Can someone please suggest if we can build OpenSSL 3.0 for iOS platform?
Don’t see iphoneos-cross under supported os/platform list.
Regards,
Madhu
On 11/11/2022 12:41, f...@plutonium24.de wrote:
My apologies. I tested the code you supplied and of course it also fails
with 1.1.1. The code was changed without my knowledge when updating to
3.0 and the version that was working used the deprecated
"EC_POINT_point2oct". During my test I
On 11/11/2022 00:49, James Muir wrote:
On 2022-11-10 18:35, f...@plutonium24.de wrote:
I have been using EVP_PKEY_get_raw_public_key with OpenSSL 1.1.1
without any problems to extract a raw public key (secp521r1, NIST
curve P-521). With OpenSSL 3.0 this fails. I'm using this call to get
On 2022-11-10 18:35, f...@plutonium24.de wrote:
I have been using EVP_PKEY_get_raw_public_key with OpenSSL 1.1.1 without
any problems to extract a raw public key (secp521r1, NIST curve P-521).
With OpenSSL 3.0 this fails. I'm using this call to get the raw public
key and to compare
I have been using EVP_PKEY_get_raw_public_key with OpenSSL 1.1.1 without
any problems to extract a raw public key (secp521r1, NIST curve P-521).
With OpenSSL 3.0 this fails. I'm using this call to get the raw public
key and to compare it with a reference value I have and I also check
.so-s against it. This ought to hide
the symbols from Python at least. It looks like this actually worked with
openssl-1.1.
Alas, now we are switching over to openssl-3.0 (the fresh 3.0.7) and it looks
like this approach does not work anymore. We are getting initialization errors,
I think from
mbH
>
I have just checked my internet facing CentOS 7.9 Linux server in Europe.
[root@ns1 ~]# rpm -qa | grep openssl
openssl-libs-1.0.2k-25.el7_9.x86_64
openssl-1.0.2k-25.el7_9.x86_64
openssl-devel-1.0.2k-25.el7_9.x86_64
I don't have OpenSSL 3.0.x installed. I am not affected by the said
security vulnerabilities.
Hooray!
Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
On 02.11.22 07:48, Turritopsis Dohrnii Teo En Ming wrote:
I have 2 internet-facing CentOS 7.9 Linux servers in Europe.
Are the patches available already? How do I patch OpenSSL on my CentOS 7.9
Linux servers?
CentOS 7 does not come with 3.0 versions of OpenSSL. (Not even available
from
e 1.0.2 version and not 3.0.x version.
>
This is good news. I can sleep well.
>
> Tomas Mraz, OpenSSL
>
> On Wed, 2022-11-02 at 17:48 +1100, Turritopsis Dohrnii Teo En Ming
> wrote:
> > Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x
> > security vu
-02 at 17:48 +1100, Turritopsis Dohrnii Teo En Ming
wrote:
> Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x
> security vulnerabilities
>
> Good day from Singapore,
>
> I refer to the following posts.
>
> [1] OpenSSL Gives Heads Up to Critical Vulnerabi
Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x security
vulnerabilities
Good day from Singapore,
I refer to the following posts.
[1] OpenSSL Gives Heads Up to Critical Vulnerability Disclosure, Check
Point Alerts Organizations to Prepare Now
Link:
https://blog.checkpoint.com
Hello Everyone,
I have written a new book about OpenSSL, the title is "Demystifying
Cryptography with OpenSSL 3.0". The book was published yesterday.
The book can be useful for many subscribers of this mailing list, including
software developers, system and network administrato
Please read the blog post about this here:
https://www.openssl.org/blog/blog/2022/08/24/FIPS-validation-certificate-issued/
Matt
All the providers can use the low-level APIs internally to implement
crypto algorithms. The FIPS provider however includes all the low level
implementations as a separately built and statically linked code.
That means you cannot use the low-level calls in an application and
still be FIPS
Hi,
I understand that low-level APIs have been deprecated in version 3. I have
been playing some with the fips provider trying to understand the config
options to use with it. I noticed that the fips provider source code
includes a few low level APIs like SHA256_Init().
Is it correct to conclude
On 11/04/2022 16:53, Alon Bar-Lev wrote:
On Mon, Apr 11, 2022 at 11:52 AM Matt Caswell wrote:
On 10/04/2022 19:18, Alon Bar-Lev wrote:
Hello,
I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function
On Mon, Apr 11, 2022 at 11:52 AM Matt Caswell wrote:
>
>
>
> On 10/04/2022 19:18, Alon Bar-Lev wrote:
> > Hello,
> >
> > I am trying to migrate to openssl-3.0 API, it seems to be very
> > complicated to hook primitive private key usage to a custom functio
On 10/04/2022 19:18, Alon Bar-Lev wrote:
Hello,
I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function.
This is required, for example, to use private keys that reside on
hardware devices or when an application
Hello,
I am trying to migrate to openssl-3.0 API, it seems to be very
complicated to hook primitive private key usage to a custom function.
This is required, for example, to use private keys that reside on
hardware devices or when an application wishes to externalize private
key operations
Simon Chopin wrote:
> This test suite fails several times with a failed call to
> EVP_PKEY_derive_set_peer, without much more details:
>
https://github.com/net-ssh/net-ssh/blob/master/test/transport/kex/test_diffie_hellman_group14_sha1.rb
> However, the *exact same* test suite
Hi,
I'm working on migrating the Ruby net-ssh package to OpenSSL 3.0 as part
of our larger transition in Ubuntu, but there's an issue that I can't
figure out.
This test suite fails several times with a failed call to
EVP_PKEY_derive_set_peer, without much more details:
https://github.com/net-ssh
On Thu, 2022-03-24 at 22:19 -0600, Philip Prindeville wrote:
> Hi,
>
> I'm incrementally trying to port asterisk to Openssl 3.0.
>
> First thing I'm trying to do is wean the code off of the RSA_*
> functions, and use generic EVP_PKEY_* functions instead.
>
> Most of it i
Hi,
I'm incrementally trying to port asterisk to Openssl 3.0.
First thing I'm trying to do is wean the code off of the RSA_* functions, and
use generic EVP_PKEY_* functions instead.
Most of it is fairly straightforward (it seems), but I've been looking for
examples of reading PEM public
On your build machine, create a staging directory, for example:
mkdir /tmp/staging
Then run make install like this:
make DESTDIR=/tmp/staging install
Then copy the files in /tmp/staging to your other machine. Note that you will
have to copy the files relative to your —prefix and —openssldir
Hi all,
I have the need for compiling version 3.0 source code which I have
downloaded and compiling on a Centos 7 system and I'm able to compile just
fine.
For using it, however, I need to install it on another Centos 7 machine
which does not have the compiler tools and required toolchain. So, I
gers, in network byte order, as required by SSH and
> > described in section 6.6 of RFC 4253 (dss_signature_blob)[1]. To do
> > this encoding I am calling BN_bn2bin() twice to write 'r' followed by
> > 's' at the appropriate locations in a 40-byte buffer. By any chance,
&
followed by
> 's' at the appropriate locations in a 40-byte buffer. By any chance,
> does OpenSSL 3.0 provide any support for encoding a DSA signature
> like this from a DSA_SIG (i.e. without having to extract 'r' and 's'
> first and then use BN_bn2bin())?
No, there is no such func
uired by SSH and described
in section 6.6 of RFC 4253 (dss_signature_blob)[1]. To do this encoding I
am calling BN_bn2bin() twice to write 'r' followed by 's' at the
appropriate locations in a 40-byte buffer. By any chance, does OpenSSL 3.0
provide any support for encoding a DSA signature like this from a
On Fri, 2022-03-11 at 15:21 -0400, Richard Dymond wrote:
> Hi
>
> I recently migrated an application from OpenSSL 1.1.1 to OpenSSL 3.0,
> and I'm wondering how best to handle DSA signatures - specifically,
> the 'r' and 's' values - in OpenSSL 3.0.
>
> In OpenSSL 1.1.
Hi
I recently migrated an application from OpenSSL 1.1.1 to OpenSSL 3.0, and
I'm wondering how best to handle DSA signatures - specifically, the 'r' and
's' values - in OpenSSL 3.0.
In OpenSSL 1.1.1, it was pretty easy:
DSA_do_sign() - gets you a DSA_SIG
DSA_SIG_get0() - gets you the 'r' and 's
; > wrote:
> >
> > On Fri, Mar 04, 2022 at 11:04:00AM +, Matt Caswell wrote:
> >> OpenSSL 3.0 has recently been designated as a Long Term Support (LTS)
> >> release. This means that it will now be supported until 7th September
> >> 2026 (5 years afte
via openssl-users
> wrote:
>
> On Fri, Mar 04, 2022 at 11:04:00AM +0000, Matt Caswell wrote:
>> OpenSSL 3.0 has recently been designated as a Long Term Support (LTS)
>> release. This means that it will now be supported until 7th September
>> 2026 (5 years after its init
On Fri, Mar 04, 2022 at 11:04:00AM +, Matt Caswell wrote:
> OpenSSL 3.0 has recently been designated as a Long Term Support (LTS)
> release. This means that it will now be supported until 7th September
> 2026 (5 years after its initial release).
>
> Our previous LTS
OpenSSL 3.0 has recently been designated as a Long Term Support (LTS)
release. This means that it will now be supported until 7th September
2026 (5 years after its initial release).
Our previous LTS release (1.1.1) will continue to be supported until
11th September 2023.
We encourage all
gt;
> > Hi List,
> >
> > I have a question about OpenSSL 3.0 and static linking.
> >
> > Short version: Is it possible to include the legacy provider in libcrypt.a?
> >
> > Somewhat long version below.
> > As a background of the question I'm u
3DES is in the default provider - only normal DES is in the legacy
provider. So you should not need to load the legacy provider for this to
work.
Matt
On 23/02/2022 06:20, pa...@openssl.org wrote:
Have you loaded the legacy provider before trying this?
Pauli
On 23/2/22 5:03 pm, Srinivas,
Have you loaded the legacy provider before trying this?
Pauli
On 23/2/22 5:03 pm, Srinivas, Saketh (c) wrote:
Hi
I am trying to encrypt and decrypt using EVP_des_ede3_cbc() type. iam
using openssl3.0
_
_
the functions i am using are
encryption side:
Hi
I am trying to encrypt and decrypt using EVP_des_ede3_cbc() type. iam using
openssl3.0
the functions i am using are
encryption side:
EVP_EncryptInit_ex -> EVP_EncryptUpdate -> EVP_EncryptFinal_ex
decryption side:
--
EVP_DecryptInit_ex ->
22 5:37 pm, Shunichi Shinohara wrote:
Hi List,
I have a question about OpenSSL 3.0 and static linking.
Short version: Is it possible to include the legacy provider in
libcrypt.a?
Somewhat long version below.
As a background of the question I'm using OpenSSL with Erlang/OTP [1]
on Linux
and want
i List,
>
> I have a question about OpenSSL 3.0 and static linking.
>
> Short version: Is it possible to include the legacy provider in libcrypt.a?
>
> Somewhat long version below.
> As a background of the question I'm using OpenSSL with Erlang/OTP [1] on Linux
> and want
There is a define to allow this: STATIC_LEGACY but I don't remember how
to specify it on the configuration command line.
We should probably turn this on in a no-shared build.
Pauli
On 22/2/22 5:37 pm, Shunichi Shinohara wrote:
Hi List,
I have a question about OpenSSL 3.0 and static linking
Hi List,
I have a question about OpenSSL 3.0 and static linking.
Short version: Is it possible to include the legacy provider in libcrypt.a?
Somewhat long version below.
As a background of the question I'm using OpenSSL with Erlang/OTP [1] on Linux
and want to static link OpenSSL library
On Tue, 15 Feb 2022 at 09:53, Tomas Mraz wrote:
> Please note that there are two checksums in the configuration file. One
> of them is the FIPS module checksum and the other is the checksum of
> the configuration. You can copy the file across machines if it is
> without the configuration
> On 15/2/22 02:25, Richard Dymond wrote:
>
> >
> > Hi
> >
> > Probably a dumb question, but why must the FIPS module
> > configuration file for OpenSSL 3.0 be generated on every machine
> > that it is to be used on (i.e. must not be copied from one machine
, but why must the FIPS module configuration
file for OpenSSL 3.0 be generated on every machine that it is to be
used on (i.e. must not be copied from one machine to another)?
I just ran 'openssl fipsinstall' on two different machines with the
same FIPS module and it produced exactly the same output
the configuration file across avoids the self
tests and therefore isn't compliant.
Pauli
On 15/2/22 02:25, Richard Dymond wrote:
Hi
Probably a dumb question, but why must the FIPS module
configuration file for OpenSSL 3.0 be generated on every machine
that it is to be used on (i.e
Hi
>
> Probably a dumb question, but why must the FIPS module configuration file
> for OpenSSL 3.0 be generated on every machine that it is to be used on
> (i.e. must not be copied from one machine to another)?
>
> I just ran 'openssl fipsinstall' on two different machines with
avoids the self tests
and therefore isn't compliant.
Pauli
On 15/2/22 02:25, Richard Dymond wrote:
Hi
Probably a dumb question, but why must the FIPS module configuration
file for OpenSSL 3.0 be generated on every machine that it is to be
used on (i.e. must not be copied from one machine
. Copying the configuration file across avoids the self tests
and therefore isn't compliant.
Pauli
On 15/2/22 02:25, Richard Dymond wrote:
Hi
Probably a dumb question, but why must the FIPS module configuration
file for OpenSSL 3.0 be generated on every machine that it is to be
used on (i.e. must
Hi
Probably a dumb question, but why must the FIPS module configuration file
for OpenSSL 3.0 be generated on every machine that it is to be used on
(i.e. must not be copied from one machine to another)?
I just ran 'openssl fipsinstall' on two different machines with the same
FIPS module
i set this return value.
>
> thanks,
> Saketh.
> From: Tomas Mraz
> Sent: Wednesday, February 9, 2022 4:59 PM
> To: Srinivas, Saketh (c) ;
> openssl-users@openssl.org
> Subject: [EXTERNAL] Re: does Openssl 3.0 has backward compatiblity.
> The PKCS12 files use algorithms
) wrote:
> Does openssl 3.0 supports the openssl 1.0 pkcs12 files. Is it
> backward compatible. For me it giving error in PKCS12_parse
> function.
>
>
> thanks,
> Saketh.
>
> Notice: This e-mail together with any attachments may contain
> information of Ribb
Does openssl 3.0 supports the openssl 1.0 pkcs12 files. Is it backward
compatible. For me it giving error in PKCS12_parse function.
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential
ink a configuration time option might be
> required and neither is supported by the FIPS provider.
>
> Paul Dale
>
>
> On 3/2/22 4:32 pm, Srinivas, Saketh (c) wrote:
>
> >
> > Hi,
> >
> > Does openssl 3.0 still support TLSv 1.0 and TLSv1.1. or
It does support both. I think a configuration time option might be
required and neither is supported by the FIPS provider.
Paul Dale
On 3/2/22 4:32 pm, Srinivas, Saketh (c) wrote:
Hi,
Does openssl 3.0 still support TLSv 1.0 and TLSv1.1. or they are
deprecated, because there were some
Hi,
Does openssl 3.0 still support TLSv 1.0 and TLSv1.1. or they are deprecated,
because there were some deprecations like sha1 etc.
Thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates
Hi
> -Original Message-
> From: Gaurav Jain
> Sent: Monday, January 10, 2022 1:12 PM
> To: John Baldwin ; bor...@mellanox.com; openssl-
> us...@openssl.org; m...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: RE: [EXT] Re: KTLS with openssl 3.0 fail
Hi John/Matt
> -Original Message-
> From: John Baldwin
> Sent: Thursday, January 6, 2022 11:21 PM
> To: Gaurav Jain ; bor...@mellanox.com; openssl-
> us...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: Re: [EXT] Re: KTLS with openssl 3.0 fail with error
On 1/6/22 5:58 AM, Gaurav Jain wrote:
Hi
-Original Message-
From: John Baldwin
Sent: Thursday, January 6, 2022 12:26 AM
To: Gaurav Jain ; bor...@mellanox.com; openssl-
us...@openssl.org
Cc: Varun Sethi ; Pankaj Gupta
Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN
Hi
> -Original Message-
> From: John Baldwin
> Sent: Thursday, January 6, 2022 12:26 AM
> To: Gaurav Jain ; bor...@mellanox.com; openssl-
> us...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN
Gaurav Jain would like to recall the message, "[EXT] Re: KTLS with openssl 3.0
fail with error ENOTCONN(Transport endpoint is not connected)".
Hi
> -Original Message-
> From: John Baldwin
> Sent: Thursday, January 6, 2022 12:26 AM
> To: Gaurav Jain ; bor...@mellanox.com; openssl-
> us...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN
On 1/4/22 11:49 PM, Gaurav Jain wrote:
Hello Boris/John
I am from NXP and currently working on enabling KTLS on NXP platforms via
openssl.
I see that you enabled KTLS support in openssl
3.0(https://www.openssl.org/news/changelog.html#openssl-30).
when I configure openssl 3.0 or 3.1.0
Hello Boris/John
I am from NXP and currently working on enabling KTLS on NXP platforms via
openssl.
I see that you enabled KTLS support in openssl
3.0(https://www.openssl.org/news/changelog.html#openssl-30).
when I configure openssl 3.0 or 3.1.0 with enable-ktls and and try to run
penssl.org
Subject: Re: undefined symbol: OSSL_provider_init when running "make test" for
OpenSSL 3.0
On 21/12/2021 15:09, Lee Staniforth wrote: > ./Configure linux-x86_64 no-shared
-m64 -fPIC -fvisibility=hidden Try dropping "-fvisibility=hidden". I can
replicate this problem
On 21/12/2021 15:09, Lee Staniforth wrote:
./Configure linux-x86_64 no-shared -m64 -fPIC -fvisibility=hidden
Try dropping "-fvisibility=hidden". I can replicate this problem when
using no-shared and -fvisibility=hidden. If I drop the
"-fvisibility=hidden" the problem goes away.
Matt
ned symbol: OSSL_provider_init when running "make test" for
OpenSSL 3.0
CAUTION: This email originated from outside of the Advantech organization. Do
not click any link or open any attachment unless you recognize the sender and
know the content is 100% safe! If you are not sure this email is
Hi
Kernel Support for KTLS:
kernel version is 5.15
CONFIG_TLS=y
CONFIG_TLS_DEVICE=y
CONFIG_CRYPTO_TLS=y
Openssl:
$ ./ Configure enable-ktls linux-aarch64
$ make
Server
$ ./openssl version
OpenSSL 3.0.2-dev 14 Dec 2021 (Library: OpenSSL 3.0.0 7 sep 2021)
$ ./openssl s_server -key rsa.key -cert
Hi,
I have been building the 1.1.1 stream of OpenSSL for a while, and am now
starting to look at moving to using 3.0.
Building works fine, but testing fails (via "make test").
A number of the tests fail with undefined symbol: OSSL_provider_init:
02-test_internal_ctype.t ... ok
Good Morning,
I am having an issue with the FIPS Module in an OpenSSL 3.0 build. Below are
the build steps and the issues that I am seeing. Sorry for the length but I am
trying to provide all of the relevant details in hopes that the solution to
this issue will be easily identifiable.
First
ch are currently “unadopted”.
How should people interpret that? That the initial release of OpenSSL
3.0 was supported on Solaris, but no releases after that are? Or
something else?
Thanks,
David
SPARC M8-1". However, on the platform policy
page<https://www.openssl.org/policies/platformpolicy.html> it lists a number of
Solaris platforms, all of which are currently "unadopted". How should people
interpret that? That the initial release of OpenSSL 3.0 was suppor
On Tue, 30 Nov 2021 at 15:09, Matt Caswell wrote:
>
>
> On 30/11/2021 13:16, pepone.onrez wrote:
> > Getting some problems with OpenSSL 3.0, I have passwordError function,
> > to check if the last error was due to an invalid password and allow the
> > user to retry.
> &g
On 30/11/2021 13:16, pepone.onrez wrote:
Getting some problems with OpenSSL 3.0, I have passwordError function,
to check if the last error was due to an invalid password and allow the
user to retry.
bool
passwordError()
{
unsigned long error = ERR_peek_error();
unsigned long lib
Getting some problems with OpenSSL 3.0, I have passwordError function, to
check if the last error was due to an invalid password and allow the user
to retry.
bool
passwordError()
{
unsigned long error = ERR_peek_error();
unsigned long lib = ERR_GET_LIB(error);
unsigned long reason
Message: 2
Date: Tue, 9 Nov 2021 14:32:19 -0800
From: Kory Hamzeh
To: openssl-users@openssl.org
Subject: Re: Openssl 3.0 fipsinstall fails in yocto linux environment
Message-ID:
Content-Type: text/plain; charset="utf-8"
Hi Susan,
How did you run Configure? Are you cross compiling
lly built and installed openssl 3.0 and the fips.so module in
> my yocto build environment. My goal is to make the FIPs module the default
> provider for all applications so I modified my openssl.cnf file to match the
> docs like the following.
>
> config_diagnostic
I've successfully built and installed openssl 3.0 and the fips.so module in
my yocto build environment. My goal is to make the FIPs module the default
provider for all applications so I modified my openssl.cnf file to match
the docs like the following.
config_diagnostics = 1
Going back to the original email in this thread:
On 02/11/2021 19:42, Jason Schultz wrote:
mycert = PEM_read_X509(fp, NULL, 0, NULL);
pkey = X509_get_pubkey(mycert);
All functions return good statuses or non-NULL pointers until the last
one, X509_get_pubkey() returns NULL.
The
On Wed, 2021-11-03 at 20:32 +, Jason Schultz wrote:
> 00B741558E7F:error:0308010C:digital envelope routines:(unknown
> function):unsupported:crypto/evp/evp_fetch.c:346:Global default
> library
> context, Algorithm (SHA1 : 96), Properties ()
The "Global default library context" hints at
From: openssl-users on behalf of Viktor
Dukhovni
Sent: Wednesday, November 3, 2021 9:25 PM
To: openssl-users@openssl.org
Subject: Re: X509_get_pubkey() in OpenSSL 3.0?
On Wed, Nov 03, 2021 at 08:32:43PM +, Jason Schultz wrote:
> To summar
On Wed, Nov 03, 2021 at 08:32:43PM +, Jason Schultz wrote:
> To summarize, at application start time I read in all of the
> certificates in /etc/ssl/certs/ to a trusted store created with
> X509_STORE_new().
>
> When getting ready to "start" a server (again, leaving a lot of
> specifics out
ng?
Jason
From: openssl-users on behalf of Viktor
Dukhovni
Sent: Wednesday, November 3, 2021 4:47 PM
To: openssl-users@openssl.org
Subject: Re: X509_get_pubkey() in OpenSSL 3.0?
On Wed, Nov 03, 2021 at 12:38:51PM +, Jason Schultz wrote:
> In any case, things appear to b
On Wed, Nov 03, 2021 at 12:38:51PM +, Jason Schultz wrote:
> In any case, things appear to be working now, but I'm hitting an issue
> later on when calling SSL_CTX_build_cert_chain(). I working on
> debugging that, I may have to start yet another thread later.
Your mistake is probably in
, 2021 9:01 PM
To: openssl-users@openssl.org
Subject: Re: X509_get_pubkey() in OpenSSL 3.0?
On Tue, Nov 02, 2021 at 08:28:01PM +, Jason Schultz wrote:
> Victor-
>
> I can't seem to find any documentation on SSL_CTX_get0_privatekey(),
> but by the name of it, it sounds like
> X509 cert = SSL_CTX_get0_certificate(ctx);
> EVP_PKEY pkey = X509_get_pubkey(cert);
>
*cert and *pkey ...
On Tue, Nov 02, 2021 at 08:28:01PM +, Jason Schultz wrote:
> Victor-
>
> I can't seem to find any documentation on SSL_CTX_get0_privatekey(),
> but by the name of it, it sounds like it's getting the private key;
> I'm trying to get the public key.
It does appear to be "under-documented"
to the
> migration to OpenSSL 3.0, as this code works with OpenSSL 1.1.1 (and 1.0.2
> before it). When looking at the documentation pages for 1.1.1 vs 3.0, I'm
> not seeing any differences between the OpenSSL APIs I'm calling in the 2
> different release levels.
>
> Here is the
ead since this question was buried in my
> "FIPS" thread and I dont' think it has anything to do with FIPS and OpenSSL
> providers. I'm hitting another problem that I think is related to the
> migration to OpenSSL 3.0, as this code works with OpenSSL 1.1.1 (and 1.0.2
>
您好,您的邮件我已收到,我会尽快阅读,谢谢!
I think is related to the
> migration to OpenSSL 3.0, as this code works with OpenSSL 1.1.1 (and 1.0.2
> before it). When looking at the documentation pages for 1.1.1 vs 3.0, I'm not
> seeing any differences between the OpenSSL APIs I'm calling in the 2
> different release levels.
>
>
Subject: X509_get_pubkey() in OpenSSL 3.0?
I thought I should start a new thread since this question was buried in my
"FIPS" thread and I dont' think it has anything to do with FIPS and OpenSSL
providers. I'm hitting another problem that I think is related to the migration
to O
I thought I should start a new thread since this question was buried in my
"FIPS" thread and I dont' think it has anything to do with FIPS and OpenSSL
providers. I'm hitting another problem that I think is related to the migration
to OpenSSL 3.0, as this code works with OpenSSL 1.1.1
Thanks to everyone for the help so far. I think I have things set up correctly
as far as FIPS, providers, and library contexts. I'm hitting another problem
that I think is related to the migration to OpenSSL 3.0, as this code works
with OpenSSL 1.1.1 (and 1.0.2 before it). When looking
ks,
Jason
*From:* Matt Caswell
*Sent:* Thursday, October 28, 2021 2:00 PM
*To:* Jason Schultz ; Dr Paul Dale
; openssl-users@openssl.org
*Subject:* Re: OpenSSL 3.0 FIPS questions
On 28/10/2021 14:49, Jason Schultz wrote:
A call to OSSL_PROVIDER_availa
rypto.so.3
Thanks,
Jason
From: Matt Caswell
Sent: Thursday, October 28, 2021 2:00 PM
To: Jason Schultz ; Dr Paul Dale ;
openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
On 28/10/2021 14:49, Jason Schultz wrote:
> A call to OSSL_PROVIDER_ava
for their help with this, things are starting to make
more sense now.
*From:* Matt Caswell
*Sent:* Thursday, October 28, 2021 7:39 AM
*To:* Jason Schultz ; Dr Paul Dale
; openssl-users@openssl.org
*Subject:* Re: OpenSSL 3
1 - 100 of 244 matches
Mail list logo
