If you used BIO_NOCLOSE then you have to close the BIO.
Yes, after shutdown is done, call SSL_free()
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi.
I am using openssl 1.0.2 to do some ssl connection, now I am facing
some memory leak issue.
ssl = SSL_new(m_ctx);
sbio = BIO_new_socket(server, BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio);
SSL_connect()
...
//After handle, release resource
if(ssl)
SSL_shutdown(ssl);
Now I have some
Hi,
Our win32 applications will sometimes fail to start due to a
fingerprint mismatch in the fips module. It appears this is caused by
the fixed baseaddr used to verify the checksum. We are building with
the /FIXED and /DYNAMICBASE:NO options.
The User Guide states:
The standard OpenSSL build
So why does it work for me?
Well, who knows when the remote server wants to see SNI? It could be based on
url, ipaddress, etc.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I tried this command
openssl.exe s_client -connect ezfile.ch:443
And it returns this kind of error
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
error
I can not reproduce this. What version are you using?
There is nothing wrong with that server, so it's most likely
And it returns this kind of error
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
error
The site uses TLS 1.1, AES_128_CBC_SHA1, ECDHE-ECDSA.
Perhaps there is a middlebox in the way that gets version negotiation wrong.
Try adding the -tls1 flag.
Flag -servername
I am using openssl 1.0.2 to do some ssl connection, now I am facing
some memory leak issue.
ssl = SSL_new(m_ctx);
sbio = BIO_new_socket(server, BIO_NOCLOSE);
SSL_set_bio(ssl,sbio,sbio);
SSL_connect()
...
//After handle, release resource
if(ssl)
SSL_shutdown(ssl);
Also see
Hi Steve,
Thanks for the response.
We are using openssl-1.0.1j.
Following is how have configured NID_sha1 and NID_ecdsa_with_sha1.
We use our own signature and digest methods. But, i see modification of
digest has issue. If i dont set any digest method, then our signature
functions are getting
It is weird that it worked for you. Anyway I found a way how to fix it (if I
can
call it a fix). The key is to provide a flag -servername
to enable SNI (Server Name Indication).
It's not wrong to call it a fix. The server you are talking to is configured
to require SNI, apparently.
This
Hi All,
First time post, be gentle :-)
I know this has come up before, but not recently, and there aren't any
answers that seem conclusive.
I have need to identify a Microsoft generated certificate's template
name, I believe as part of oid 1.3.6.1.4.1.311.21.7
Can anybody shed any light on how
I have need to identify a Microsoft generated certificate's template name, I
believe as part of oid 1.3.6.1.4.1.311.21.7
Where, in a cert OtherName field?
___
openssl-users mailing list
To unsubscribe:
On 28/04/2015 02:59, Salz, Rich wrote:
I have need to identify a Microsoft generated certificate's template name, I
believe as part of oid 1.3.6.1.4.1.311.21.7
Where, in a cert OtherName field?
It is an extension. Microsoft certificate server (their
bundled CA software) puts the name of the
On Mon, Apr 27, 2015 at 02:39:08PM +, Salz, Rich wrote:
It is weird that it worked for you. Anyway I found a way how to fix it (if
I can
call it a fix). The key is to provide a flag -servername
to enable SNI (Server Name Indication).
It's not wrong to call it a fix. The server you
13 matches
Mail list logo