Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

> On Jan 24, 2018, at 1:33 AM, Gladewitz, Robert via openssl-users > wrote: > > Nevertheless, a problem remains open for the Cisco CUCM users. If these use > the certificate internally signed by Cisco, the attributes are set as in the > discussion and can not be

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

Hallo Voktor, I had contact with the Freeradius group in this regard. At first we also assumed that something is wrong with the client certificate. But in TLS Freeradius uses the OpenSSL standard functions to identify and verify the client certificate. Exactly here only the CA certificate

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

>> You seem to be very very VERY upset by how OpenSSL implements one > particular part of RFC 5280. Viktor has shown that it’s not just us, it’s > other code as well. The original poster was able to live with OpenSSL’s > implementation. You don’t like that code. So be it. > If

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

On Tue, Jan 23, 2018 at 4:33 PM, Salz, Rich wrote: > On Tue, Jan 23, 2018 at 3:45 PM, Salz, Rich wrote: > > ➢ The docs have _not_ changed: > https://www.openssl.org/docs/standards.html. > > > > Nor is there any need for that page to change.

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

On Tue, Jan 23, 2018 at 3:45 PM, Salz, Rich wrote: > ➢ The docs have _not_ changed: https://www.openssl.org/docs/standards.html. > > Nor is there any need for that page to change. READ WHAT IT SAYS. ➢ I'm surprised you are arguing against clear

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

On Tue, Jan 23, 2018 at 3:45 PM, Salz, Rich wrote: > ➢ The docs have _not_ changed: > https://www.openssl.org/docs/standards.html. > > Nor is there any need for that page to change. READ WHAT IT SAYS. I'm surprised you are arguing against clear documentation on behaviors.

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

➢ The docs have _not_ changed: https://www.openssl.org/docs/standards.html. Nor is there any need for that page to change. READ WHAT IT SAYS. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

> On Jan 23, 2018, at 3:07 PM, Jeffrey Walton wrote: > > Your arguments are fallacious. How the browsers do things does not > constitute the "de facto" standard. Your just begging the claim. You're trolling. I'm no longer playing along, better things to do... --

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

On Tue, Jan 23, 2018 at 12:43 PM, Viktor Dukhovni wrote: > > >> On Jan 23, 2018, at 7:31 AM, Gladewitz, Robert via openssl-users >> wrote: >> >> Despite being wrong it is also absolutely irrelevant, because FreeRADIUS >> retrieves the

Re: [openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

> On Jan 23, 2018, at 7:31 AM, Gladewitz, Robert via openssl-users > wrote: > > Despite being wrong it is also absolutely irrelevant, because FreeRADIUS > retrieves the OpenSSL rejection of the cacert.capf.pem before any end-entity > certifcate is ever seen. This

[openssl-users] AES-CTR-256 test suite for FIPS

Hi All, We are using DRBG using AES-CTR-256 in FIPS mode. I could find test suite/file that takes CAVP test request and generating the response for DRBG using AES-CTR-256. However I am not finding any test suite/file that validates AES-CTR 128/192/256 bits. Please can any one let me know while

[openssl-users] Fwd: Simplifying the security policy

At our face to face we took a look at the security policy and noticed that it contained a lot of background details of why we decided on the policy that we did (in light mostly of the issues back in 2014) as well as a bit of repeated and redundant information. We've taken some time to simplify

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

➢ this feature sends notifications about _all_ conversations happening. For me, I get the actual comments that are posted. Don’t you? On the mailing list, you have to explicitly mark/junk conversation threads in your mail program. You would still have to do that here. I don’t understand

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

You should be able to just watch the openssl repo (the eyeball/watch notice in the upper-right side) On 1/23/18, 7:00 AM, "Hubert Kario" wrote: On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > There’s a new blog post at >

Re: [openssl-users] TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

On Sun, Jan 21, 2018 at 6:38 PM, Salz, Rich via openssl-users wrote: > ➢ The sensible thing at this point is to publish an update to RFC5280 > that accepts reality. > > Yes, and there’s an IETF place to do that if anyone is interested; see the > LAMPS working

[openssl-users] WG: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

Dear helpful people, The problem is now solved by a workaround based on a new CAPF certificate. That is that. Concerning the discussion here, i (representing my supervisor) would like to pinpoint 2 facts that arouse: First and foremost the attached cacert.capf.pem is based on a Cisco __System

Re: [openssl-users] [openssl-dev] Blog post; changing in email, crypto policy, etc

Hello, On Tue, Jan 23, 2018 at 3:00 PM, Hubert Kario wrote: > On Friday, 19 January 2018 18:34:57 CET Salz, Rich via openssl-dev wrote: > > There’s a new blog post at > > https://www.openssl.org/blog/blog/2018/01/18/f2f-london/ > > > We decided to increase our use of

Re: [openssl-users] Information to detach a BIO from fd

Hi All, We resolved the issue by using SSL_peek which does not clear the bio after read and we could also get the peer information after calling this API. This helped us differentiate the peer connections. Thanks for the multiple suggestions provided. Thanks, Grace On Tue, Jan 16, 2018 at 12:34