[openssl-users] OpenSSL in Linux kernel

Can SSL library be used in Linux kernel mode? Thanks. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SSL_set_verify with a context?

What I am trying to achieve is to allow some minor certificate chain validation errors, e.g. "CRL unavailable", based on my per-session configuration. I am think of using my verify callback to record the errors. void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX

Re: [openssl-users] SSL_set_verify with a context?

I am using the following link ssl to my container structure, so is it possible to get ssl from x509_ctx in verify_callback? SSL_set_app_data(ssl, this); int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); From: Lei Kong <leik...@msn.

[openssl-users] TLSv1_2_method

Can processes running with TLSv1_2_method talk to processes running with something older, e.g. TLSv1_1_method? Along the same lines, will new TLS versions be backward compatible with TLSv1_2_method ? I would like to make my code proof, is there something like TLS_latest_method()? I have a

[openssl-users] Automatic download of CRL

I am using 1.0.2g. CRL checking works fine on my certificate when I download and save CRL in PEM format locally. I noticed that “openssl verify” has this option: -crl_download Attempt to download CRL information for this certificate. But it does not work for me. The CRL URL embedded

[openssl-users] Certificate chain validation

When validating a certificate issued by an intermediate certificate authority, I noticed that I need to install both the root and the intermediate CA certificate locally (with update-ca-certificates on ubuntu 16.04). Verification fails if only root CA cert is installed (intermediate is not

Re: [openssl-users] Certificate chain validation

https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_use_certificate.html https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_add_extra_chain_cert.html The linked documents didn’t say the APIs must be called on *client* side, and it works fine in my code on both client and server side. I am under the

Re: [openssl-users] Certificate chain validation

ssl-users@openssl.org> Subject: Re: [openssl-users] Certificate chain validation On 21/04/2017 03:37, Lei Kong wrote: > > When validating a certificate issued by an intermediate certificate > authority, I noticed that I need to install both the root and the > intermediate CA certificate

Re: [openssl-users] Certificate chain validation

SSL_CTX_load_verify_locations<https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html>.” From: Lei Kong<mailto:leik...@msn.com> Sent: Friday, April 21, 2017 2:10 PM To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: RE: [openssl-users]