it was supported, so I guess I
just don't know what functions to substitute for these.
I'm developing on Ubuntu 14.04, but I'll be using an older version of
OpenSSL (v0.9.8za) for my particular use case.
Any help would be greatly appreciated.
Thanks in advance!
Pratyush Parimal.
, 2014 at 06:46:29PM -0400, pratyush parimal wrote:
So does anyone know how to get the secret derivation working in OpenSSL
v0.9.8?
The EC support in 0.9.8 is incomplete, and disabled by default.
You should treat 0.9.8 as NOT capable of doing EC.
Because from what I read I think
Thanks .. that helps!
-pratyush
On Jun 23, 2014 7:44 PM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
On Mon, Jun 23, 2014 at 07:18:06PM -0400, pratyush parimal wrote:
Thanks a lot for the clarification. I understand now.
Could you also let ne know the same about normal DH operations
=openssl-usersm=116474297608094w=2, which talks about
using 'i2d_PUBKEY', but I haven't been able to make it work so far.
Is my usage of d2i_PUBKEY or i2d_PUBKEY wrong in some way? Does anyone know
how to use them properly?
Any help will be appreciated.
Thanks!
Pratyush Parimal
Hi all,
Did anyone have any luck with this one?
Thanks,
Pratyush Parimal.
-- Forwarded message --
From: pratyush parimal pratyush.pari...@gmail.com
Date: Wed, Jun 25, 2014 at 10:43 AM
Subject: Converting public part of 'EVP_PKEY' structure to 'unsigned char*'
, and back
I
need to apply for a particular OpenSSL version.
Thanks,
Pratyush Parimal.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi everyone,
I am trying to disable the EXPORT ciphers in my OpenSSL code, during
compile-time.
I'm able to do so at runtime by including '!EXP' in the string I use with
SSL_CTX_set_cipher_list(). However, I'm wondering is there an option (like
'no-rc5') that I can pass to Configure?
Hi,
I'm writing a client-server program that uses TLS for communication.
I'm wondering if there's any way to programmatically find out which TLS
protocol versions are supported by the OpenSSL library installed on my
system.
I'm currently aware of three ways which "sort of" provide this
as.francis...@pobox.com> wrote:
>
> > On Jul 27, 2016, at 8:18 PM, pratyush parimal <
> pratyush.pari...@gmail.com> wrote:
> >
> > Hi all,
> >
> > I work on a consumer application which is striving to be fips-140-2
> compliant.
> >
>
Hi everyone,
I'm writing an application which can operate in FIPS mode, for which I'm
calling FIPS_mode_set().
At one point, I'm also seeding the PRNG using RAND_load_file() so I can
generate random bytes later.
What I'm unsure about is that for FIPS mode operation, am I required to do
the
Hi all,
I work on a consumer application which is striving to be fips-140-2
compliant.
I'm using OpenSSL as recommended in the fips guide by invoking
fips_mode_set(). However, in certain parts of the same application, I'm
using my own non-OpenSSL random number generator to generate salts for
Hi all,
I see a lot of questions and answers about how to
handle SSL_ERROR_WANT_READ / WRITE during SSL_read/write, and I understand
that the error is returned when the SSL library needs to do a handshake in
the middle of read/write operation, so we need to repeat the call when the
appropriate
Hi,
Hope everyone is having a good new year so far!
I'm trying to find a way to make sure that a private-key/public-key-cert
pair I'm given, will absolutely work when I stick them into my SSL_CTX*
object and try to use that for ssl. Short of trying to simulate a test ssl
connection over
Hi everyone,
I read from several sources that the serial number of a cert MUST be
unique within a CA. But could someone explain what would happen if the
serial number was not unique?
Would it cause SSL connections to fail in some manner? I think I'm a little
unclear about the "purpose" of the
Hi all,
I'm trying to write an application in which I create an instance of
SSL_CTX* using SSL_CTX_new(), and set the following things in it:
(1) An EVP_PKEY* :
1a> created with PEM_read_bio_PrivateKey().
1b> set in the ctx using SSL_CTX_use_PrivateKey().
(2) A number of X509* instances (cuz
il.com> wrote:
>
>
> On Sun, Jan 28, 2018 at 7:05 PM, pratyush parimal <
> pratyush.pari...@gmail.com> wrote:
>
>> Hi all,
>>
>> I'm trying to write an application in which I create an instance of
>> SSL_CTX* using SSL_CTX_new(), and set the fo
Hi all,
Are people familiar with how to get symbols versioned with versions
like "OPENSSL_1.0.x" in the libcrypto.so after compiling it
yourselves?
I have an application which was compiled and dynamically linked
against OpenSSL 1.0.2k on a CentOS 6.7 machine. I'm trying to run it
on a system
Hi everyone,
I'm upgrading a server application from using OpenSSL 1.0.2n to using
OpenSSL 1.1.0g.
I noticed that after the upgrade, some SSL certs get rejected because they
use an MD5 digest, with the error:
"SSL_CTX_use_certificate:ca md too weak"
While I could ask clients to get a better CA
Hi all,
I'm trying to migrate some application code from OpenSSL 1.0.1e to 1.1.0g.
I keep seeing that the locking and threading callbacks I had used earlier
(with CRYPTO_set_locking_callback and CRYPTO_set_id_callback respectively)
now show up as "unused" during compilation.
I checked
Hi everyone,
I'm trying to find a way to convert a string password to an AES-256
encryption key. I came across EVP_BytesToKey(), but the man-page says at
the end:
"Newer applications should use a more modern algorithm such as PBKDF2 as
defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC".
Hi all,
I have a multi-threaded SSL server application which uses
SSL_write()/SSL_read() calls.
In my write-loop, whenever SSL_write() returns <= 0, I call
SSL_get_error() to see what happened, and then proceed based on what I
find. After that, I call ERR_clear_error() because I think I need to
21 matches
Mail list logo