[openssl-users] RSA sign using SHA256 with mgf1 padding

Hello, I'm running an application which runs an authentication session with a server. The server provides some random data, and my application needs to sign it with its private key, and send back the signature. The server which knows the public key verifies the signature, and it good then the

[openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

I have a DTLS 1.2 server based on last master (commit d196305aa0de1fc38837c27cb1ea6e60af9dd98d) I try to add ocsp stapling support (based on code in s_server.c). Basicaly in my callback I set the OCSP response by: if (SSL_set_tlsext_status_ocsp_resp(s,dataPtr,respLen) == 0) { return

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

On 29/08/16 17:08, Julien Vermillard wrote: > I have a DTLS 1.2 server based on last master (commit > d196305aa0de1fc38837c27cb1ea6e60af9dd98d) > I try to add ocsp stapling support (based on code in s_server.c). > > Basicaly in my callback I set the OCSP response by: > > > if

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

It's a mix of C and Go, so it's really not minimal, but I'll try to modify s_server to see if I can reproduce it. -- Julien Vermillard On Mon, Aug 29, 2016 at 6:13 PM, Matt Caswell wrote: > > > On 29/08/16 17:08, Julien Vermillard wrote: > > I have a DTLS 1.2 server based on

[openssl-users] BIO Pair vs Custom BIO for non standard transport

Hi All, I need to use TLS on the top of our collection of low-level transport classes. It looks like the standard choice is to create a BIO Pair and to manage data transfer between transport layer and the TLS through it. This looks fine but actual implementation of a socket's BIO in

Re: [openssl-users] BIO Pair vs Custom BIO for non standard transport

On 29/08/16 14:27, lilulo wrote: > Hi All, > > I need to use TLS on the top of our collection of low-level transport > classes. It looks like the standard choice is to create a BIO Pair and > to manage data transfer between transport layer and the TLS through it. > This looks fine but actual

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

I patched s_server to send a fake OCSP content (4 bytes). I suppose the server will just push that to the client and the client should fail complaining it's not a correct OCSP response. But the server crash with: ssl/statem/statem_dtls.c:127: OpenSSL internal error: assertion failed: s->init_num

Re: [openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

Ok - thanks. I'll try and take a look tomorrow. Matt On 29/08/16 17:37, Julien Vermillard wrote: > I patched s_server to send a fake OCSP content (4 bytes). > I suppose the server will just push that to the client and the client > should fail complaining it's not a correct OCSP response. > But