[openssl-users] SSL_set_verify with a context?

2016-10-27 Thread Lei Kong
What I am trying to achieve is to allow some minor certificate chain validation errors, e.g. "CRL unavailable", based on my per-session configuration. I am think of using my verify callback to record the errors. void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX

Re: [openssl-users] 1.1.0b fails to negotiate with an old OpenSSL client

2016-10-27 Thread Michael Kocum
>This is very likely to be your problem. To test the theory, try adding >"-named_curve P-256" onto your s_server line. P-256 is a much more >widely supported curve. Yes, this fixed the problem. Thank you for your support in this case. -- Michael Kocum [DataEnter] mich...@dataenter.co.at --

Re: [openssl-users] Enabling FIPS on an custom embedded system.

2016-10-27 Thread Steve Marquess
On 10/26/2016 06:06 PM, Eric Tremblay wrote: > Hi Steve, > > Thanks for the quick reply. > > That is what I had understand from my reading but wasn't sure. > > My next question is about OpenSSH. There is no official support in > OpenSSH for FIPS at the moment right ? > > Thanks > > Eric >

Re: [openssl-users] SSL_set_verify with a context?

2016-10-27 Thread Lei Kong
I am using the following link ssl to my container structure, so is it possible to get ssl from x509_ctx in verify_callback? SSL_set_app_data(ssl, this); int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); From: Lei Kong

Re: [openssl-users] SSL_set_verify with a context?

2016-10-27 Thread Ryan Pfeifle
You can use X509_STORE_CTX_get_app_data() and type-cast the returned pointer to SSL*. Ryan Pfeifle Software Engineer [cid:2cada4cd821843daa7153d792a28ea74] VPI is now part of NICE Tel: 1.805.389.5200 x5297 E-mail: ryan.pfei...@nice.com

[openssl-users] Money

2016-10-27 Thread Hello Notelling
I need a way to gain lots of money fast so could you hook me up with some one that's seeking gold as i will happily distribute through the country legally and illegally -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Help

2016-10-27 Thread Lander Bulckaen
Hy, Goal: add an xml file as attachment to a MIME message and sign the MIME message with the primary key (.p12 file). The result must be like what you see below...? Which openssl commands must I use in commandline? (I already searched for ita bout 2 months but still not found any solution...!)

Re: [openssl-users] Help

2016-10-27 Thread Dmitry Belyavsky
Hello You should use the XMLSec library and the corresponding command-line tool. On Thu, Oct 27, 2016 at 5:05 PM, Lander Bulckaen wrote: > Hy, > > > > Goal: add an xml file as attachment to a MIME message and *sign the MIME > message* with the primary key (.p12 file). > > > >