Re: [openssl-users] scripting creating a cert

2017-03-10 Thread Robert Moskowitz
Very nice. But this looks like it as part of the whole easyRSA effort, not something I can easily feed into the openssl command to create the cert. It would take a fair bit of digging to dig out what I need for now. Definitely something I will look into soon, as providing a simple PKI for a

Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

2017-03-10 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jakob Bohm > Sent: Thursday, March 09, 2017 21:43 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow > > I seem to recall (I haven't looked at GCM details in

[openssl-users] fips_premain arch invalid

2017-03-10 Thread Brian Jost
I have updated my iOS scripts to build for all archs now using the latest fips-2.0.14 and openssl-1.1.0e. Before I was using 1.0.2h I believe and fips-2.0.12 and didn't have armv7s support added. I needed to add it so I upgrade and adjusted my script accordingly

Re: [openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs

2017-03-10 Thread Matt Caswell
On 10/03/17 20:58, Ethan Rahn wrote: > Hello Openssl-users, > > I'm trying to write some code that derives the shared secret for 2 > elliptic curve keys ( i.e. does ECDH ) > > I am doing the following to load up both the local and remote EC key ( > code shown for local side ): > > EC_KEY*

[openssl-users] using OpenSSL on Android

2017-03-10 Thread Ta Chen
Hi, I am trying to write a JAVA program to establish a TLS client connection to a server using openssl FIPS object module on an Android platform. I understand on a high level that I will have to build the FIPS module and write a JNI wrapper to allow the openssl routines to be invoked from

[openssl-users] EVP_PKEY_set1_EC_KEY seems to not set something that EVP_PKEY_derive needs

2017-03-10 Thread Ethan Rahn
Hello Openssl-users, I'm trying to write some code that derives the shared secret for 2 elliptic curve keys ( i.e. does ECDH ) I am doing the following to load up both the local and remote EC key ( code shown for local side ): EC_KEY* localEC = EC_KEY_new_by_curve_name( curveName );

Re: [openssl-users] scripting creating a cert

2017-03-10 Thread Jochen Bern
On 03/10/2017 01:10 AM, openssl-users-requ...@openssl.org digested: > Thing is that this then prompts for a number of fields: [...] > Is there some 'simple' way to provide these answers? Like with env > variables? Yes, and as others have already pointed out, there's also the possibility of

[openssl-users] Openssl 1.0.2 snap STABLE 20170311 issue

2017-03-10 Thread The Doctor
Script started on Fri Mar 10 23:31:39 2017 You have mail. root@doctor:/usr/source/openssl-1.0.2-stable-SNAP-20170311 # make making all in crypto... making all in crypto/objects... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2...