date:20160523

[openssl-users] EVP_PKEY_keygen fails on Travis with "invalid operation"

2016-05-23 Thread Jeroen Ooms

I wrote some simple bindings to generate an ecdsa key:

  int nid = my_nist2nid(curve);
  EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
  bail(EVP_PKEY_keygen_init(ctx) > 0);
  bail(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid));
  EVP_PKEY *pkey = NULL;
  bail(EVP_PKEY_keygen(ctx, ) > 0);

This works on all platforms that I tested, but on Travis CI the final
call fails with error:

  In EVP_PKEY_CTX_ctrl: invalid operation

I am using a standard Ubuntu 14.04 with libssl-dev. What might be the
problem here?
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] help with timestamping

2016-05-23 Thread Mario Scalabrino


It seems that we have the same problem.

I just opened a thread here 
https://mta.openssl.org/pipermail/openssl-users/2016-May/003733.html


It seems that a group of experts found a workaround here.
https://github.com/elabftw/elabftw/issues/242
Maybe you're expert enough to understand how to use their javaclient to 
make the verification, while we wait openssl to correct the bug.

I cannot understand how to do it.

I would appreciate, if you succeed, to explain me how to do it.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] 1.1 release being delayed

2016-05-23 Thread The Doctor

On Mon, May 23, 2016 at 01:15:45PM +, Salz, Rich wrote:
> ... in case you haven't noticed :)  Our announced release date for 1.1 has 
> come and gone.
> 
> We want to close many more bugs before we release it.  In the meantime, 
> please test against master or a daily snapshot or the last beta release.
> 
> Thanks for your patience!
>

No problem and hopefully for app developers will come on board.
 
> 
> --  
> Senior Architect, Akamai Technologies
> IM: richs...@jabber.at Twitter: RichSalz
> 
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Abuse a man unjustly, and you will make friends for him.  -Edgar Watson Howe
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] 1.1 release being delayed

2016-05-23 Thread Salz, Rich

... in case you haven't noticed :)  Our announced release date for 1.1 has come 
and gone.

We want to close many more bugs before we release it.  In the meantime, please 
test against master or a daily snapshot or the last beta release.

Thanks for your patience!


--  
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Help for Bug - time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing, certificate error:ts_rsp_verify.c:291:

2016-05-23 Thread Mario Scalabrino


Dear openssl users,

I'm struggling with the error below, I wrote to Openssl development in 
February 2016 but they are busy with the next release, I see they are 
aware of it in git/openssl and working on it.

https://github.com/openssl/openssl/pull/771


The bug is in the command ts -verify

|** openssl ts -verify -digest 
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 \ -in 
/tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem Verification: FAILED 
140236013643424:error:2F067065:time stamp 
routines:TS_CHECK_SIGNING_CERTS:ess signing certificate 
error:ts_rsp_verify.c:291:|


*

I need to verify programmatically that every timestamped document its' 
ok, it is very important for me to provide reliable timestamping from a 
trusted qualified European Union Timestamping Authority.




From what I understood the bug relates to the fact that the new TSA's 
certificates are not compatible with the old way openssl reads them, or 
their attribute or hashing. My understanding of it is very basic.




*Is there a patch that I can apply?

*The bug has been found in 2013
http://openssl.6102.n7.nabble.com/possible-Bug-in-OpenSSL-rfc-3161-TSA-service-tt43128.html#none

I also opened a thread here
http://stackoverflow.com/questions/35914327/error-0x2f067065-in-ts-rsp-verify-c291/35916523?noredirect=1#comment62213243_35916523

It seems that it has been mentioned also here in git
https://github.com/elabftw/elabftw/issues/242
https://github.com/openssl/openssl/pull/771


Here's my environment

Ubuntu 14.04 LTS guest of a Virtualbox VM in an openstack IaaS.
|OpenSSL 1.0.1f 6 Jan 2014 |
|||Server Info: Apache/2.4.18 (Ubuntu)
PHP Version: 5.5.34-1+deb.sury.org~trusty+1|
mysql  Ver 14.14 Distrib 5.5.49, for debian-linux-gnu (x86_64) using 
readline 6.3



Could you please help?


Thank you in advance

Cheers

Msca

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] EVP_PKEY_keygen fails on Travis with "invalid operation"

Re: [openssl-users] help with timestamping

Re: [openssl-users] 1.1 release being delayed

[openssl-users] 1.1 release being delayed

[openssl-users] Help for Bug - time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing, certificate error:ts_rsp_verify.c:291:

5 matches

Site Navigation

Mail list logo

Footer information