RE: openssl 1.1.1h - Engine API in iOS static lib build
Able to do it by changing Configurations/15-ios.conf. Removed 'engine' from 'disable' list and then ran /config command. Regards, Madhu -Original Message- From: madhu.baj...@rimus-tech.com Sent: Monday, December 7, 2020 7:11 PM To: openssl-users@openssl.org Subject: openssl 1.1.1h - Engine API in iOS static lib build Dear openSSL team, While migrating from 1.0.2u to 1.1.1x, found that iOS libcrypto.a does not have engine API like engine_new etc. Tried building openssl with enable-static-engine and enable-engine Configure options but no success. Here is the Configure command being use: ./Configure iphoneos-cross enable-static-engine enable-engine --openssldir=<...> Please suggest what can be done to fix this? Regards, Madhu -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Re: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0
On 07/12/2020 14:26, Jakob Bohm via openssl-users wrote: >>> error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope >> This one was only ever used in the SSLv2 implementation. Since no one >> uses SSLv2 any more and it is considered highly insecure its >> implementation was removed some while ago. So the reason code was also >> deleted. > So what error is returned by SSL3/TLS1.x when the client (erroneously) > offers an empty cipher list? Offering no ciphers at all would actually be a protocol error (since the RFCs require at least one ciphersuite to be sent). We actually treat it the same way as if none of the clients offered ciphersuites match with the server's list. The error in this case is SSL_R_NO_SHARED_CIPHER. Matt
Re: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0
On 07/12/2020 12:39, Matt Caswell wrote: On 04/12/2020 13:28, Narayana, Sunil Kumar wrote: Hi, We are trying to upgrade our application from openssl usage of 1.0.2 to openssl 3.0, during which we observe following errors. Looks like the below #def been removed from 1.1 onwards, Should application also need to take off from its usage ? or is there any alternative to be used in application ? 1.0.x -> 1.1.x is a breaking change, and so is 1.1.x to 3.0. Return codes are liable to change in these upgrades. error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope This one was only ever used in the SSLv2 implementation. Since no one uses SSLv2 any more and it is considered highly insecure its implementation was removed some while ago. So the reason code was also deleted. So what error is returned by SSL3/TLS1.x when the client (erroneously) offers an empty cipher list? error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope This reason code existed in 1.0.2 but was never used by anything. Matt Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Soborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
openssl 1.1.1h - Engine API in iOS static lib build
Dear openSSL team, While migrating from 1.0.2u to 1.1.1x, found that iOS libcrypto.a does not have engine API like engine_new etc. Tried building openssl with enable-static-engine and enable-engine Configure options but no success. Here is the Configure command being use: ./Configure iphoneos-cross enable-static-engine enable-engine --openssldir=<...> Please suggest what can be done to fix this? Regards, Madhu -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Re: Regarding #def for 'SSL_R_PEER_ERROR_NO_CIPHER' and 'SSL_R_NO_CERTIFICATE_RETURNED' in openssl3.0
On 04/12/2020 13:28, Narayana, Sunil Kumar wrote: > Hi, > > We are trying to upgrade our application from openssl > usage of 1.0.2 to openssl 3.0, during which we observe following errors. > > Looks like the below #def been removed from 1.1 onwards, Should > application also need to take off from its usage ? or is there any > alternative to be used in application ? 1.0.x -> 1.1.x is a breaking change, and so is 1.1.x to 3.0. Return codes are liable to change in these upgrades. > error: 'SSL_R_PEER_ERROR_NO_CIPHER' was not declared in this scope This one was only ever used in the SSLv2 implementation. Since no one uses SSLv2 any more and it is considered highly insecure its implementation was removed some while ago. So the reason code was also deleted. > error: 'SSL_R_NO_CERTIFICATE_RETURNED' was not declared in this scope This reason code existed in 1.0.2 but was never used by anything. Matt