Upgrade openssl 1.0.2 to 1.1.1 guideline
Hi All, Is there any guideline for upgrading openssl version from 1.0.2 to 1.1.1? Thanks Bob
RE: ECDSA certificate question
Thanks Michael, I tried to invoke SM3 algorithm in command "openssl req -new -key eckey.pem -x509 -sm3 -nodes -days 365 -out cert.csr", unfortunately got the following error: 140320586413888:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:crypto/ec/ec_pmeth.c:331: -Original Message- From: Michael Richardson Sent: Tuesday, September 22, 2020 4:36 PM To: Yan, Bob Cc: openssl-users@openssl.org Subject: Re: ECDSA certificate question Yan, Bob via openssl-users wrote: > Is there a way to generate a ECDSA certificate with SM2 typed public > key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x > version? I don't know the detail with the SM3, part, but have you seen: https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-09 https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki but, 1.1.1 release notes say it supports SM3. I expect you need to tweak something when "openssl req" is run. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
ECDSA certificate question
Hello everybody, Is there a way to generate a ECDSA certificate with SM2 typed public key and ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x version? Thank you very much! Bob
[openssl-users] Lock for SSL_accept method
Hi All, I used a mutex lock to prevent the SSL_accept() method being called by multiple thread concurrently since it may get coredump if there is no lock on SSL_accept() method. I am just wondering is the lock is still needed for openssl 1.0.2e version? mutex.lock(); int rt = SSL_accept(SslSessionObject); mutex.unlock(); Thank you very much! Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Certificate Comparison
Thanks Scott, it can be done. I am also looking for some functions which can compare the fingerprint of certificates -Original Message- From: Scott Neugroschl [mailto:scot...@xypro.com] Sent: Tuesday, September 19, 2017 11:30 AM To: Yan, Bob <b...@visa.com>; openssl-users@openssl.org Subject: RE: Certificate Comparison How about saving the received cert as a PEM file and comparing the two? -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Yan, Bob via openssl-users Sent: Tuesday, September 19, 2017 10:53 AM To: openssl-users@openssl.org Subject: [openssl-users] Certificate Comparison Hi All, I need to compare a received certificate object with a PEM-formatted certificate stored at local file system. Is there any openssl library functions or an easy way to compare these two certificates? Thank you very much! Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Certificate Comparison
Hi All, I need to compare a received certificate object with a PEM-formatted certificate stored at local file system. Is there any openssl library functions or an easy way to compare these two certificates? Thank you very much! Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
