[openssl-users] Strange problem with 1.0.2f SSL_shutdown in multithreaded server

I am trying to upgrade an existing 3rd party multithreaded server from OpenSSL 1.0.2c to 1.0.2f . However when I do so, it starts mishandling the close_notify "alert". 1.0.2f seems to send the close_notify alert unencrypted followed by an encrypted decrypt_failed alert, where 1.0.2c correctly se

Re: [openssl-users] error when linking with OpenSSL library dynamically

On 01/02/2016 22:45, Viktor Dukhovni wrote: On Mon, Feb 01, 2016 at 10:21:49PM +0100, Martin Vegter wrote: I have a C program, which is using AES routines from the OpenSSL library. I have the necessary library installed (libssl-dev 1.0.1e-2+deb7u19): $ ls /usr/lib/x86_64-linux-gnu/libcrypto

Re: [openssl-users] error when linking with OpenSSL library dynamically

On Mon, Feb 01, 2016 at 10:21:49PM +0100, Martin Vegter wrote: > I have a C program, which is using AES routines from the OpenSSL > library. I have the necessary library installed (libssl-dev > 1.0.1e-2+deb7u19): > > $ ls /usr/lib/x86_64-linux-gnu/libcrypto.* > /usr/lib/x86_64-linux-gnu/libcr

[openssl-users] OpenSSL FIPS: OPENSSL_config() and self-tests

Hi All: Based on the OpenSSL FIPS user guide, the FIPS_mode_set API from the OpenSSL FIPS modules run a the necessary self-tests. I was wondering does the OPENSSL_config() API also run the self-tests? Thanks. ___ openssl-users mailing list To unsubscri

Re: [openssl-users] How to enable FIPS mode system-wide for the FIPS capable OpenSSL?

Thanks Steve. I think the way to use OPENSSL_config() and openssl.conf basically still requires each application to explicitly invoke OPENSSL_config() API in order to truly enable the FIPS mode, is that correct? If that's the case, then basically there's no way to really globally enable the FIPS

[openssl-users] error when linking with OpenSSL library dynamically

Hello, I have a C program, which is using AES routines from the OpenSSL library. I have the necessary library installed (libssl-dev 1.0.1e-2+deb7u19): $ ls /usr/lib/x86_64-linux-gnu/libcrypto.* /usr/lib/x86_64-linux-gnu/libcrypto.a /usr/lib/x86_64-linux-gnu/libcrypto.so /usr/lib/x86_64-li

Re: [openssl-users] Certificate verification failure

Thanks Jan, When I am using the CApath, I do have the symbolic hash link (with ".0" at the end hash) linked to my ca-root.pem certificate file and ca-intermediate.pem certificate. Any other issues which could cause this issue? -Original Message- From: openssl-users [mailto:openssl-user

[openssl-users] config no-symlinks option generates an issue on AIX for version 1.0.2f (and 1.0.1r)

Hi, I'm trying to build last versions of OpenSSL on AIX 6.1, as RPMs with .spec files. With versions 1.0.1p and 1.0.2d , on same machine, my .spec file works perfectly. Now, with versions 1.0.1r and 1.0.2f, my .spec file (changing 1.0.2d to 1.0.2f) breaks as: make[2]: Entering directory '/hom

[openssl-users] How do I verify the pin of USBKEY?

hello it's not relative to the OPENSSL diretly,however I have no idea totally except to send email to you.please help me,although I'm not familiar with CryptoAPI program,however with Google,I have written the following code, I have two questions on CSP program,I'm using Win7 & Visual Studio

Re: [openssl-users] Certificate Chain Verify Error

Hi Frank, Now it's properly working! I was not aware I have to call that function to use OpenSSL algorithms. Thank You very much :) Cheers, Nicholas 2016-02-01 13:30 GMT+01:00 Frank Migge : > Hi Nicholas, > > Not calling OpenSSL_add_all_algorithms(); at the beginning could cause > it? > > Che

Re: [openssl-users] Certificate Chain Verify Error

Hi Nicholas, Not calling OpenSSL_add_all_algorithms(); at the beginning could cause it? Cheers, Frank Nicholas Mainardi Monday, February 01, 2016 8:57 PM I wrote this small program which takes as input X509 certificates, base64-encoded, parse them and buil

[openssl-users] Certificate Chain Verify Error

I wrote this small program which takes as input X509 certificates, base64-encoded, parse them and build a certificate chain, which is eventually verified by x509_Verify_cert(). The last certificate is added to the trusted store if it's self-signed, in order to avoid OpenSSL policy about self.signed

Re: [openssl-users] Certificate verification failure

Yan, Bob wrote: Dear Sir/Madam, I have an application which acting as SSL server. When the application loads the root and intermediate CA files from a CA path, the handshake between my application and openssl client was failed at the point when my application was authenticating the client’s