I have the following code:
setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
{
BIO *output = BIO_new_ssl_connect (ctx);
if (!output)
{
return (NULL);
}
BIO_get_ssl (output, &ssl);
SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY);
SSL_set_verify (ssl, true, NULL);
Since I tried all that and it crashes, I am going ahead and giving you the
more details on how I created *cert/evp_pkey* objects.
*X509 *cert = PEM_read_bio_X509_AUX(cert_bio, NULL, NULL, NULL);*
*EVP_PKEY *evp_pkey = PEM_read_bio_PrivateKey(key_bio, NULL, NULL, NULL);*
I tried freeing both *c
I thought this had become documented recently (i.e., in master only, not
even in 1.1.0), but can't find any evidence of such documentation.
SSL_CTX_use_PrivateKey() takes a reference on its pkey argument in the
same way as SSL_CTX_use_certificate(); it is safe for the local code to
free its local
Is this documented some where?
Also is the same true - with SSL_CTX_use_PrivateKey(ctx, evp_pkey) ? where
I can free evp_pkey with EVP_PKEY_free()?
Thanks
Adi
On Tue, Oct 17, 2017 at 9:50 AM, Benjamin Kaduk wrote:
> On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote:
>
> I am only worried
On 10/17/2017 11:27 AM, Adi Mallikarjuna Reddy V wrote:
>> I am only worried about the following line.
>>
>> SSL_CTX_use_certificate(ctx, cert)
>>
>> After this line is it safe to free cert object while ctx is still
>> used later on?
>>
SSL_CTX_use_certificate(ctx, cert), on successful return, ta
I am only worried about the following line.
SSL_CTX_use_certificate(ctx, cert)
After this line is it safe to free cert object while ctx is still used
later on?
Thanks
Adi
On Tue, Oct 17, 2017 at 9:21 AM Benjamin Kaduk wrote:
> You only asked about freeing the X509, which is safe in this situa
You only asked about freeing the X509, which is safe in this situation.
It is not safe to free the SSL_CTX if you want to use it again later --
remove this SSL_CTX_free(ctx) call and put one in your program's cleanup
instead.
-Ben
On 10/17/2017 11:08 AM, Adi Mallikarjuna Reddy V wrote:
> Forgot
Forgot to mention that the ssl_ctx is going to be used by another thread
later. When I do x509_free, the handshake doesn’t finish.
I see a crash in ssl_accept.
Thanks
Adi
On Tue, Oct 17, 2017 at 8:41 AM Benjamin Kaduk wrote:
> On 10/17/2017 08:39 AM, Adi Mallikarjuna Reddy V wrote:
>
> Hi,
>
>
On 10/17/2017 08:39 AM, Adi Mallikarjuna Reddy V wrote:
> Hi,
>
> If I have an X509 object and is created using PEM_read_bio_X509_AUX(),
> then Can I free X509 right after the completion
> of PEM_read_bio_X509_AUX()?
>
> BIO *cert_bio = BIO_new(BIO_s_mem());
>
Hi,
If I have an X509 object and is created using PEM_read_bio_X509_AUX(), then
Can I free X509 right after the completion of PEM_read_bio_X509_AUX()?
BIO *cert_bio = BIO_new(BIO_s_mem());
X509 *cert = X509_new();
Hi All,
Am using openssl-fips-2.0.14 at server side on top of openssl1.0.2K.
Server is operating in FIPS mode(fips mode enabled thru FIPS_mode_set).
Created DSA2048 host key at server which is running in FIPS mode,
With this configuration when am trying to do SSH from ssh client am getting
below e
On 17/10/17 10:01, Grace Priscilla Jero wrote:
> Thank you Matt for the quick response.
> For "2," does it mean that every cipher suite can operate in multiple
> levels?
> I thought that there were specific set of cipher suites operating in
> each of the levels.
Not quite. The security levels l
The security levels are simply a classification of the cipher
suites by quality. Typically one would select all ciphers above
a certain level.
Most cipher suites work with all protocol levels >= a certain
level, with SSL2 (dead) and TLS1.3 (future) being exceptions.
Selecting something like "TLS
Thank you Matt for the quick response.
For "2," does it mean that every cipher suite can operate in multiple
levels?
I thought that there were specific set of cipher suites operating in each
of the levels.
Thanks,
Grace
On Tue, Oct 17, 2017 at 2:25 PM, Matt Caswell wrote:
>
>
> On 17/10/17 09:2
On 17/10/17 09:21, Grace Priscilla Jero wrote:
> Hi All,
>
> 1)
> The below APIs used to set the maximum and minimum versions are
> available in 1.1.0f version of OPENSSL.
>
> int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
> int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int v
Hi All,
1)
The below APIs used to set the maximum and minimum versions are available
in 1.1.0f version of OPENSSL.
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
int SSL_set_min_proto_version(SSL *ssl, int version);
16 matches
Mail list logo