Hi All,
I have a simple C++ client/server application, in which the clients use
OpenSSL's PSK (Pre-Shared-Key) mechanism to log in to the server via TLS --
i.e. the client GUI prompts the user to enter a username and password, and when
the client connects, it calls
Re: openssl-1.0.2r
Re: openssl-fips-2.0.16
OS: Linux Mint 19.1 (Ubuntu)
I have added a shared library initializer function to cryptlib.c to force
OpenSSL into FIPS mode, without requiring a “module operator” to directly
initiate (i.e. call FIPS_mode_set(1)).
void __attribute__((constructor))
On 06/06/2019 16:15, Raja Ashok wrote:
> Hi,
>
> Currently has_usable_cert() function is called on tls_choose_sigalg() to find
> out the suitable certificate available. But currently rsa_pkcs1_xxx and
> rsa_pss_rsae_xxx certs are stored on same index SSL_PKEY_RSA. Because of this
> it
> may
Hi,
Currently has_usable_cert() function is called on tls_choose_sigalg() to
find out the suitable certificate available. But currently rsa_pkcs1_xxx
and rsa_pss_rsae_xxx certs are stored on same index SSL_PKEY_RSA. Because
of this it may ends in choosing rsa_pkcs1_xxx cert for rsa_pss_rsae_xxx
I think the error messages are pretty clear in these cases. Trying to
set a hash with (standardized) EdDSA is not going to go well for you.
Have you tried this very nice walkthrough?
https://tools.ietf.org/html/draft-moskowitz-eddsa-pki-00
BBB
On Thu, Jun 6, 2019 at 9:47 AM Sowmya P wrote:
>
Hi ,
Have query regarding generation of X255519 and X448 certificate chain
Below is the script which i used to generate certificate chain of Ecdsa
type.
https://github.com/raja-ashok/sample_certificates/blob/master/ECC_Prime256_Certs/gen_ecc_cert.sh
Now for generating EdDSA certificate chain I