> On Jun 7, 2019, at 12:07 PM, Hubert Kario wrote:
>
> OTOH, the practice in TLS 1.2, and behaviour codified in TLS 1.3 RFC, is that
> if you have just one chain, give it to client and let it sort out if it likes
> it or not
Absolutely. The text in RFC5246 is a specification overreach
Hello everybody,
I'm working on tailoring openssl (v1.1.1b) for various purposes.
Trying to compile (sending the command make on the terminal of linux) it
looks quite good the building of every files. At the end the files
libcrypto.a and libssl.a are produced, but not the ones with the extension
When I run valgrind, I get thousands of errors (exactly like I used to get
before I turned on -Dpurify).
I've found this problem running g++ on the last 3 versions of Ubuntu (1804,
1810, and 1904)
Lewis.
On Friday, 7 June 2019 19:20:07 CEST Joshua Hutchins wrote:
> Hi, I'm pretty new to openssl (sort of new to being a developer to be
> honest).
> I am using libcurl to send pretty small HTTP requests every 5 or so
> minutes, using TLS. I'm trying to use some of the new features in TLS 1.3
> to
On Thu, Jun 6, 2019 at 2:34 PM Larry Jordan via openssl-users <
openssl-users@openssl.org> wrote:
> Re: openssl-1.0.2r
>
> Re: openssl-fips-2.0.16
>
> OS: Linux Mint 19.1 (Ubuntu)
>
>
>
> I have added a shared library initializer function to cryptlib.c to force
> OpenSSL into FIPS mode, without
Assuming your OpenSSL library is already FIPS capable you need to build and
link with the FIPS container library enable the integrity check in your app.
Details are in section C.1 of the FIPS user guide at
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
On Thu, Jun 6, 2019 at 2:34 PM Larry
Hi, I'm pretty new to openssl (sort of new to being a developer to be
honest).
I am using libcurl to send pretty small HTTP requests every 5 or so
minutes, using TLS. I'm trying to use some of the new features in TLS 1.3
to reduce the *size* of the handshake, as this is going to be going over
On Friday, 7 June 2019 14:42:26 CEST Raja Ashok wrote:
> > This was an area of some ambiguity in the TLSv1.2 spec where only
> > signature_algorithms exists. I believe it was common practice for
> > implementations to not check the signatures in certificates for
> > conformance with
> > this
Hi,
It looks as though SSL_check_chain() use within the cert_cb (as recommended)
was broken by PR 7257.
PR 7257 moves setting the shared_sigalgs to after the cert_cb takes place, but
deep down in the call stack, SSL_check_chain() has a dependency on
shared_sigalgs being set.
In 1.1.1, the
Thanks.
I had a trailing backslash on a source list, and it gobbled up the next line
which was an INCLUDE directive.
>
> This was an area of some ambiguity in the TLSv1.2 spec where only
> signature_algorithms exists. I believe it was common practice for
> implementations to not check the signatures in certificates for
> conformance with
> this (certainly that is the way OpenSSL behaves). The TLSv1.3 spec seems
The first thing to do is reconfigure, as that will regenerate the
Makefile.
Otherwise, the thing I can think of is if someone mixed up INCLUDE and
SOURCE in a build.info. The following in crypto/bn/build.info
would probably generate that kind of fault:
SOURCE[../../libcrypto]=../include
On 07/06/2019 07:27, Raja Ashok wrote:
> Thanks for the detailed explanation.
>
> So rsaEncryption cert can do both RSASSA-PKCS-v1_5 and RSASSA-PSS type
> signature. And also the digital signature present on the cert can be of type
> RSASSA-PKCS-v1_5 or RSASSA-PSS.
>
> Currently in 1.1.1c's
Thanks for the detailed explanation.
So rsaEncryption cert can do both RSASSA-PKCS-v1_5 and RSASSA-PSS type
signature. And also the digital signature present on the cert can be of
type RSASSA-PKCS-v1_5 or RSASSA-PSS.
Currently in 1.1.1c's has_usable_cert() function, digital signature
(Issuer's
Hi everyone,
I need to create a "authEnvelopedData"
(https://tools.ietf.org/html/rfc5083#2.1) ASN1 structure but I know how to
archive this. I tried with "PKCS7_encrypt" but here I got only "envelopedData".
I`ll try next with CMS_encrypt and to modify CMS_ContentInfo to add the
15 matches
Mail list logo
