> On Jun 10, 2019, at 4:41 PM, Paul Smith wrote:
>
>> As a safety measure, OpenSSL does not support "*.tld" wildcards.
>> The non-wildcard portion of the domain name needs to have at
>> least two labels. It seems I've neglected to document this... :-(
>>
>> You can have "*.domain.example", but
On Mon, 2019-06-10 at 15:14 -0400, Viktor Dukhovni wrote:
> As a safety measure, OpenSSL does not support "*.tld" wildcards.
> The non-wildcard portion of the domain name needs to have at
> least two labels. It seems I've neglected to document this... :-(
>
> You can have "*.domain.example", but
On Mon, 2019-06-10 at 20:12 +, Michael Wojcik wrote:
> > What I cut out was only the base64-encoded certificate.
>
> Yes. That was what we needed to see. The certificate.
Yep, that's my bad. Thanks for the reminder.
> As it turns out, you're hitting the OpenSSL restriction on wildcards
>
I don't know why you sent this to me directly rather than to the list.
> From: Paul Smith [mailto:p...@mad-scientist.net]
> Sent: Monday, June 10, 2019 12:54
> To: Michael Wojcik
>
> On Mon, 2019-06-10 at 18:49 +, Michael Wojcik wrote:
> > Argh. You cut out the actual relevant information. We
> On Jun 10, 2019, at 2:39 PM, Paul Smith wrote:
>
> On Mon, 2019-06-10 at 14:23 -0400, Viktor Dukhovni wrote:
>>> $ openssl s_client -connect admin0.domain:8004 \
>>> -CAfile ca.cert -verify_hostname admin0.domain
>>>
>>> ---
>>> Verify return code: 62 (Hostname mismatch)
>>
>> It
On Mon, 2019-06-10 at 14:23 -0400, Viktor Dukhovni wrote:
> > $ openssl s_client -connect admin0.domain:8004 \
> > -CAfile ca.cert -verify_hostname admin0.domain
> >
> > ---
> > Verify return code: 62 (Hostname mismatch)
>
> It seems that you've elided too much information. Is the
On Mon, Jun 10, 2019 at 01:52:06PM -0400, Paul Smith wrote:
> Note for my C client I have not set any special flags for matching, I'm
> just using the default and using SSL_set1_host() to add the hostname.
> But, I can't even get it to work with openssl itself.
>
> For example, here's a
I'm having problems trying to get wildcard matching working with
OpenSSL. Full hostname matching is working fine, but when my
certification uses a wildcard I always get an error. That includes
both with OpenSSL 1.1.1b linked into my normal client, AND with the
openssl CLI with a system default
Hi,
On Mon, May 13, 2019 at 12:50 AM Dr. Pala wrote:
> Hi All,
>
> I am having issues using AES GCM in EnvelopedData - in particular if I use
> AES CBC, that is ok, but when I try to use the GCM mode, I simply cannot
> finalize the data.
>
> If you want to use AES GCM, then you need
On Mon, Jun 10, 2019 at 03:21:16PM +, Patrick Regnouf via openssl-users
wrote:
> All is well and good when the program works on the linux PC and the
> handshake is succesful using the 0xc02f cipher. and that is linked to
> version 3.0.0 of openssl. on the embedded version, (linked with
> On Jun 10, 2019, at 10:54 AM, Jeremy Harris wrote:
>
>> |void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(SSL *,
>> SSL_SESSION *));|
>>
>>
>> How do we specify a user-defined callback data pointer in that call?
>
> You don't; you additionally use
>
Dear Users,
I have released version 5.55 of stunnel.
This release addresses a number of important Windows issues, including
security vulnerabilities.
Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
- Fixed a Windows local privilege escalation vulnerability
caused insecure
Hello all,
Hello all,
Presently writing a server/relay dealing with an h264 stream.
one of the threads' job is to establish a handshake with the browser requesting
the stream in order to feed the libsrtp2 with keys and salts and start
encrypting the h264 stream towards the browser.
all is well
On 10/06/2019 15:21, J. J. Farrell wrote:
> |void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(SSL *,
> SSL_SESSION *));|
>
>
> How do we specify a user-defined callback data pointer in that call?
You don't; you additionally use
SSL_CTX_set_msg_callback_arg()
which the OP said
On 10/06/2019 11:05, Jeremy Harris wrote:
On 10/06/2019 09:32, Viktor Dukhovni wrote:
On Mon, Jun 10, 2019 at 07:16:26AM +, shalu dhamija via openssl-users wrote:
Actually while setting the callback, we can not pass the
user-defined/application data.
You can however attach it to the SSL
In the unmodified directory:
$ make clean
$ make 2>&1 | tee /tmp/openssl-working-build.log
In the modified directory:
$ make clean
$ make 2>&1 | tee /tmp/openssl-broken-build.log
$ diff /tmp/openssl-working-build.log /tmp/openssl-broken-build.log |
${PAGER:more}
Take note of the differences in
Hi,
Earlier with openssl 1.0.2n version, I was using EVP_sha256 for creating
Certificate Signing Request and "TSS_HASH_OTHER" flag in
Tspi_Context_CreateObject.
Recently I upgraded openssl to 1.1.0g version and now am getting "Signature
Verify Failure" in my CSR. I have attached the
On 10/06/2019 09:32, Viktor Dukhovni wrote:
> On Mon, Jun 10, 2019 at 07:16:26AM +, shalu dhamija via openssl-users
> wrote:
>
>> Actually while setting the callback, we can not pass the
>> user-defined/application data.
>
> You can however attach it to the SSL connection handle as
The unmodified version works. As I said, it's sure the issue is on what I
added, but info from the building logs is not sufficient to figure out what
is the issue there. So as result of the building I have just:
- libcrypto.a
- libssl.a
- libcrypto.map
so what is missing are the
On Mon, Jun 10, 2019 at 07:16:26AM +, shalu dhamija via openssl-users wrote:
> Actually while setting the callback, we can not pass the
> user-defined/application data.
You can however attach it to the SSL connection handle as "ex_data":
Actually while setting the callback, we can not pass the
user-defined/application data. For example: void
SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int
(*new_session_cb)(SSL *, SSL_SESSION *));
When the callback arrives, I have SSL* and SSL_SESSION*. Earlier I was
Hello,
Starting from the rsa choice "rsa2048", there is crash due to segment fault
when running speed. RSA512 and rsa1024 doesn't have this issue.
Following is the call stacks, registers info when crash happened. It shows that
the register %rbp is zero at that point. The value of %rbp is set
22 matches
Mail list logo
