I’m somewhat confused as to what I need to do to use ECDHE ciphers
(ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, etc). I’m hoping
this list can help, or at least point me to a good tutorial somewhere. A lot of
the information I’ve looked at is from the following links:
On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni
wrote:
> On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
>
> > Oh, I can add extensions by signing and using the -extfile option, and
> > specifying a file with the specific options I want to give the
> > certificate. But I don't want
On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
> Oh, I can add extensions by signing and using the -extfile option, and
> specifying a file with the specific options I want to give the
> certificate. But I don't want to have to use an addon file, I want to
> add parameters to all
It looks like I need to call init() after new()
m_evpCtx = EVP_ENCODE_CTX_new();
EVP_EncodeInit(m_evpCtx);
From: openssl-users On Behalf Of
Floodeenjr, Thomas
Sent: Thursday, February 6, 2020 2:22 PM
To: openssl-users@openssl.org
Subject: RE: Migrating from 1.0.2 g to 1.1.1d
With the old init syntax in 1.0.2, EVP_EncodeInit(_evpCtx);, m_evpCtx->
length is initialized to '48'.
With the new syntax in 1.1.1, m_evpCtx = EVP_ENCODE_CTX_new();, m_evpCtx->
length is initialized to '0.
I believe this causes the while loop to loop forever until INT_MAX, thus
overrunning
This is driving me crazy. I have a CA, running on Debian 9, running
openssl 1.1.0. (this CA is for our organization internal use only, of
course). I can successfully sign requests. However, what I can't seem
to do, is add x509 extensions to the signed certificate, as part of
the openssl.cnf.
Oh,
Hello,
We are in the process of migrating from 1.0.2g to 1.1.1d. We adjusted to the
changes, we think, and everything compiles. Many things also execute correctly.
We are currently seeing a crash in EVP_EncodeUpdate() after we process most of
our data. (last line of the while loop, line 202,
If you are using RSA, maybe it should be useful to look at some RSA
implementations, such as engines/e_devcrypto.c
On Thu, Feb 6, 2020 at 7:23 PM Pedro Lopes
wrote:
> Hello,
>
> I'd like that my callback is called when a sign/verify is being requested
> by
> *EVP_DigestSignFinal()* function.
>
Hello all,
I'm newly registered to this group. To get the introductions out of the
way, I'm a long time contributor to various open source and open standards
projects, including sitting on the Technical Steering Committee for Node.js.
I understand that Rich Salz recently posted the following
Hello,
I'd like that my callback is called when a sign/verify is being requested by
*EVP_DigestSignFinal()* function.
I've tried add a EVP_PKEY_METHOD to app_methods stack, that works good
however doesnt fit on my solution.
I noticed that creating an engine and set pkey methods there, it could
A month ago Tim said[2] that PR 8797[1] requires on OMC decision on “whether or
not QUIC in this manner of approach should be added into OpenSSL at this time.”
To save you a click, this PR adds API’s to OpenSSL so that Google’s open source
QUIC implementation can be built on top of OpenSSL.
> Is it valid to call:
>
> size_t size = SSL_get_finished(ssl, NULL, 0);
No
> Because SSL_get_finished invokes memcpy even if the size is 0, so is the
> undefined behaviour?
Yes
Thanks for the suggestion Michael. We have removed all duplicates of
"opensslconf.h" from our code stack. With those changes, we see all errors
related to "DEPRECATEDIN_1_1_0" are gone. Now, we are not seeing any errors
pointing to "bio.h". However, we have some other errors, where it points to
Is it valid to call:
size_t size = SSL_get_finished(ssl, NULL, 0);
So we can determine the length?
Because SSL_get_finished invokes memcpy even if the size is 0, so is the
undefined behaviour?
Thanks.
14 matches
Mail list logo