On 11/10/21, 15:20, "openssl-users on behalf of Dr Paul Dale"
wrote:
>
> I'm pretty sure the underlying problem is that there is a call to
> RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the
> latter).
Probably...
> These completely replace the built in RNG
OpenSSL doesn't have a global lock.
You could implement a single lock in the engine. Grab it immediately on
entry and release just before exit.
Pauli
On 11/11/21 8:24 am, Shariful Alam wrote:
Hello,
I understand this is a weird question. I have an OpenSSL engine only
for RSA. And I have
Hello,
I understand this is a weird question. I have an OpenSSL engine only for
RSA. And I have apache installed that uses this OpenSSL engine for the
HTTPS connection.
I was wondering if it is possible to use a global lock with the OpenSSL on
mod_ssl call? So that, only one mod_ssl thread cal
I'm pretty sure the underlying problem is that there is a call to
RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the
latter).
These completely replace the built in RNG infrastructure with the
RAND_METHOD/engine. If the engine then fails to produce output for any
reason,
Yes, it's related to https://github.com/openssl/openssl/issues/16996, and yes -
the same solution worked.
There's something wrong with how PKCS#11 engine deals with (or presents itself
as) rand provider.
In any case, removing PKCS#11 engine from the [engines] section alleviated this
problem.
So the obvious question is how are you linking? Do you link in libssl?
Matt
On 10/11/2021 09:29, Kumar Mishra, Sanjeev wrote:
Hi,
I have used SSL_SESSION_new() and SSL_SESSION_free() API of OpenSSL3.0
while upgrading my code from 1.0.1 to 3.0. But I am getting following
linking error.I
Just chiming in quickly to mention that this could be related to
https://github.com/openssl/openssl/issues/16996
Nicola
On Wed, Nov 10, 2021 at 10:33 AM Tomas Mraz wrote:
>
> On Wed, 2021-11-10 at 03:38 +, Blumenthal, Uri - 0553 - MITLL
> wrote:
> > On 11/9/21, 22:23, "Dr Paul Dale" wrote:
Kindly explain the expected behavior from an engine when the application forks.
In case of an engine that uses system-wide resources and cannot work properly
when duplicated (forked), is it possible to enforce/hint the application in any
way to follow init-after-fork? Is there any guidelines for
Hi,
I have used SSL_SESSION_new() and SSL_SESSION_free() API of OpenSSL3.0 while
upgrading my code from 1.0.1 to 3.0. But I am getting following linking
error.I have already included file in it.Please suggest
changes
On Wed, 2021-11-10 at 03:38 +, Blumenthal, Uri - 0553 - MITLL
wrote:
> On 11/9/21, 22:23, "Dr Paul Dale" wrote:
>
> > Currently I've no idea and can't reproduce locally :(
>
> Maybe you'd know how to force the "-engine rdrand" path through
> "openssl.cnf"?
>
> > A rogue configuration
10 matches
Mail list logo
