> While this may be reasonable advice for SNI, I'm not sure that
> this is correct for ALPN. I don't think it is actually possible
> to set the selected ALPN *without* using the ALPN callback. At
> least I can't see a way.
Correct, I wondered why I still used both callbacks.
But I also know
> I don't understand how to write the callback functions some of
> the OpenSSL ALPN functions expect, and the manual really isn't
> helping there either, so I'd like some help.
Use SSL_CTX_set_client_hello_cb to set a SSL_client_hello_cb_fn
function, which you can parse to get
>> I_ve a server application and need to support RSA and ECC
>> clients at the same time.
>
> Configure the server's SSL_CTX with both certificate chains and
> the private keys for the two entity certificates, and for older
> TLS versions the server will select the appropriate chain based
> on
> Yes. To make things even more complex, a few sites also have an
> older version of R3 that is directly signed by the DST root:
>
> - leaf <- R3 <- DST Root CA X3 (self-signed)
>
> but that's far from common at this point.
That old R3 root was issued last winter and got installed in
> I would like to see how the RSA* context parameter is filled in
> and used, but I can't find an example using the RSA provider.
This is an example I just created by building a OSSL_PARAM array with
OSSL_PARAM_construct_xx and calling EVP_PKEY_get_params.
I've been wondering if this is more
> I am implementing a JWS based specification using openSSL. My
> code is below, in pascal. I'm trying to reproduce this test case
> here: https://datatracker.ietf.org/doc/html/rfc7515#appendix-A.3.1
>
> I get a different outcome from EVP_DigestSignInit /
> EVP_DigestUpdate /
You could
> For JWS signing in relation to Letsencrypt (my use case for this
> - mKey is a RSA keypair in EVP_PKEY*):
My RSA signing is accepted fine by Let's Encrypt, it's trying to use
ECDSA keys that fails, despite OpenSSL verifying my JWS signing as ok.
Failed to Create Account:
> > Not looked at replacing low level RSA and EC APIs yet.
>
> We forced ourselves down that path because we had an internal
> policy to only build OpenSSL toolkit with 'no-deprecated'
Know I have to do it, but only really use low level stuff to build Json
Web Keys, and the EC keys I build for
> Just wanted to report that our private code update to move on
> from OpenSSL 1.1.1 to 3.0 Beta 2 is successful.
Likewise, I've updated our Windows code to use 3.0 easily, been running
one public web server for three weeks.
Only frustration has been the change of PKCS12 password encryption to
> The idea being that supporting existing users means not changing
> the existing API, whereas catering to new users means working
> towards a new fresh consistent API.
OpenSSL has been in use for getting on for 20 years (I think) and may
still be in use in another 20 years, so can not stay
Is it possible for a new NID and object to be added to support creating
and checking the Let's Encrypt ACME TLS-ALPN-01 challenge in which a
temporary X509 certificate is created with a specific X509v3 extension
containing shared information.
Currently, I get a new NID with:
> The second certificate seems garbaged at the 4th RDN of the
> issuerName.
> The Base64 edition might have added or deleted some characters.
Sorry, looks like my manual word wrapping lost a character:
-BEGIN CERTIFICATE-
MIIHbDCCBVSgAwIBAgIIO7L2MrGOOTMwDQYJKoZIhvcNAQELBQAwgYAxCzAJBgNV
More information, the original certificates supplied by the end user
had unwrapped base64 blocks, lines 2,500 long. I wrapped them for
email.
If I try the asn1parse command on the wrapped certificates, they now
attempt to parse, the OK is fine, the bad one now gives an error
message from
A client is having problems reading Polish Centum issued personal
certificates with OpenSSL 1.1.1, which read OK with 1.1.0 and earlier,
mostly.
Using PEM_read_bio_X509 with some of these certificates says
error::lib(0):func(0):reason(0), while the X509 command line
tool says 'unable to
If possible, a EC_KEY_get_public_key_affine_coordinates function would
be appreciated, so we can avoid using
EC_POINT_get_affine_coordinates_GFp. Unless I've missed a better
function to get raw x/y.
Perhaps also EC_KEY_get_curve_name?
Angus
> error:140E0197:SSL routines:SSL_shutdown:shutdown while in init,
> State: SSL negotiation finished successfully
And lots more similar overnight:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init, State:
TLSv1.3 early data
It seems some browsers open three to five sockets at the
> Is it possible the browsers are trying to send early data?
I doubt it, I was not reporting the error, trying to report errors
before they disappear with clean-up code is an art, and does not always
work, so mostly I now see:
error::lib(0):func(0):reason(0), State: TLSv1.3 early data,
> > My public web servers shows several handshake failures daily
> > due to 'TLSv1.3 early data', sometimes after a previous
> > successful TLSv1.3 connection, but not always.
>
> Do you have specific error messages?
I seem to only report the state rather than an error once the socket is
My public web servers shows several handshake failures daily due to
'TLSv1.3 early data', sometimes after a previous successful TLSv1.3
connection, but not always.
I'm not currently attempting to handle any early data, I thought it was
disabled by default.
Is there something I should be doing
> There isn't a key specific format for Ed25519.
> You need to use i2d_PUBKEY() for that.
I used EVP_PKEY_get_raw_public_key which got added for these raw keys,
works fine for Ed25519.
On the EVP_PKEY_get_raw_public_key.html page, it would help if it
mentioned that *len should be set to the
> > It seems the EVP_PKEY_RSA_PSS addition was only committed 28th
> > October 2019, so need to wait for 1.1.1e, hopefully real soon...
>
> Ah, that explains it!
Now tested with 1.1.1e-dev and I can generate a JWK from an RSA-PSS key.
Since JWK is for signing, I also tried to support ED25519
> > Agreed, code looks clear enough, but was this was for 1.1.1 or
> > master?
>
> This code looks the same in 1.1.1 and master.
It seems the EVP_PKEY_RSA_PSS addition was only committed 28th October
2019, so need to wait for 1.1.1e, hopefully real soon...
RSA_get0_pss_params as well would be
>> Sorry. My mistake. I actually meant what does EVP_PKEY_id()
> return.
Also returns 912, the same as base_id. RSA keys both return 6.
> So if you get EVP_PKEY_RSA_PSS returned from that I don't
> currently understand how this:
>
> RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
> {
> if
> What does EVP_PKEY_base_id() return for your pkey? How did you
> create it?
base_id is 912, EVP_PKEY_RSA_PSS=NID_rsassaPss.
But my code is Pascal so not using your header files directly, seems
okay though.
It was created with OpenSSL APIs and EVP_PKEY_print_private reports:
RSA-PSS
> > I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key,
> > but this does not work for RSA-PSS.
>
> In what way does this not work?
error:0607907F:digital envelope routines: EVP_PKEY_get0_RSA:expecting
an rsa key
> I notice that 3.0 recently had the accessor RSA_get0_pss_params()
>
Google has started using RSA-PSS private keys for Json Web Keys.
I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, but this
does not work for RSA-PSS. EVP_PKEY_print_private does work OK, but
parsing data from the output is messy.
EVP_PKEY_set_alias_type seemed worth a try, but
> I'm curious if there's any consideration being given to updating
> the API for existing interfaces, and/or checking the APIs of any new
> interfaces for issues that are seen in the current API.
Also replacing all C macros such as those for SSL_CTX_ctrl with proper
external functions.
This
> The 32bit OpenSSL 1.1.0i library 'libeay32.dll' fails for
> binscope GSCheck on Windows.
This must be a customised non-standard library, since 1.1.0 does not
build with that name, but as libcrypto-1_1.dll.
Angus
--
openssl-users mailing list
To unsubscribe:
> Some Chrome browsers seem to be hitting https://www.tls13.net/
> with versions from Chrome/70.0.3534.4 upwards to Chrome/71.0.3544.0
Some of my public web servers are now on yesterday's version, three
TLSv1.3 users today, two with Firefox 63, one with
Chrome/68.0.3440.106+Safari/537.36.
I
> IIUC, only Firefox nightly as of approximately today will support
> the final RFC 8446 version;
Firefox 63.0b5 works OK with OpenSSL 1.1.1, think it came Tuesday.
https://download.mozilla.org/?product=firefox-beta-stub=win=en-U
S
> I haven't looked into Chrome yet.
My versions don't work
> Personally, I see this as a showstopper re a release on Tuesday,
> but I think it's on all of us to come to an agreement, that is
> unless we actually do label and fix everything that needs fixing
> 'til Monday evening (Euro time)...
The planned Tuesday release was only another beta, albeit
> I hit the exactly the same issue as the one reported here -
> http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visua
> l-Studio-2010-fails-self-tests-tt36372.html#a36391
>
> Anybody knows if a solution is available now?
That is an eight year old message for an obsolete OpenSSL
Is there any way that Encrypted Server Name Indication will make the
1.1.1 release, or is too late or too experimental?
Angus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> In order to implement SNI you need an SNI callback
> The callback should return:
>
> SSL_TLSEXT_ERR_OK, if it successfully processed the SNI
> SSL_TLSEXT_ERR_ALERT_WARNING, to send a warning alert back
> SSL_TLSEXT_ERR_ALERT_FATAL, to send a fatal alert back
> SSL_TLSEXT_ERR_NOACK, to continue
> The get_session_cb is only ever called for servers. The
> new_sesion_cb and remove_session_cb can be called for clients and
> servers.
>
> When you refer to the the "TLSv1.3 notes" do you mean this page?
> https://wiki.openssl.org/index.php/TLS1.3
Yes, sorry I should have said
I'm reading the TLSv1.3 notes that suggest SSL_CTX_sess_set_get_cb is
called for both clients and servers, but am confused by the
documentation.
The 1.1.1 manual page still starts 'provide callback functions for
server side external session caching' with no mention of clients.
I'm updating
> This is very useful! Can you post an udate to the wiki?
> https://wiki.openssl.org/index.php/Binaries
Wiki has been updated with details of the binaries and download
locations.
Angus
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
018 15:48:41 +
On 21/02/18 17:31, Angus Robertson - Magenta Systems Ltd wrote:
> Can I please have an account on the wiki, I'm already on the mailing
> lists.
Hi Angus
Please could you some examples of changes that you wish to make on the
wiki? Please be specific.
Also, what username
Windows developers may be interested in our Win32 build of OpenSSL
1.1.1-pre1 (alpha), the binaries are digitally code signed 'Open Source
Developer, François PIETTE', the lead developer for the Delphi Internet
Component Suite project. About half way down the page at:
> > If there an equivalent for EC_GROUP to get x and y?
>
> Do you mean for an EC_POINT? If so then:
> EC_POINT_get_affine_coordinates_GFp() or
Thanks, JKW now built for both key types in 1.1.0.
I guess my function would be useful to others as EVP_PKEY_to_JWK_bio or
something, unfortunately
>> I've not yet found any helpers for getting n and e any other way.
> RSA_get0_key()?
Perfect, should have been able to find that myself...
If there an equivalent for EC_GROUP to get x and y?
Angus
--
openssl-users mailing list
To unsubscribe:
I need to create a Jose JWK from the public part of a private key in a
PEVP_PKEY, with 1.1.0.
I've done it using the old struct rsa_st from 1.0.2 and
EVP_PKEY_get1_RSA, and then converting the n and e BIGNUMs to binary
(and then to Base64Url).
This still works in 1.1.0 although rsa_st has
I'm updating our Delphi SSL code to support 1.1.1 in addition to 1.0.2
and 1.1.0, common code with a few version checks. This is using Windows
10.
With 1.1.1, SSL connections fail to initialise, failing with the first
BIO_read after setting up the context and BIOs. There is no real error
(I can
I'm creating X509 certificate requests and certificates in code, trying
to add X509v3 Subject Alternative Name, with 1.1.0f.
But if I add a list of four domains, ie:
www1.mydomain
www2.mydomain
www3.mydomain
www4.mydomain
The certificate seems to ignore some and repeat others:
X509v3
44 matches
Mail list logo