RE: Default certificate path taken by openssl

Hi Viktor, Thank you for the information. It was helpful. With Regards, Chethan Kumar -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Thursday, January 9, 2020 12:35 PM To: openssl-users@openssl.org Subject: Re

Default certificate path taken by openssl

-bundle.crt(\usr\lib\ssl\certs\ca-bundle.crt)" file in machine and we use our own ca-bundle.crt in another path. Is it ok to remove \usr\lib\ssl\certs\ca-bundle.crt file if we don't use this? Thanks in advance, Chethan Kumar The information contained in this e-mail message and in any attach

RE: SSL_get_fd

Any help would be much appreciated. What I want to know is whether SSL_get_fd() can be used to get fd which in turn can be used with getpeername() to know the other host communicating. Thanks in advance, Chethan Kumar From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf

SSL_get_fd

in knowing what is the issue. Thanks in advance, With Regards, Chethan Kumar The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify

SHA1_Init () is called through SSL_shutdown () in FIPS mode

in soap_serve_request () #18 0x0885fdee in soap_serve () As far as I know, SHA1_Init() is restricted when FIPS is enabled. I want to know, why SHA1_Init() was called even when FIPS is enabled. Let me know, if any more information is required to resolve the issue. Thanks in advance, Chethan Kumar

RE: Application linking to both libcrypto.so.1.0.0 and libcrypto.so.1.1

Dear all, Sorry for the inconvenience caused by not asking query clearly. Below is the output from ldd on application. Seriously I didn't knew application uses these many libraries[Knew only the problem]. linux-gate.so.1 (0xf76fc000) libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0

RE: Application linking to both libcrypto.so.1.0.0 and libcrypto.so.1.1

appens to be linked with an older OpenSSL version? Cheers, Richard On Tue, 28 May 2019 06:59:27 +0200, Chethan Kumar wrote: > > > Dear all, > > Any help for the below query would be appreciated. > > Thanks in advance, > > Chethan Kumar > > From: openssl-users [m

RE: Application linking to both libcrypto.so.1.0.0 and libcrypto.so.1.1

Dear all, Any help for the below query would be appreciated. Thanks in advance, Chethan Kumar From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Chethan Kumar Sent: Wednesday, May 22, 2019 11:35 AM To: openssl-users@openssl.org Subject: Application linking to both

RE: To get end point's IP address

nssl side. Is it ok if application set IP/hostname using SSL_set_tlsext_host_name() and at openssl side, we refer tlsext_hostname to log the message.? Thanks in advance, Chethan Kumar -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael W

Application linking to both libcrypto.so.1.0.0 and libcrypto.so.1.1

, what could be the possible reason. Thanks in advance, Chethan Kumar The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify

RE: To get end point's IP address

address.? Can applications acting as both server and client set this? Thanks in advance, Chethan Kumar -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael Wojcik Sent: Monday, May 20, 2019 7:35 PM To: openssl-users@openssl.org Subject

To get end point's IP address

, its giving proxy server's IP and not destination IP. Let me know how can achieve the same. Thanks in advance, Chethan Kumar The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information

RE: DIfference between s2_srvr.c, s3_srvr.c, s23_srvr.c and t1_clnt.c

. S23_clnt.c is called for SSLv3 and above. Or is it different.? Also, please let me know if there is any document/link which describes the codeflow when clienthello is received. Thanks in advance, Chethan Kumar -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org

DIfference between s2_srvr.c, s3_srvr.c, s23_srvr.c and t1_clnt.c

of ssl3_client_hello() in s3_srvr.c and client_hello() in s2_srvr.c Does ssl23_client_hello() is getting called internally for all versions? If so, can some please point where does this internal call happens. Thanks in advance, Chethan Kumar The information contained in this e-mail message and in any

RE: How to disable tls 1.0 and tls 1.1

l 12, 2019 9:21 PM To: Chethan Kumar ; openssl-users@openssl.org Subject: Re: How to disable tls 1.0 and tls 1.1 On 12/04/2019 15:50, Chethan Kumar wrote: > Thank to both Hubert Kario and Matt Caswell for your valuable information. > This group has helped a lot in gaining many insight

RE: How to disable tls 1.0 and tls 1.1

it got failed to execute by saying "unknown option -tls1_2". Any reason for that.? Thanks in advance, Chethan Kumar -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Matt Caswell Sent: Friday, April 12, 2019 7:28 PM To: ope

RE: How to disable tls 1.0 and tls 1.1

hod > do adding `no-tls1-method` and `no-tls1_1-method` produce the expected result? Yes, even after adding these options it produces the same result. I am confused what is the problem. Let me know if there is any other way to disable TLSv1.0 and TLS1.1 Thanks in advance, Chethan Kumar

RE: How to disable tls 1.0 and tls 1.1

l Message- From: Hubert Kario [mailto:hka...@redhat.com] Sent: Friday, April 12, 2019 4:50 PM To: Chethan Kumar Cc: openssl-users@openssl.org Subject: Re: How to disable tls 1.0 and tls 1.1 On Friday, 12 April 2019 06:47:54 CEST Chethan Kumar wrote: > > there is no "min"

RE: How to disable tls 1.0 and tls 1.1

in_proto_version() and SSL_CTX_set_max_proto_version() introduced in 1.1.X along with SSL_CTX_set_options(). I would like to know how to disable TLSv1.0 and 1.1 using configure option[CONFOPTS] in Makefile. Thanks in advance, Chethan Kumar -Original Message- From: Hubert Kario [mailto:hka...@redhat.com] Sent: Thursday

RE: How to disable tls 1.0 and tls 1.1

Adding to previous mail, We tried -DSSL_OP_NO_TLSv1 -DSSL_OP_NO_TLSv1_1 along with disabling SSLv2 and v1 but still client hello is sent using min and max as TLS1.0 and TLS1.2. Any idea what is wrong in our options and what should be used instead.? Thanks in advance, Chethan Kumar From

How to disable tls 1.0 and tls 1.1

, -DOPENSSL_NO_SSL3 and -DOPENSSL_NO_SSL2. Can someone please explain the difference. Thanks in advance, Chethan Kumar The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you

migration from openssl 1.0.2n to 1.1.1

issuer_and_subject); M_ASN1_New(ret->issuer,X509_NAME_new); M_ASN1_New(ret->subject,X509_NAME_new); M_ASN1_New_Error(199); M_ASN1_INTEGER_free(a->subject); Thanking you, With Regards, Chethan Kumar The information contained in this e-mail message and in any attachments/annexure

openSSL 1.1.1b compatibility with GLIBC

, Chethan Kumar The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure