true;
cout << "SEV EC verification Succesful" << endl;
Could it be because I'm creating a ECDSA SIG object and then turning it into a
der format to verify? Again, suggestions would be appreciated.
Thank you!
Diego Gonzalez Villalobos
-
hen I reach EVP_DigestVerifyFinal is showing this error:
Failed Final Verify error:0395:digital envelope routines::no operation set
I have been playing around with it for a while, but I am stuck at this point.
Any advice would be appreciated.
Thank you,
Diego Gonzalez Villalobos
-
> From: openssl-users On Behalf Of Michael
> Ströder via openssl-users
> Sent: Sunday, 18 September, 2022 04:27
>
> On 9/18/22 06:09, Philip Prindeville wrote:
> >> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users us...@openssl.org> wrote:
> >&
On 9/18/22 06:09, Philip Prindeville wrote:
On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users
wrote:
You still haven't explained your threat model, or what mitigation
the application can take if this requirement is violated, or why
you think this is a "best practice". >
desktop to wget in the VM.
-Ursprüngliche Nachricht-
Von: openssl-users Im Auftrag von Viktor
Dukhovni
Gesendet: Freitag, 16. September 2022 16:22
An: openssl-users@openssl.org
Betreff: Re: AW: [EXTERNAL] Stricter pathlen checks in OpenSSL 1.1.1 compared
to 1.0.2?.
On Fri, Sep 16, 2022
Oops, sorry. The correct intermediate is of course also SN2.
http://sm-pkitest.atos.net/cert/Atos-Smart-Grid-Test.CA.2.crt
Fingerprint a0 6d 32 c3 56 7d 8e 20 0f a3 8e d3 d0 0a 04 21 2a 0a 1e ae
I’ve also asked my colleagues why the download is http instead of https…
Von: openssl
at only have SN1 as a trust anchor to
verify certificates issued by SN2. But wouldn’t they stumble over pathlen too?
My colleague doing the verifying initially had all three sm-test-root.ca
certificates in his CAfile and OpenSSL 1.1.1 picked the path with the link
certificate. Onc
diagnosing the issue.
Thanks,
Corey
From: openssl-users On Behalf Of Andrew
Lynch via openssl-users
Sent: Friday, September 16, 2022 4:32 AM
To: openssl-users@openssl.org
Subject: AW: [EXTERNAL] Stricter pathlen checks in OpenSSL 1.1.1 compared to
1.0.2?.
So is this a possible bug
Dear OpenSSL Team,
While migrating to OpenSSL 3.0 we are facing issue with use of
DH_generate_key(). Getting dh->pub_key NULL.
Logic used is as given below, I have omitted the error handling code.
* p and g buffer is of type unsigned char *
* p_len is 128 and g_len i
So is this a possible bug or a feature of OpenSSL 1.1.1? (using 1.1.1n right
now)
If I set up the content of CAfile or CApath so that E <- D <- C <- A is the
only path that can be taken then the validation fails with
error 25 at 3 depth lookup: path length constraint exceeded
If
> From: openssl-users On Behalf Of Philip
> Prindeville
> Sent: Thursday, 15 September, 2022 15:41
> I was thinking of the case where the directory containing the keys (as
> configured) is correctly owned, but contains a symlink pointing outside of
> that directory som
On 9/15/22 15:40, Philip Prindeville wrote:
I was thinking of the case where the directory containing the keys (as
configured) is correctly owned, but contains a symlink pointing outside of that
directory somewhere else... say to a file owned by an ordinary user.
In that case, as has been
C5280 and X.509, the
pathlenConstraints contained in the certificate of the Trust Anchor (here,
A or B) is not taken into account. Therefore, the only ones that matter are
the values set in C and D, and these values are coherent with both chains.
On Thu, Sep 15, 2022 at 7:34 PM Andrew Lynch via openssl-
Hi,
I would like to have my understanding of the following issue confirmed:
Given a two-level CA where the different generations of Root cross-sign each
other, the verification of an end-entity certificate fails with OpenSSL 1.1.1 -
"path length constraint exceeded". With Ope
.
So... what's the Best Practices list for handling private key materials? Has
anyone fleshed this out?
This is not really related to openssl, but I will tell you what you are
likely to hear in another setting:
In most cases, applications are not really aware of symlinks, unless
they have been
> From: openssl-users On Behalf Of Philip
> Prindeville
> Sent: Tuesday, 13 September, 2022 14:17
>
> I'm working on a bug in an application where the application config is given
> the directory path in which to find a key-store, which it then loads.
>
> My issue is t
Dear Users,
I have released version 5.66 of stunnel.
### Version 5.66, 2022.09.11, urgency: MEDIUM
* New features
- OpenSSL 3.0 FIPS Provider support for Windows.
* Bugfixes
- Fixed building on machines without pkg-config.
- Added the missing "environ" declaration for
and the rsa_set0_key function
to create the RSA public key and then used RSA_public_decrypt to decrypt the
signature and RSA_verify_PKCS1_PSS to verify it. This whole workflow is now
deprecated.
//OPENSSL 1.1.1 Code
SEV_ERROR_CODE AMDCert::amd_cert_validate_sig(const amd_cert *cert
On 9/4/22 01:55, Roger James via openssl-users wrote:
As I mentioned in an earlier post you need version 1.1 or later of
openssl to successfully validate post September 30, 2021 Lets Encrypt
certificates. The version on your Centos system is 1.0.
The CentOS system was just another VM I ran
As I mentioned in an earlier post you need version 1.1 or later of openssl
to successfully validate post September 30, 2021 Lets Encrypt certificates.
The version on your Centos system is 1.0.
On 9/3/22 16:07, Viktor Dukhovni wrote:
Post the output of:
$ openssl crl2pkcs7 -nocrl -certfile
/etc/ssl/certs/local/DOMAIN.wildcards.pem |
openssl pkcs7 -print_certs -noout |
perl -ne 'BEGIN{$/="\n\n\n"} s/\n+/\n/g; print $_, "\n"'
subject=CN = DOMAIN
issuer=C = US, O
Hi all,
When the openssl interactive mode was still possible, you could set up an
engine and then use it as follows:
OpenSSL> engine -t dynamic -pre
SO_PATH:/usr/lib64/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/pkcs11/onepin-ope
On 9/2/22 21:42, Shawn Heisey via openssl-users wrote:
Other bare metal systems and their results with the same PEM file:
Verifies on Proxmox (the one running the VM) with openssl 1.1.1n
Verifies on Ubuntu 22.04 with openssl 3.0.2
Fails on CentOS 7.5.1804 with openssl 1.0.2k-fips
Additional
On an AlmaLinux 8.6 VM hosted in Proxmox:
[root@certs ~]# openssl verify -CAfile
/etc/ssl/certs/local/DOMAIN.wildcards.pem
/etc/ssl/certs/local/DOMAIN.wildcards.pem
C = US, O = Let's Encrypt, CN = R3
error 2 at 1 depth lookup: unable to get issuer certificate
error /etc/ssl/certs/local
knew to do so. Also, a thief can
> break your window and get into your car, so you might as well leave
> them rolled down all the time.
>
> The question wasn't "Should I care that..." or "Is it a good idea
> to...". It was "Can OpenSSL 3 do this".
&
> > It is not clear what threat model warrants taking special action when
> > the client certificate is not requested. It could equally be
> > requested and then largely ignored.
>
> A client in a highly secured network knows that every server it connects to
> will
> require a client
OpenSSL 1.1.1 full support expires on 2022-09-11; it then enters
security-fix-only mode until 2023-09-11.
Are there any plans for a final bug-fix release of 1.1.1 in the next couple
weeks (and hopefully a 3.0 release as well)?
--
-Todd Short
// tsh...@akamai.com
// "One if by land
the invalid encodings are not surviving contact with my d2i_ABC()
functions.
I'm using openssl 1.1.1o, I should say. I should also add these
structures on the cards are read-only, so I can't even fix them, I just
have to deal with them.
These are the 2 invalid encodings I have seen:
First, a bit-string
Trying to compile OpenSSL using Bootlin tool chains for ARMv5 UCLIBC found at
https://toolchains.bootlin.com/
Does anyone have recent experience compiling OpenSSL 1.1.1 specifying alternate
tool-chains?
What commands did you use?
Thanks
> Le 20 août 2022 à 08:17, b1...@b1bb2.com a écrit :
>
> I am experimenting with
> https://github.com/openssl/openssl/archive/refs/heads/master.zip openssl
> 3.1.0 Source Distribution archive
You, probably, should not. This is unreleased development code.
Current release is 3
Dear Users,
I have released version 5.65 of stunnel.
On Windows, this release fixes a high severity OpenSSL vulnerability:
https://www.openssl.org/news/secadv/20220705.txt
### Version 5.65, 2022.07.17, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.5.
* Bugfixes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL Security Advisory [5 July 2022]
===
Heap memory corruption with RSA private key operation (CVE-2022-2274)
=
Severity: High
The OpenSSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 3.0.5 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.5 of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1q released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1q of our open
Hi Matt,
What would it take to expose this?
Also would you accept a patch if we implement what’s missing?
Thank You
James
On 6/20/22, 10:13 AM, "Matt Caswell" wrote:
On 20/06/2022 15:11, Rouzier, James via openssl-users wrote:
> Hey Guys,
>
> Is it po
state of the TLS handshake so that any server
can pickup where the previous server left off.
Is this possible with the current API of openssl?
James
On 6/14/22 08:03, Ing. Martin Koci, MBA wrote:
Hello,
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.4, 1.1.1p.
These releases will be made available on Tuesday 21st June 2022
between 1300-1700 UTC.
These are security-fix releases. The highest
On 6/10/22 03:48, Matt Caswell wrote:
On 09/06/2022 21:13, Dennis Clarke via openssl-users wrote:
On 6/9/22 15:33, Dmitry Belyavsky wrote:
It happens because of certificates expiration. Try applying the patch
from
https://github.com/openssl/openssl/pull/18444
Oh cool. Thank you. Sadly I
On 6/9/22 16:13, Dennis Clarke via openssl-users wrote:
On 6/9/22 15:33, Dmitry Belyavsky wrote:
It happens because of certificates expiration. Try applying the patch
from
https://github.com/openssl/openssl/pull/18444
Oh cool. Thank you. Sadly I do not see a patch file there.
Do you mean
On 6/9/22 15:33, Dmitry Belyavsky wrote:
It happens because of certificates expiration. Try applying the patch from
https://github.com/openssl/openssl/pull/18444
Oh cool. Thank you. Sadly I do not see a patch file there.
Do you mean this ?
https://raw.githubusercontent.com/t8m/openssl
On 6/9/22 13:48, Dennis Clarke via openssl-users wrote:
On 6/9/22 13:24, Dennis Clarke via openssl-users wrote:
* baffled *
Merely a self-reply here : out of the box and with nothing in the
10-main.conf the software compiles. I see no standards spec and there
are other things I would
On 6/9/22 13:24, Dennis Clarke via openssl-users wrote:
* baffled *
Merely a self-reply here : out of the box and with nothing in the
10-main.conf the software compiles. I see no standards spec and there
are other things I would like to see but for now the out of the box
stuff sseems
* baffled *
After many many various incantations and a few coffee I can not get past
this strange nested pile of ifdef's to allow usleep() to exist :
make depend && make _build_sw
make[1]: Entering directory `/opt/bw/build/openssl-3.0.3_rhel6_amd64.004'
make[1]: Leaving directory
I know that we need
* ocsp responder cert for verifying the signature of ocsp response,
* CA issuer cert to generate CERTID for ocsp request
and
* ocsp requestor can choose to sign ocsp request using a signer certificate.
But instead of having users set that as 3 different settings, I am
> From: openssl-users On Behalf Of Matt
> Caswell
> Sent: Tuesday, 24 May, 2022 07:43
> To: openssl-users@openssl.org
> Subject: Re: using TLS (>1.2) with more than one certificate
>
> On 24/05/2022 13:52, tobias.w...@t-systems.com wrote:
> > I’ve a server appli
Bonjour,
OpenSSL 3 changed the default ciphers used to protect the private keys and
certificates when creating a PKCS#12, to use something less aging.
Try adding a "-legacy" when creating the PKCS#12 file with OpenSSL3 and see
if keytool can read it.
On Thu, May 19, 2022 at 11:53
I am trying to wrap my head around the keying material I can access
within my TLS client application using OpenSSL 3.0.3
I have `SSL_CTX_set_keylog_callback` set to just printf() the lines.
I also have the following code to extract the client random:
unsigned char * keymat = malloc(48);
const
s said about CA certificates with SHA1 signatures and some
> implementations will now reject these as non-compliant even if they were
> issued before 2013.
>
> On Thu, 2022-05-12 at 17:40 +0200, egoitz--- via openssl-users wrote:
>
> Please ignore the line below I said regards in
is last way, does not convince me... so I have started debugging what
> exactly was causing the the problem. I saw, that sha1 is not allowed as a
> signing valid algorithm for SECLEVEL 2. So, I tried moving the CA to a more
> recent testing machine (with a newer OpenSSL 1.1.1l-freebsd),
= DEFAULT@SECLEVEL=1_
But this last way, does not convince me... so I have started debugging
what exactly was causing the the problem. I saw, that sha1 is not
allowed as a signing valid algorithm for SECLEVEL 2. So, I tried moving
the CA to a more recent testing machine (with a newer OpenSSL
1.1.1l
Dear Users,
I have released version 5.64 of stunnel. This release only includes Windows
fixes and improvements.
### Version 5.64, 2022.05.06, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.3.
* New features
- Updated the pkcs11 engine for Windows.
* Bugfixes
used to sign data:
openssl dgst -sha1 -sign tests/keys/rsa_key1.key datatosign > signing
openssl pkeyutl -inkey tests/keys/rsa_key1.key -in <(openssl dgst -sha1
-binary datatosign) -sign -pkeyopt digest:sha1 > signing
and you can display the signature either way (this will not "ve
Just wondering if Apple OS is compatible with OPenssl 3 .
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOT
I am using OpenSSL 1.1.1k Version, From that I see following are done in
OpenSSL code, pls correct me if I am wrong.
Inside SSL_new:
SSL *SSL_new(SSL_CTX *ctx){ SSL *s; ... ... s =
OPENSSL_zalloc(sizeof(*s)); SSL_CTX_up_ref(ctx);
s->ctx =
Hi,
I have recently started developing using OpenSSL and i am confused/unclear
about below topic.
Request you to help me.
I am running a DTLS Server which handles more than 1000 connections.The problem
i am facing is every time I close connections and also connect again I see
there is some
Hello,
Seems our email system scrubbed the response to my question because it was a
link.
Could I ask the response be sent to the follow email instead,
chiliquing...@outlook.com
Thanks!
Message: 3
Date: Fri, 1 Apr 2022 18:14:38 +
From:
To:
Cc:
Subject: OpenSSL 3.0.2 PKCS12_parse
Hello,
Connection between a Openssl 3.0.2 server and a 1.1.1g client is proving to be
unsuccessful.
According to the logs collected we seem to be having an issue with the loading
of the legacy providers.
We are loading both the default and legacy providers programmatically as per
the steps
Hi All,
Can you please help to understand the use of the callback function that can be
set during key generation?
1> For ex: In the OpenSSL 3.0 code, the callback "genrsa_cb" is defined in the
file "apps/genrsa.c" :
What exactly is being done in this callb
> Great! That does suggest an unknown bug exists in master though...
>
>If you can manage it would be useful for us if you tried the latest master
>version of OpenSSL with the "no-asm" config option. My guess is new assembler
>code might be the cause of this. If turni
> Some things you could try:
> - Do you have an alternative compiler you could use? If its a compiler bug
> then swapping to a different compiler might resolve it
Compiler is regular gcc 10.2.1.
> - I notice that you are using the latest master version 3.1.0-dev. The master
> branch is where
ts here. With -no_tls1_3 it goes
further, but there is another error in the end.
The system-wide installed openssl (1.1.1k) seems to work fine, the problem is
with my own compilation of openssl 3.1.0-dev.
bin> ./openssl s_client -trace www.google.com:443
Connecting to 142.250.200.4
CON
Hi,
We are in a process of porting our software to aarch64 (Raspberry Pi). One
problem what we have is with openssl, it appears that our build of it always
fails in SSL_connect(). I have debugged it a bit and it seems the problem
appears in the function ossl_statem_client13_read_transition
with the signature algorithm : "Signature
Algorithm: sha1WithRSAEncryption".
I think that is the problem, the sha1. So... I have built Openssl 3.0.2
and now was planning and thinking which could be the following steps. I
have seen that the own CA uses sha1WithRSAEncryption signature
al
Dear Users,
I have released version 5.63 of stunnel.
### Version 5.63, 2022.03.15, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.2.
* New features
- Updated stunnel.spec to support bash completion.
* Bugfixes
- Fixed a PRNG initialization crash (thx to Gleydson
ed to explicitly set X509_STORE_CTX_set_error(ctx, X509_V_OK)
before return 1 in the example if I need caller SSL_get_verify_result to
return
X509_V_OK?
On Mon, Mar 14, 2022 at 12:38 PM wrote:
> [ External sender. Exercise caution. ]
>
> Send openssl-users mailing list submissions to
>
link:
https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_CTX_verify_cb.html
I am trying to figure out how this example works but it does not seem to
bypass the (use the second example of X509_V_ERR_CERT_HAS_EXPIRED)
However the caller code ll
long res = SSL_get_verify_result( sslCtx ); still
Hi
Does verify_ip supports leftmost wildcard?
I know that hostname does for SAN and CN. But ip address seems to only
support exact match including the port?
Is that observation correct?
What does it take for verify_ip to support leftmost wildcard matching just
like DNS hostname?
Thanks
that there is not something like an OpenSSL key agent
(similar to ssh-agent) for interactively loading the CA's private key
into memory during service start.
My current approach to achieve this is a separate CA only responsible for
revocation.
My understanding is that such a CA is called an "ind
Hi All,
Is there any guideline for upgrading openssl version from 1.0.2 to 1.1.1?
Thanks
Bob
On Fri, Mar 04, 2022 at 02:31:01PM +, Short, Todd wrote:
> Apple uses LibreSSL, not OpenSSL, in their recent OSes:
>
> ~$ openssl version -a
> LibreSSL 2.8.3
> built on: date not available
> platform: information not available
> options: bn(64,64) rc4(16x,int) des(idx,
Apple uses LibreSSL, not OpenSSL, in their recent OSes:
~$ openssl version -a
LibreSSL 2.8.3
built on: date not available
platform: information not available
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: information not available
OPENSSLDIR: "/private/et
On Fri, Mar 04, 2022 at 11:04:00AM +, Matt Caswell wrote:
> OpenSSL 3.0 has recently been designated as a Long Term Support (LTS)
> release. This means that it will now be supported until 7th September
> 2026 (5 years after its initial release).
>
> Our previous LTS
the openssl I'm using is in mac
openssl version -a
LibreSSL 2.8.3
On Thu, Mar 3, 2022 at 8:05 PM Edward Tsang wrote:
> Ok here is what I tried but still complaining about unknown options
> -verify_hostname
> openssl s_client -connect google.com -CAfile etc/auth/cacert.pem
> -ver
Ok here is what I tried but still complaining about unknown options
-verify_hostname
openssl s_client -connect google.com -CAfile etc/auth/cacert.pem
-verify_hostname google.com -verify_return_error
unknown option -verify_hostname
usage: s_client args
On Thu, Mar 3, 2022 at 4:10 PM Viktor
Hi,
I am having a very hard time to get the command line working.
Basically just trying to verify hostname via opoenssl command line:
openssl s_client -CApath . -CAfile ./cacert.pem -verify_hostname
example.com
All I get is "unknown option -verify_hostname
usage: s_client args"
Got it, Thanks
-邮件原件-
发件人: Matt Caswell [mailto:m...@openssl.org]
发送时间: 2022年2月16日 20:09
收件人: Chenxinping ; openssl-users@openssl.org
主题: Re: What is plan of the next LTS version?
There is an ongoing OMC vote (started earlier today) to answer this question.
The proposal is that 3.0
3.0 is not LTS version, and 1.1.1 will be supported until 11th September 2023,
What is the next LTS version? And what is the release plan?
Refer:
The latest stable version is the 3.0 series supported until 7th September 2023.
Also available is the 1.1.1 series which is our Long Term Support
/server-arg.c, but the running generated some alerts and
warnings.
I'm hoping to learn the best way possible to create embedded TLS client/server
with the stable OpenSSL-1_1_1, not too much looping/polling, due to limited
resources in embedded devices.
-- JC
Thanks for your information.
Issue have raised:
https://github.com/openssl/openssl/issues/17681
-邮件原件-
发件人: Dr. Matthias St. Pierre [mailto:matthias.st.pie...@ncp-e.com]
发送时间: 2022年2月10日 0:03
收件人: Chenxinping ; openssl-users@openssl.org
主题: RE: How run the specific test case //答复: How
(conf, test_get_argument(0), NULL) > 0' failed @
test/ssl_test.c:550
# [0] compared to [0]
# ERROR: @ test/ssl_test.c:553
发件人: Dr. Matthias St. Pierre [mailto:matthias.st.pie...@ncp-e.com]
发送时间: 2022年2月9日 23:31
收件人: Chenxinping ; openssl-users@openssl.org
主题: RE: How run the specific test case /
ok 16 - iteration 16
ok 17 - iteration 17
# OPENSSL_TEST_RAND_ORDER=1644408281
not ok 1 - test_handshake
发件人: Dr. Matthias St. Pierre [mailto:matthias.st.pie...@ncp-e.com]
发送时间: 2022年2月9日 19:31
收件人: Chenxinping ; openssl-users@openssl.org
主题: RE: How to run
The config file have some ENV variable and will result fail to load the config
file, How to run a simple test case?
Example:
./test/ssl_test ./test-runs/test_ssl_new/17-renegotiate.cnf.default
ERROR: @ test/ssl_test.c:553
您好,您的邮件我已收到,我会尽快阅读,谢谢!
:21:27PM +0100, Olivier Germain via
> openssl-users wrote:
>
> > We have a requirement to implement the Distinguished Name in the
> response
> > received by the client. Hopefully I am ok.
>
> More accurately, you're being asked to send a suitable non-empty list of
>
您好,您的邮件我已收到,我会尽快阅读,谢谢!
Good afternoon,
I am new in Openssl, SSL. So please excuse my poor knowledge.
We are using Openssl 1.0.2j as a 3rdparty in our software to establish SSL
connection. We can be a server and/or a client.
We have a requirement to implement the Distinguished Name in the response
received
On 17/01/2022 09:49, Tomas Mraz wrote:
On Mon, 2022-01-17 at 09:36 +0100, Milan Kaše wrote:
Hi,
I successfully implemented OpenSSL v3 provider which provides store
and keymgmt and I can use it to sign a cms with the following
command:
openssl cms -sign -signer myprov:cert=0014 -provider myprov
Dear Users,
I have released version 5.62 of stunnel.
### Version 5.62, 2022.01.17, urgency: MEDIUM
* New features
- Added a bash completion script.
* Bugfixes
- Fixed a transfer() loop bug.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256
On 13 Dec 2021, at 12:15, Tomas Mraz wrote:
> One option would be for a provider to provide provider-storemgmt
> implementation to load a key from its special URI. You'd then use
> OSSL_STORE from the application to load a private key from that special
> URI.
>
> Another, rather simplistic,
On 2022-01-05 09:45, Tomas Mraz wrote:
...
So you're basically asking to put something like - "The parameter most
probably won't fit into unsigned int." - to every such parameter
documented for PKEYs?
"unsigned BIGNUM" instead of "unsigned integer" would be short and much
clearer
in the
On 26/12/2021 16:21, Grégory Widmer via openssl-users wrote:
Dear OpenSSL users,
I have a question about OpenSSL. Recently, I asked myself if there was
a maximum bit length for the modulus of a RSA key.
I tried to type :
user@host:~$ openssl genrsa 32768
Warning: It is not recommended
Dear OpenSSL users,
I have a question about OpenSSL. Recently, I asked myself if there was a
maximum bit length for the modulus of a RSA key.
I tried to type :
user@host:~$ openssl genrsa 32768
Warning: It is not recommended to use more than 16384 bit for RSA keys.
Your key size
use auto-scroll' GUI checkbox.
- Double click on the icon tray replaced with single click.
- OpenSSL DLLs updated to version 3.0.1.
* Other new features
- Rewritten the testing framework in python (thx to
Peter Pentchev for inspiration and initial framework).
- Added support for missing SSL_
On Mon, Dec 20, 2021 at 10:24:54AM +, LN via openssl-users wrote:
> Hello,
> I'm currently using a pre-release version of openssl 1.1.1 and want to
> upgrade to a release version.
> With the release of openssl 3.0 (and now 3.0.1) while 1.1.1 is still ongoing
> development,
Hello,
I'm currently using a pre-release version of openssl 1.1.1 and want to upgrade
to a release version.
With the release of openssl 3.0 (and now 3.0.1) while 1.1.1 is still ongoing
development, do you recommed using one version over the other? Is there an
advantage to use one or the other
Hi all,
The ENGINE API is deprecated in favour of the new Provider API.
What is the provider equivalent function that replaces
ENGINE_load_private_key()?
Regards,
Graham
—
SPARC M8-1". However, on the platform policy
page<https://www.openssl.org/policies/platformpolicy.html> it lists a number of
Solaris platforms, all of which are currently "unadopted". How should people
interpret that? That the initial release of OpenSSL 3.0 was suppor
您好,您的邮件我已收到,我会尽快阅读,谢谢!
您好,您的邮件我已收到,我会尽快阅读,谢谢!
您好,您的邮件我已收到,我会尽快阅读,谢谢!
101 - 200 of 1657 matches
Mail list logo