Re: Creating an X25519 client certificate

On 18/03/2021 01:22, Robert Moskowitz wrote: On 3/17/21 8:17 PM, Viktor Dukhovni wrote: Well, CSRs are self-signed, and X25519 does not support signing, so you CANNOT have an X25519 CSR. Slap myself on the forehead Of course I know that.  But did not stop to think this through.   :(

Re: Encoding of AlgorithmIdentifier with NULL parameters

"Reality" ought not be defined this way. On 29/01/2021 02:38, Jakob Bohm via openssl-users wrote: If only one or a few parsers are broken, they need to be fixed. If many broken parsers have proliferated due to generators semi-violating DER by not omitting the empty field, that has become the

Re: Random and rare Seg faults at openssl library level

On 06/01/2021 20:57, Michael Wojcik wrote: But you're asking the wrong question. The correct question is: Why are you using an outdated version of OpenSSL? -- Michael Wojcik :whip-crack: !

Re: Goodbye

If you are lucky .. enjoy your 4th Most of us are not so lucky ..

Re: Goodbye

On 03/07/2020 13:51, Salz, Rich via openssl-users wrote: * topic: Change some words by accepting PR#12089 * * 4 against, 3 for, no absensions I am at a loss for words. I can’t contribute to a project that feels this way. The OMC (list at [1], a picture of some of them at

Re: [openssl-users] 'openssl ca -serial' command line always exit with error 1 ?

Hi Michael, On 28/04/2020 15:21, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of tincanteksup Sent: Tuesday, April 28, 2020 07:02 [tct@arch-hyv-live-64 pki]$ openssl ca -verbose -config safessl-easyrsa.cnf -keyfile private/ca.key -cert

[openssl-users] 'openssl ca -serial' command line always exit with error 1 ?

Greetings openssl users, I'm a long time lurker.. I am trying to use 'openssl ca' command to verify the status of a certificate by serial number only. I can successfully complete this task, however, the 'openssl ca' command always returns an error on completion. I must point out, in

Re: OpenSSL version 3.0.0-alpha1 published

I would normally refrain but ... On 25/04/2020 23:24, Salz, Rich via openssl-users wrote: Yes, nice, why not reduce compile time and save prescious compiler memory by getting rid of all-inline one-liners. And link-time collapsing the identical code. I think this is an issue on some

Re: [openssl-users] Authentication over ECDHE

On 29/12/2018 22:08, C.Wehrmeyer wrote: How am I supposed to get more adept when the documentation is a literal mess? Let me reverse that: What is the *point* of getting more adept with the API when I feel more and more disgusted by learning how it's working internally? Welcome to The

Re: [openssl-users] Unexpected difference between version 10x and 11x

After some RTFM, I found space_ec .. which confirms that this change was intentional. Thanks On 29/05/18 16:27, tincanteksup wrote: Hi, Certificate included here is only for testing. I use EasyRSA to build my PKI -- This all works well. So, now I have a client cert but, depending on which

[openssl-users] Unexpected difference between version 10x and 11x

Hi, Certificate included here is only for testing. I use EasyRSA to build my PKI -- This all works well. So, now I have a client cert but, depending on which version of openssl I use, I get different output in the Issuer line from the same cert. The difference is: openssl 101f: Issuer: C=00,