--Randall S. BeckerNexbridge Inc.
Original message From: רונן לוי Date:
2022-10-23 09:26 (GMT-05:00) To: openssl-users@openssl.org, Michael Wojcik
Subject: Re: openssl-users Digest, Vol 95,
Issue 27 Subject: Porting OpenSSL to vxWorks (using cygwin)Hi Michael,- Why are
you
s enough information to go on.
A: For the long run, I consider to use OpenSSL features on Linux and VxWorks
בתאריך יום ה׳, 20 באוק׳ 2022 ב-8:27 מאת <openssl-users-requ...@openssl.org
>:
> Send openssl-users mailing list submissions to
> openssl-users@openssl.org
>
ריך יום ה׳, 20 באוק׳ 2022 ב-8:27 מאת <openssl-users-requ...@openssl.org
>:
> Send openssl-users mailing list submissions to
> openssl-users@openssl.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mta.openssl.org/mailman/listinfo/
> From: openssl-users On Behalf Of ???
> Sent: Tuesday, 18 October, 2022 11:58
> I have downloaded perl strawberry, but I have no clue how to get rid of the
> built-in perl that comes in cygwin, and point cygwin to use the strawberry
> perl.
You don't have to remove the
I have downloaded perl strawberry, but I have no clue how to get rid of the
built-in perl that
comes in cygwin, and point cygwin to use the strawberry perl.
Need Assistance!
בתאריך יום ג׳, 18 באוק׳ 2022 ב-0:49 מאת <openssl-users-requ...@openssl.org
>:
> Send openssl-users mai
Dear OpenSSL Users and Programmers,
I tried running the following command in Windows 64 bit Home edition,
and got the error:
>openssl req -nodes -newkey rsa:4096 -keyout pkey.pem -x509 -out cert.pem -days
>36500 -subj -addext "subjectKeyIdentifier=hash"
req: Use -help for su
On Mon, Mar 14, 2022 at 12:47:26PM -0700, Edward Tsang via openssl-users wrote:
> I guess I need to explicitly set X509_STORE_CTX_set_error(ctx,
> X509_V_OK) before return 1 in the example if I need caller
> SSL_get_verify_result to return X509_V_OK?
Yes, but I'd like to strongl
ed to explicitly set X509_STORE_CTX_set_error(ctx, X509_V_OK)
before return 1 in the example if I need caller SSL_get_verify_result to
return
X509_V_OK?
On Mon, Mar 14, 2022 at 12:38 PM wrote:
> [ External sender. Exercise caution. ]
>
> Send openssl-users mailing list submissions to
>
include signature_algorithms_cert
> extension.
>
> 2.The signature_algorithms_cert extension in ClientHello contains
> rsa_pkcs1_sha256 (0x0401).
>
>
>
>
>
>
>
>
>
> Thanks,
>
>
> Allen
>
>
> 发件人: openssl-users 代表
> openssl-use
Hi Michael,
Thanks a lot for your analysis. I've fixed this issue as mentioned in previous
email.
Regards,
Allen
发件人: openssl-users 代表
openssl-users-requ...@openssl.org
发送时间: 2022年1月1日 15:48
收件人: openssl-users@openssl.org
主题: openssl-users Digest, Vol 86
.The signature_algorithms_cert extension in ClientHello contains
rsa_pkcs1_sha256 (0x0401).
Thanks,
Allen
发件人: openssl-users 代表
openssl-users-requ...@openssl.org
发送时间: 2022年1月1日 15:48
收件人: openssl-users@openssl.org
主题: openssl-users Digest, Vol 86, Issue 1
Send openssl
82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk
> -END CERTIFICATE-
>
>
> g1.pem: OK
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
?
2021-04-22 1:08 غرينتش+03:00, openssl-users-requ...@openssl.org
:
> Send openssl-users mailing list submissions to
> openssl-users@openssl.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mta.openssl.org/mailman/listinfo/openssl-users
> o
very much Matthias and Paul for your
help on this.
Regards,
Vishwanath M
From: Dr. Matthias St. Pierre<mailto:matthias.st.pie...@ncp-e.com>
Sent: 05 April 2021 03:22 PM
To: Dr Paul Dale<mailto:pa...@openssl.org>; Vishwanath
Mahajanshetty<mailto:mahajanshe...@outlook.com&g
red [2].
Matthias
[1]
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/rand/drbg_lib.c#L958-L970
[2]
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/rand/drbg_lib.c#L1146-L1153
From: openssl-users On Behalf Of Dr Paul
Dale
Sent: Monday, April 5, 2021 3
helpful if you point out APIs which help me to achieve this
requirement.
Thank You,
Vishwanath M
*From: *openssl-users-requ...@openssl.org
<mailto:openssl-users-requ...@openssl.org>
*Sent: *03 April 2021 02:19 PM
*To: *openssl-users@openssl.org <mailto:openssl-users@openssl.org&
(*) you might want to force an initial seeding during application startup by an
explicit RAND_bytes() call.
From: openssl-users
mailto:openssl-users-boun...@openssl.org>>
On Behalf Of Vishwanath Mahajanshetty
Sent: Sunday, April 4, 2021 1:56 PM
To: openssl-users@opens
through RAND_bytes() and
drbg_bytes() but not getting enough idea. It would be really helpful if you
point out APIs which help me to achieve this requirement.
Thank You,
Vishwanath M
From:
openssl-users-requ...@openssl.org<mailto:openssl-users-requ...@openssl.org>
Sent: 03 April 2021 02
,
Vishwanath M
*From: *openssl-users-requ...@openssl.org
<mailto:openssl-users-requ...@openssl.org>
*Sent: *02 April 2021 04:58 PM
*To: *openssl-users@openssl.org <mailto:openssl-users@openssl.org>
*Subject: *openssl-users Digest, Vol 77, Issue 4
Send openssl-users mailing list
?).
Thank You,
Vishwanath M
From:
openssl-users-requ...@openssl.org<mailto:openssl-users-requ...@openssl.org>
Sent: 02 April 2021 04:58 PM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: openssl-users Digest, Vol 77, Issue 4
Send openssl-users mailing list
, it does not change.
Looks like I missed this email since the title changed.
Regards,
Dingping
Michael Wojcik 于2020年12月29日周二 上午7:16写道:
> > From: openssl-users On Behalf Of
> Jochen
> > Bern
> > Sent: Friday, 25 December, 2020 03:37
>
> I believe David von Oheimb has
> From: openssl-users On Behalf Of Jochen
> Bern
> Sent: Friday, 25 December, 2020 03:37
I believe David von Oheimb has already provided a solution for the original
problem in this thread (setting subjectKeyIdentifier and authorityKeyIdentifer
lets OpenSSL pick the right certifi
> From: openssl-users On Behalf Of Jochen
> Bern
> Sent: Friday, 25 December, 2020 03:37
I believe David von Oheimb has already provided a solution for the original
problem in this thread (setting subjectKeyIdentifier and authorityKeyIdentifer
lets OpenSSL pick the right certifi
On 25.12.20 00:35, openssl-users-requ...@openssl.org digested:
> Message: 3
> Date: Fri, 25 Dec 2020 07:35:40 +0800
> From: ???
>
> @Jochen actually, the certs have different SN, which indeed is not
> consistent with the man doc.
... how so? Different certs having dif
ncora.com/>
From: Mark Minnoch
Sent: 10 August 2020 21:28
To: Rakesh Parihar
Subject: Fwd: openssl-users Digest, Vol 69, Issue 7
Hi Rakesh,
I saw your post on the openssl-users list. We have a customer that is testing
KeyPair's FIPS module Cert.
#3503<https://csrc.nist.gov/project
I am curious whether anyone has BCP recommentations for distinguishing
between (presumably rare) out-of-memory or similar internal resource
issues resulting in a NULL return value from d2i_TYPE() (e.g.
d2i_X509()), vs. (presumably more common) issues with the input
encoding?
Does anyone have
Hi Michael,
On 28/04/2020 15:21, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
tincanteksup
Sent: Tuesday, April 28, 2020 07:02
[tct@arch-hyv-live-64 pki]$ openssl ca -verbose -config safessl-easyrsa.cnf
-keyfile private/ca.key -cert
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> tincanteksup
> Sent: Tuesday, April 28, 2020 07:02
> [tct@arch-hyv-live-64 pki]$ openssl ca -verbose -config safessl-easyrsa.cnf
> -keyfile private/ca.key -cert ca.crt -status $serial_number
>
>
Greetings openssl users,
I'm a long time lurker..
I am trying to use 'openssl ca' command to verify the status of a
certificate
by serial number only. I can successfully complete this task, however, the
'openssl ca' command always returns an error on completion.
I must point out, in advance
Thank you! That was the issue.
Clay
> On Feb 21, 2020, at 7:54 AM, openssl-users-requ...@openssl.org wrote:
>
> Message: 5
> Date: Fri, 21 Feb 2020 22:51:51 +1000
> From: Dr Paul Dale
> To: openssl-users
> Subject: Re: CRYPTO_secure_malloc_init() fails without error
plz how can automatically recover this problam
On Wed, 12 Feb 2020, 14:59 , wrote:
> Send openssl-users mailing list submissions to
> openssl-users@openssl.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mta.openssl.org/mailman/listinf
n issue with OpenSSL?
Please see my previous post on this topic here:
https://mta.openssl.org/pipermail/openssl-users/2019-January/009781.html
PRs welcome to improve the documentation in this area.
Matt
Thanks for the speculation on validated platforms, Mark. Please be careful
about using this resource as a medium for self-promotion.
- Walt
Walter Paley
w...@safelogic.com
SafeLogic - FIPS 140-2 Simplified
On Mon, 18 Feb 2019 22:51:09 +0100,
Jakob Bohm wrote:
> Having a DMARC record without DKIM signatures (including DKIM
> signing mails relayed with openssl.org as From: address) is either
> an RFC violation or very close to one.
I suspected that. We're not quite ready for full blown DKIM yet, so
(Resend from correct account)
On 15/02/2019 18:35, Salz, Rich via openssl-users wrote:
(as for "possibly not the FIPS provider", that's exactly right. That
one *will* be a loadable module and nothing else, and will only be
validated as such... meaning that noone can stop you fr
On Mon, Feb 18, 2019 at 2:18 PM Jakob Bohm via openssl-users <
openssl-users@openssl.org> wrote:
> On 17/02/2019 14:26, Matt Caswell wrote:
> > On 16/02/2019 05:04, Sam Roberts wrote:
> >> On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote:
> >>> On 15/
On 17/02/2019 14:26, Matt Caswell wrote:
On 16/02/2019 05:04, Sam Roberts wrote:
On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote:
On 15/02/2019 20:32, Viktor Dukhovni wrote:
On Feb 15, 2019, at 12:11 PM, Sam Roberts wrote:
OpenSSL could delay the actual shutdown until we're about to
On 16/02/2019 00:02, Richard Levitte wrote:
On Fri, 15 Feb 2019 18:33:30 +0100, Lewis Rosenthal wrote:
...
I strongly encourage you to re-think this. Everyone else on this list
whose server has been properly configured to not trash legitimate
messages must now be inconvenienced by the needs of
On 16/02/2019 05:04, Sam Roberts wrote:
> On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote:
>> On 15/02/2019 20:32, Viktor Dukhovni wrote:
On Feb 15, 2019, at 12:11 PM, Sam Roberts wrote:
>>> OpenSSL could delay the actual shutdown until we're about to return
>>> from the SSL_accept()
On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote:
> On 15/02/2019 20:32, Viktor Dukhovni wrote:
> >> On Feb 15, 2019, at 12:11 PM, Sam Roberts wrote:
> > OpenSSL could delay the actual shutdown until we're about to return
> > from the SSL_accept() that invoked the callback. That is
On 15/02/2019 20:32, Viktor Dukhovni wrote:
>> On Feb 15, 2019, at 12:11 PM, Sam Roberts wrote:
>>
>> In particular, I'm getting a close_notify alert, followed by two
>> NewSessionTickets from the server.
>>
>> The does SSL_read()/SSL_get_error(), it is returning
>> SSL_ERROR_ZERO_RETURN, so I
roblems. The
> biggest hurdle is getting to the right admin on the "problem" side,
> which is why the initial contact needs to come from one of their
> customers who has been affected.
>
> > So, to mitigate the problem, we've removed all extra decoration of the
&g
> On Feb 15, 2019, at 12:11 PM, Sam Roberts wrote:
>
> In particular, I'm getting a close_notify alert, followed by two
> NewSessionTickets from the server.
>
> The does SSL_read()/SSL_get_error(), it is returning
> SSL_ERROR_ZERO_RETURN, so I stop calling SSL_read().
>
> However, that means
ieb Richard Levitte:
>> So, to mitigate the problem, we've removed all extra decoration of
>the
>> messages, i.e. the list footer that's usually added and the subject
>> tag that indicates what list this is (I added the "openssl-users:"
>> that you see manual
Am Freitag, 15. Februar 2019, 16:03:42 CET schrieb Richard Levitte:
> So, to mitigate the problem, we've removed all extra decoration of the
> messages, i.e. the list footer that's usually added and the subject
> tag that indicates what list this is (I added the "openssl-users:&q
tact needs to come from one of their customers who has been
affected.
So, to mitigate the problem, we've removed all extra decoration of the
messages, i.e. the list footer that's usually added and the subject
tag that indicates what list this is (I added the "openssl-users:"
that you
>(as for "possibly not the FIPS provider", that's exactly right. That
one *will* be a loadable module and nothing else, and will only be
validated as such... meaning that noone can stop you from hacking
around and have it linked in statically, but that would make it
invalid
On 15/02/2019 12:23, Matt Caswell wrote:
On 15/02/2019 03:55, Jakob Bohm via openssl-users wrote:
These comments are on the version of the specification released on
Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
General notes on this release:
- The release
Responding to some earlier questions:
> Can you give any guidance on which platforms will be validated with the
OpenSSL FIPS 3.0 module? My recollection is that it will only be a handful
of platforms.
I would expect the number of platforms to be small. The wonderful 5
sponsors of the FIPS
extra decoration of the
messages, i.e. the list footer that's usually added and the subject
tag that indicates what list this is (I added the "openssl-users:"
that you see manually).
So IF you're filtering the messages to get list messages in a
different folder, based on the subject
footer that's usually added and the subject
tag that indicates what list this is (I added the "openssl-users:"
that you see manually).
So IF you're filtering the messages to get list messages in a
different folder, based on the subject line, you will unfortunately
have to change it. If I m
On Fri, 2019-02-15 at 11:23 +, Matt Caswell wrote:
>
> On 15/02/2019 03:55, Jakob Bohm via openssl-users wrote:
> > yout - but this is useful input.
>
> >
> > FIPS-specific issues:
> >
> > - The checksum of the FIPS DLL should be compiled into the FI
On 15/02/2019 03:55, Jakob Bohm via openssl-users wrote:
> These comments are on the version of the specification released on
> Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
>
> General notes on this release:
>
> - The release was not announced on
at https://www.openssl.org/docs/OpenSSL300Design.html
>
> General notes on this release:
>
> - The release was not announced on the openssl-users and
> openssl-announce mailing lists. A related blog post was
> announced two days later.
Yes.
> - The related strategy document is at
&g
On 14/02/2019 22:51, Sam Roberts wrote:
> In particular, I'm getting a close_notify alert, followed by two
> NewSessionTickets from the server.
This sounds like a bug somewhere. Once you have close_notify you shouldn't
expect anything else. Is that an OpenSSL server?
Matt
--
openssl
These comments are on the version of the specification released on
Monday 2019-02-11 at https://www.openssl.org/docs/OpenSSL300Design.html
General notes on this release:
- The release was not announced on the openssl-users and
openssl-announce mailing lists. A related blog post was
announced
on closed... not sure what else to do.
Thanks,
Sam
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
need ?
CMS_ContentInfo:
contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
d.envelopedData:
version:
originatorInfo:
recipientInfos:
d.ktri:
version:
Thanks
NJ
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
--
openssl-users mailing
nce there's
only one runtime that works with the one FIPS module.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
.0 code drop to start porting and a looming deadline for the
1.0.x API.
You get what you pay for. I can be harsh because I am not a member of the
OpenSSL project.
You can start by porting to 1.1.x now.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
platforms can be
validated would also be helpful.
Thanks,
Zeke Evans
Senior Software Engineer, Micro Focus
From: openssl-project on behalf of Matt
Caswell
Sent: Wednesday, February 13, 2019 4:26 AM
To: openssl-annou...@openssl.org; openssl-users@openssl.org
() ?
Yes, as long as it's done after EVP_DecryptInit_ex().
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Ludwig
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jakob Bohm via openssl-users
Sent: Thursday, February 14, 2019 10:34 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] OpenSSL 3.0 and FIPS Update
On 13/02/2019 20:12, Matt
On 14/02/2019 16:34, Jakob Bohm via openssl-users wrote:
> On 13/02/2019 20:12, Matt Caswell wrote:
>>
>> On 13/02/2019 17:32, Jakob Bohm via openssl-users wrote:
>>> On 13/02/2019 12:26, Matt Caswell wrote:
>>>> Please see my blog post for an OpenSSL
)
Is there a prefered name to use ?
* In the case of GCM usage (with examples found in the OpenSSL wiki),
Is the specific control action to set the tag on decryption can be
done at the beginning rather than juste before EVP_DecryptFinal_ex() ?
Thank you.
Kind regards,
Patrice.
--
openssl-users mailing
On 13/02/2019 20:12, Matt Caswell wrote:
On 13/02/2019 17:32, Jakob Bohm via openssl-users wrote:
On 13/02/2019 12:26, Matt Caswell wrote:
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
Given this announcement
to use
X509_STORE_get1_certs but this seems to require a X509_NAME which I do not
have since I want all the certificates out of the CAs.
Is there a proper way to do this?
Regards.
--
Ignacio Casal Quinteiro
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo
said, of course, there is plenty of room for improvement in our testing. I
would love to see more complete direct testing of the API. I do think we are
moving in the right direction, but it is definitely a long term project.
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
| ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
--
openssl-users mailing list
To unsubscribe: https://mta.
On 13/02/2019 17:32, Jakob Bohm via openssl-users wrote:
> On 13/02/2019 12:26, Matt Caswell wrote:
>> Please see my blog post for an OpenSSL 3.0 and FIPS Update:
>>
>> https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
>>
>> Matt
>
> Given t
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
or
> OpenSSL 1.1.1?
OpenSSL 3.0 is our next release and the FIPS module will be based on it. There
will be no FIPS module for 1.1.1.
Matt
>
> Thanks.
>
>
> --------
> *From:* openssl-users on behalf of Pa
: openssl-users on behalf of Paul Dale
Sent: Wednesday, February 13, 2019 1:24 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] FIPS Module for OpenSSL 1.1.1
The answer hasn’t changed: there is no firm date.
Progress is being made however.
Pauli
--
Oracle
Dr Paul Dale
Please see my blog post for an OpenSSL 3.0 and FIPS Update:
https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
inux-gnu/libpcre.so.3 (0x7fa12f43f000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7fa12f075000)
/lib64/ld-linux-x86-64.so.2 (0x7fa13012a000)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
pull request.
Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
uary 2019 9:39 AM
To: openssl-users@openssl.org
Subject: [openssl-users] FIPS Module for OpenSSL 1.1.1
Just wondering if there is a time frame for the availability of the FIPS Module
for OpenSSL 1.1.1? Q3 2019? Q4?
I realize this has been asked before, but the most recent answer I f
-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Tue, Feb 12, 2019 at 11:22:47PM +0100, Jakob Bohm via openssl-users wrote:
> At least in older versions of OpenSSL, you could create a custom BIO
> that buffers the socket data and lets you look at it before passing
> it to the SSL/TLS layer or directly to your code according to the
&
Is there a better place for things like this?
Please add X509_verify_cert_error_string to the SEE ALSO section of the man
page for SSL_get_verify_result
Thanks.
--
These are my opinions. I hate spam.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
used.
One idea is to use MSG_PEEK on the socket recv() to check the first
bytes of the initial message (our protocol uses an XML message as the
initial connection so seeing something like "https://mta.openssl.org/mailman/listinfo/openssl-users
Hi Rajinder,
Have you tried the “socket_transport_name_set” call in your main program?
ScottN
From: openssl-users On Behalf Of Rajinder
Pal Singh
Sent: Friday, February 08, 2019 12:54 PM
To: m...@foocrypt.net
Cc: openssl-users
Subject: Re: [openssl-users] How to use a specific ip interface
b server.
>>
>> —
>>
>> Regards,
>>
>> Mark A. Lane
>>
>>
>>
>>
>> On 9 Feb 2019, at 04:20, Rajinder Pal Singh wrote:
>>
>> Hi,
>>
>> I want to use a specific ip interface (out of several available ethernet
9 Feb 2019, at 04:20, Rajinder Pal Singh wrote:
>>
>> Hi,
>>
>> I want to use a specific ip interface (out of several available ethernet
>> interfaces available on my server) to test TLS/SSL connectivity to a remote
>> server.
>>
>>
>>
> that tickets are only invalidated by expiration, not key rotation.
This seems a very reasonable approach, I may propose it as the default
after we have 1.3 support, thanks.
Cheers,
Sam
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
eb 2019, at 04:20, Rajinder Pal Singh > <mailto:rajin6...@gmail.com>> wrote:
>>
>> Hi,
>>
>> I want to use a specific ip interface (out of several available ethernet
>> interfaces available on my server) to test TLS/SSL connectivity to a remote
&g
of several available ethernet
> interfaces available on my server) to test TLS/SSL connectivity to a remote
> server.
>
>
> Wondering if its possible?
>
>
> Regards,
> Rajinder.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listi
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Viktor Dukhovni
> Sent: Friday, February 08, 2019 13:00
>
> > On Feb 8, 2019, at 12:55 PM, Michael Wojcik
> wrote:
> >
> > For IPv4: Create your socket, bind it to the local interf
;
>
> Wondering if its possible?
>
>
> Regards,
> Rajinder.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> <https://mta.openssl.org/mailman/listinfo/openssl-users>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
bly want to enable
> SO_REUSEADDR on the socket before calling bind.
For the record, one should *not* use SO_REUSEADDR for client sockets used in
outbound connections.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Rajinder Pal Singh
> Sent: Friday, February 08, 2019 12:20
> I want to use a specific ip interface (out of several available ethernet
> interfaces available
> on my server) to test TLS/SSL connec
Hi,
I want to use a specific ip interface (out of several available ethernet
interfaces available on my server) to test TLS/SSL connectivity to a remote
server.
Wondering if its possible?
Regards,
Rajinder.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman
openssl verify with these two options set at the
same time?
Thanks
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
s,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
tion, not key rotation.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
mi-obvious in retrospect, after having read our ticket key
handling code, but it took me a while to find it.
And it turns out that yes, SSL_session_resumed() does work with TLS tickets.
Thanks for the suggestions, Viktor.
Cheers,
Sam
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.o
gt;posttls-finger: smtp.dukhovni.org[100.2.39.101]:25: Reusing old session
>
> What API are you using to confirm that the ticket was used to resume
> the session? SSL_session_reused?
Yes.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
.101]:25: Reusing old session
What API are you using to confirm that the ticket was used to resume
the session? SSL_session_reused?
Thanks,
Sam
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
e did occur.
> For both, I'm getting the session in the new session callback, and
> then setting it with SSL_set_session(), so I'd expect resumption to
> work for either protocol.
Yes - it should. It would be helpful to check whether the ticket is actually
appearing in the ClientHello or not.
Matt
1 - 100 of 10187 matches
Mail list logo