[openssl-users] Compiling OpenSSL 1.1.0e with AF_ALG engine

Hi, I'm trying to compile OpenSSL 1.1.0e with the afalg engine on a recent CentOS 7. I removed the kernel version check for the afalg engine from the Configure script since AFAIK the CentOS kernel should have all of that back ported. I ran the following configure command: $ ./Configure

Re: [openssl-users] Compiling OpenSSL 1.1.0e with AF_ALG engine

On 22/02/17 09:11, David Oberhollenzer wrote: > Running readelf on afalg.so confirms that the symbol is indeed not > in the binary. Am I missing some magic configure options or is there > some other problem? I just tried the exact same Configure line as you on 1.1.0e and it all works fine: $

Re: [openssl-users] Compiling OpenSSL 1.1.0e with AF_ALG engine

Am 22.02.2017 um 12:24 schrieb David Oberhollenzer: > Sorry, never mind. After taking a closer look at the source code I saw > that there are further compile time and run-time kernel version > checks in e_afalg.c. I adjusted the version number and got that to > work now. Well, why does the afalg

[openssl-users] OpenSSL handshake failure with RSA bad signature error

Hi, I have recently updated my openssl server version from 1.0.1m to 1.0.2j. After updating the handshake fails with the client. The client still use openssl version 1.0.1e-fips. Note: With older openssl server version (1.0.1m) the handshake works with the same set of certificates. Here is the

Re: [openssl-users] Compiling OpenSSL 1.1.0e with AF_ALG engine

On 22/02/17 20:20, Richard Weinberger wrote: > Am 22.02.2017 um 12:24 schrieb David Oberhollenzer: >> Sorry, never mind. After taking a closer look at the source code I saw >> that there are further compile time and run-time kernel version >> checks in e_afalg.c. I adjusted the version number

Re: [openssl-users] DTLS for SCTP connections

> On 22 Feb 2017, at 07:47, mahesh gs wrote: > > Hi, > > Thank you for sharing the sample code. > > I tried running SCTP DTLS Echo server and client. I am facing strange problem > "ssl_connect" hangs on the client side, even the "ssl_accept" hangs on the > server side.

Re: [openssl-users] Compiling OpenSSL 1.1.0e with AF_ALG engine

>> Sorry, never mind. After taking a closer look at the source code I saw >> that there are further compile time and run-time kernel version >> checks in e_afalg.c. I adjusted the version number and got that to >> work now. > > Well, why does the afalg engine depend on Linux 4.1? > AF_ALG is part

Re: [openssl-users] DTLS for SCTP connections

Hi Michael, I am using "Red Hat Enterprise Linux Server release 6.4 (Santiago)" and openssl version is 1.1.0. SCTP version : [root@localhost DIAMETER]# rpm -qa | grep -i "sctp" *lksctp-tools-1.0.10-5.el6.x86_64* [root@localhost DIAMETER]# rpm -qi lksctp-tools-1.0.10-5.el6.x86_64 Name:

Re: [openssl-users] Question RE certificate chain verification

On Tue, February 21, 2017 12:16, Jakob Curdes wrote: > Hi, I am new to the list and have a question where it seems I cannot find > the answer in archives here or in other sources. > > We want to verify the certificate chain of an "official" certificate, but > including the revocation status of the