RE: Issues establising SSL connection after a wget command

2019-06-18 Thread Eric Ntonfo
Hello, Please still looking forward to a suggestion of solution on my error:1407742E issue below How can i fix this? It's not only a matter of using wget. All commands that require to ocnnect to an SSL server are failing Yhans a lot Eric On Mon, 2019-06-17 at 20:29 +, Eric Ntonfo wrote:

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

2019-06-18 Thread Lisa Matias
If you look here: https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html It states: *X509_NAME_ENTRY_get_data() retrieves the field value of ne in and ASN1_STRING structure.* Unfortunately this does not work for any non-string X.500 attributes such as x500UniqueIdentifer

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

2019-06-18 Thread Viktor Dukhovni
On Tue, Jun 18, 2019 at 07:16:46AM -0700, Lisa Matias wrote: > If you look here: > > https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html > > It states: > > *X509_NAME_ENTRY_get_data() retrieves the field value of ne in > and ASN1_STRING structure.* Regardless of the entry

Re: PkiPath with openssl

2019-06-18 Thread Wim Lewis
On Jun 17, 2019, at 11:35 PM, Tobias Wolf wrote: > The specification said about sorting and providing the pki path in correct > order. Ah, I thought you were asking about producing the correct DER representation, not assembling the list of certs. In that case, take a look at the

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

2019-06-18 Thread Lisa Matias
Sorry, I was just frustrated that the changes to OpenSSL 1.1.1 broke code which worked for nearly 15 years, by denying access to previously accessible C structs. I was able to use OpenSSL to generate a certificate with a subject containing the x500UniqueIdentifier attribute as a pure ASN.1 BIT

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

2019-06-18 Thread Viktor Dukhovni
On Tue, Jun 18, 2019 at 02:27:30PM -0700, Lisa Matias wrote: > Sorry, I was just frustrated that the changes to OpenSSL 1.1.1 broke code > which worked for nearly 15 years, by denying access to previously > accessible C structs. Those changes are needed to make sure that future changes in the

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

2019-06-18 Thread Blumenthal, Uri - 0553 - MITLL
On 6/18/19, 5:44 PM, "openssl-users on behalf of Viktor Dukhovni" wrote: We should perhaps provide getter/setter functions for the flags, or perhaps even a specific function for indicating the value is a bitstring, and how many bits it holds. For now the ASN.1 string is not an

Information on Build.info

2019-06-18 Thread shiva kumar
Hi, Actually I wanted to know how build.info file in each directory such as apps, engines etc, will used generate the Make file, what would happen If I wanted to change the build.info file 1) in openssl/*apps/build.info * what would happen if I change *DEPEND[openssl]=libapps.a

Something like SSL_CTX_set_alpn_select_cb for ciphers and ssl/tls protocol version

2019-06-18 Thread Alexander Gryanko
Hello, I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but for ciphers and ssl/tls protocol version. As I see ssl_choose_server_version and ssl3_choose_cipher has no any callbacks in tls_early_post_process_client_hello. Is there any way to disable protocols for some cases?

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

2019-06-18 Thread Viktor Dukhovni
On Tue, Jun 18, 2019 at 09:51:31PM +, Blumenthal, Uri - 0553 - MITLL wrote: > > We should perhaps provide getter/setter functions for the flags, or > > perhaps even a specific function for indicating the value is a bitstring, > > and how many bits it holds. For now the ASN.1 string is not an

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

2019-06-18 Thread Blumenthal, Uri - 0553 - MITLL
> > For now the ASN.1 string is not an opaque structure. > > Considering how OpenSSL design evolved, I suspect that the time may come > when this string would become opaque. Therefore, I suggest that > getter/setter functions should be added. Any thoughts about the

Re: Issues establising SSL connection after a wget command

2019-06-18 Thread Matt Caswell
On 17/06/2019 21:29, Eric Ntonfo wrote: > > Hello, > I am running an Ubuntu 12.04 TLS server and can't use wget to download > software > packages > The command > wget http://curl.haxx.se/download/curl-7.63.0.tar.bz2 > fails with the following error > > --2019-06-17 22:10:11--  

Re: Something like SSL_CTX_set_alpn_select_cb for ciphers and ssl/tls protocol version

2019-06-18 Thread Matt Caswell
On 18/06/2019 10:13, Alexander Gryanko wrote: > Hello,  > > I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but > for > ciphers and ssl/tls protocol version. As I see ssl_choose_server_version and > ssl3_choose_cipher has no any callbacks in >