Re: SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN Functions + Their Callbacks
> I don't understand how to write the callback functions some of > the OpenSSL ALPN functions expect, and the manual really isn't > helping there either, so I'd like some help. Use SSL_CTX_set_client_hello_cb to set a SSL_client_hello_cb_fn function, which you can parse to get TLSEXT_TYPE_server_name and TLSEXT_TYPE_application_layer_protocol_negotiation, and everything else sent in the Client Hello (if you need it) like SSL versions and ciphers supported. Within this callback you can change SSL_CTX depending on SNI and ALPN. Ignore the SNI and ALPN callbacks. client_hello_cb was only added in 1.1.1 so is often missing from old examples, FAQs and manuals. Angus
SSL_CTX_set_alpn_select_cb and Other OpenSSL API ALPN Functions + Their Callbacks
Hi again. I don't understand how to write the callback functions some of the OpenSSL ALPN functions expect, and the manual really isn't helping there either, so I'd like some help. I have a HTTP/2 upgrade request inside the ClientHello and it's causing my server app to give an error about an unknown protocol. That's why I want to do this. I understand that I need to call the ALPN functions somewhere in the function I'm using to run the server. I'm already using TLS for HTTPS, so I have to use ALPN. Please help me out here. Thanks.
Fwd: Need Help for iOS and MacOS Build of OpenSSL
Hi Everyone, I am working on a project where I have to build OpenSSL "3.0.5" version for multiple targets related to MacOS and iOS. I am able to successfully build the OpenSSL "1.1.1x" version by using targets mentioned in "20-ios-tvos-cross.conf". I used to give commands like the below: > ./Configure macosx-cross-x86_64 --prefix=gen/out/bin/Debug-MacOSX-x86_64 > no-shared no-async -fembed-bitcode-marker enable-ec_nistp_64_gcc_128 Now for version "3.0.5" when I give the above command, I am getting the below error: ./Configure macosx-cross-x86_64 --prefix=gen/out/bin/Debug-MacOSX-x86_64 > no-shared no-async -fembed-bitcode-marker enable-ec_nistp_64_gcc_128 > Undefined subroutine ::asm called at (eval 15) line 46. > Configuring OpenSSL version 3.0.5 for target macosx-cross-x86_64 > Using os-specific seed configuration > Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] > [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] > [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] > [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] > os/compiler[:flags] > > pick os/compiler from: > ... > android-armeabi android-mips android-mips64 android-x86 android-x86_64 > android64 android64-aarch64 android64-mips64 android64-x86_64 bsdi-elf-gcc > cc > darwin-i386 darwin-i386-cc darwin-ppc darwin-ppc-cc darwin64-arm64 > darwin64-arm64-cc darwin64-debug-test-64-clang darwin64-ppc > darwin64-ppc-cc > darwin64-x86_64 darwin64-x86_64-cc gcc haiku-x86 haiku-x86_64 hpux-ia64-cc > ... > When I give the "os/compiler" details in the above command, I get the below error: ./Configure macosx-cross-x86_64 --prefix=gen/out/bin/Debug-MacOSX-x86_64 > no-shared no-async -fembed-bitcode-marker enable-ec_nistp_64_gcc_128 > darwin64-x86_64-cc > Undefined subroutine ::asm called at (eval 15) line 46. > > Failure! build file wasn't produced. > Please read INSTALL.md and associated NOTES-* files. You may also have to > look over your available compiler tool chain or change your configuration. > > target already defined - macosx-cross-x86_64 (offending arg: > darwin64-x86_64-cc) > Now, my question is I want to build the OpenSSL using the targets defined in my "20-ios-tvos-cross.conf" and without "OS/Compiler" flags? I have tried to find the solution over the internet but no luck. Will really appreciate the help in this. Feel free to ask any questions you have. Thanks, Seraj
Re: Unable to load self-signed certificate
Actually the error is: 533:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/opt/ssl-v1.02u/ssl/cert.pem','r') 533:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182: 533:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:254: 533:error:0B065068:x509 certificate routines:BY_FILE_CTRL:loading defaults:by_file.c:112: as we are having 2 different versions of ssl on the system. Is there anything we need to do if we have 2 different versions? I am building my app pointing libs and includes to /opt/ssl-v1.02u Thanks On Wed, Jul 27, 2022 at 8:14 AM radiatejava wrote: > > Hello experts > I used to load a self-signed cert using a program like below: > > X509_STORE_set_verify_cb_func(lCertCtx, UserCert_cb_check_cert); > lLookup = X509_STORE_add_lookup(lCertCtx, X509_LOOKUP_file()); > error = X509_LOOKUP_load_file(lLookup, NULL, X509_FILETYPE_DEFAULT); > > It was all working great till I was on openssl 1.0.2k. > We have shifted to openssl 1.0.2u and now the call > X509_LOOKUP_load_file(..) for self-siged cert is not working. Somehow > it seems to be looking for a default CA certificate. This is the error > I get: > > 533:error:02001002:system library:fopen:No such file or > directory:bss_file.c:175:fopen('/usr/lib/ssl/cert.pem','r') > 533:error:2006D080:BIO routines:BIO_new_file:no such > file:bss_file.c:182: 533:error:0B084002:x509 certificate > routines:X509_load_cert_crl_file:system lib:by_file.c:254: > 533:error:0B065068:x509 certificate routines:BY_FILE_CTRL:loading > defaults:by_file.c:112: > > I do not have any /usr/lib/ssl/cert.pem file on my system. I am on ubuntu > 20.04. > > Appreciate your help! > -Satish