On Mon, Dec 05, 2022 at 11:31:18AM -0800, Thomas Dwyer III wrote:
> Why does EVP_get_digestbyname("md4") return non-NULL if the legacy provider
> isn't loaded? Similarly, why does it return non-NULL for "md5" after doing
> EVP_set_default_properties(NULL, "fips=yes")? This seems unintuitive.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.1 alpha 1 released
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 3.1 is currently in alpha.
OpenSSL 3.1 alpha 1 has now been made available
> From: Steven_M.irc
> Sent: Thursday, November 24, 2022 21:21
> > This is not true in the general case. There are applications which are
> > available on Linux which do not use the
> > distribution's package manager. There are applications which use their own
>
, Job Cacka wrote:
> Michael's point should be asked and answered first for your environment.
>
> To find all of the OpenSSL bits used on a windows system you would use
> Powershell or a tool that flexes its use like PDQ Inventory. There is a
> steep learning curve and it is pro
their own OpenSSL build, possibly linked
> statically or linked into one of their own shared objects or with the OpenSSL
> shared objects renamed. Linux distributions have not magically solved the
> problem of keeping all software on the system current.
That's disheartening
On 2022-11-15 21:36, Phillip Susi wrote:
Jakob Bohm via openssl-users writes:
Performance wise, using a newer compiler that implements int64_t etc. via
frequent library calls, while technically correct, is going to run
unnecessarily slow compared to having algorithms that actually use
> From: openssl-users on behalf of
> Steven_M.irc via openssl-users
> Sent: Monday, November 21, 2022 15:56
> However, I am running Windows 10, and since (unlike Linux) every piece of
> software outside of Windows itself
> needs to be updated individually, I don't know
Hi All,
A few weeks ago I sent this e-mail to the group:
https://mta.openssl.org/pipermail/openssl-users/2022-November/015613.html I
received a couple of replies, but sadly I have been too busy to respond to
them. Regardless, I need a bit more information please.
In one of the replies, Viktor
Thanks for the explanation, that probably makes sense.
Thank you
Matt
From: Kyle Hamilton
Date: Monday, 21 November 2022 12:46
To: ORNEST Matej - Contractor
Cc: openssl-users
Subject: Re: X52219/X448 export public key coordinates
The reason has to do with the type of curve representation
implemented outside the
context of EC. It’s not clear to me why but I believe there’s a good reason for
it.
Anyway, thanks for your answer!
Regards
Matt
On 18. 11. 2022, at 17:13, Kyle Hamilton wrote:
X25519?
On Mon, Nov 14, 2022, 05:23 ORNEST Matej - Contractor via openssl-users
mailto:openssl
rt those key types in desired format? I’m using
OpenSSL version 1.1.1q.
Thank you very much for any hint
Matt
:
"WuJinze"
<294843...@qq.com;
Date:Sat, Nov 12, 2022 06:17 PM
To:"openssl-users"
Dear OpenSSL Group,
Greetings. I was working on writing simple aes encrypt/decrypt wrapper
function in c++ and running into a strange problem. The minimal reproducible
examples in gist seems working fine but when i uncomment lines 90-92, it will
fail to decrypt randomly. Can someone help me
On 2022-11-06 23:14, raf via openssl-users wrote:
On Sat, Nov 05, 2022 at 02:22:55PM +, Michael Wojcik
wrote:
From: openssl-users On Behalf Of raf via
openssl-users
Sent: Friday, 4 November, 2022 18:54
On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users
wrote
On Sat, Nov 05, 2022 at 02:22:55PM +, Michael Wojcik
wrote:
> > From: openssl-users On Behalf Of raf
> > via
> > openssl-users
> > Sent: Friday, 4 November, 2022 18:54
> >
> > On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-us
On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote:
> Hello,
>
> I did few experiments with early data but was not successful in solving my
> exotic use case: "Using early data dependent on the SNI"
>
> I control the server (linux, supports http2) b
> From: openssl-users On Behalf Of raf via
> openssl-users
> Sent: Friday, 4 November, 2022 18:54
>
> On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users
> wrote:
>
> >
> > I'm inclined to agree. While there's an argument fo
On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users
wrote:
> > From: openssl-users On Behalf Of Phillip
> > Susi
> > Sent: Wednesday, 2 November, 2022 11:45
> >
> > The only thing to fix is don't put your compiler in strict C90 mode.
>
> From: openssl-users On Behalf Of Matt
> Caswell
> Sent: Friday, 4 November, 2022 06:43
>
> This looks like something environmental rather than a problem with
> OpenSSL itself. /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h
> is clearly a system include file, t
!
The context I asked is that the rust-openssl wrapper always requires the
output buffer to be at least as big as the input buffer + the cipher's
block size [0] (assuming pessimistic case). That is even if I always
feed the EVP_EncryptUpdate with blocks exactly 16 bytes long the wrapper
requires 32
> From: Felipe Gasper
> Sent: Thursday, 3 November, 2022 10:43
> >
> > And your description looks wrong anyway: shutdown(SHUT_RD) has
> > implementation-defined behavior for TCP sockets (because TCP does not
> > announce the read side of half-close to the peer), and on Linux causes
> > blocked
in thing.
It's obscure in the sense that a great many people trying to use TLS get much
more basic things wrong.
More generally, the OpenSSL documentation mostly covers the OpenSSL APIs, and
leaves networking up to the OpenSSL consumer to figure out. The OpenSSL wiki
covers topics that people have w
for additional block is needed in this case ("(inl + cipher_block_size)
bytes")? I'm trying to understand the differences between OpenSSL and
other cryptographic backends in an OpenPGP library [1].
Thank you for your time and help!
Kind regards,
Wiktor
[1]:
https://gitlab.com/sequoia-pgp/sequoia/-/merge_requests/1361#note_1150958453
xhaustively
> familiar with it, but I don’t remember having seen such.)
I doubt it. I don't see anything on the wiki, and this is a pretty obscure
issue, all things considered.
> It almost seems like, given that TLS notify-close then TCP close() (i.e.,
> without awaiting the peer’s TLS notify-clos
> From: openssl-users On Behalf Of
> Steven_M.irc via openssl-users
> Sent: Wednesday, 2 November, 2022 17:18
>
> I'm really worried about the vulnerabilities recently found in OpenSSL
> versions 3.0.0 - 3.0.6.
Why? What's your threat model?
> If I understand things cor
Hi Team,
I want to upgrade the openssl version from 3.0.2 to 3.0.7. My OS version is
Ubuntu 22.04.1 LTS (Jammy Jellyfish). Please help .It is urgent.
Regards,
Anupam
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
Hi All,
I'm really worried about the vulnerabilities recently found in OpenSSL versions
3.0.0 - 3.0.6. If I understand things correctly (and please do correct me if
I'm wrong), it doesn't matter which version of OpenSSL clients are running,
only which version of OpenSSL *servers* are running
o seems like EPIPE is a
> “fact of life” here.
Yeah. That's because an OpenSSL "read" operation can do sends under the covers,
and an OpenSSL "send" can do receives, in order to satisfy the requirements of
TLS. Depending on the TLS version and cipher suite being used, it
On 11/2/22 18:29, Michael Wojcik via openssl-users wrote:
From: openssl-users On Behalf Of Phillip
Susi
Sent: Wednesday, 2 November, 2022 11:45
The only thing to fix is don't put your compiler in strict C90 mode.
I'm inclined to agree. While there's an argument for backward compatibility
> From: openssl-users On Behalf Of Phillip
> Susi
> Sent: Wednesday, 2 November, 2022 11:45
>
> The only thing to fix is don't put your compiler in strict C90 mode.
I'm inclined to agree. While there's an argument for backward compatibility,
C99 was standardized nearly a quart
Mraz, OpenSSL
So fix it?
Feels like we are just going around and around in circles here :
Strict C90 CFLAGS results in sha.h:91 ISO C90 does not support long long
https://github.com/openssl/openssl/issues/10547
OPENSSL_strnlen SIGSEGV in o_str.c line 76
https://github.com
Anupam,
please don’t attempt to install an openssl version which you built yourself to
your Linux system, it might brake your applications. Your Linux distribution
(Ubuntu) installs their own compiled versions which you can upgrade using its
package manager (apt)
Regards,
Matthias
From
Hi Team,
I want to upgrade openssl from 3.0.2 to 3.0.7. I have downloaded 3.0.7 from
https://www.openssl.org/source and installed successfully. But, still it is
showing version 3.0.2.Please help. It's urgent.
My OS: 22.04.1 LTS (Jammy Jellyfish)
Regards,
Anupam
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
Good day :
This always bites me when I try strict C90 :
In file included from include/openssl/x509.h:41,
from apps/include/apps.h:29,
from apps/lib/app_libctx.c:10:
include/openssl/sha.h:106:37: error: ISO C90 does not support 'long
long' [-Wlong-long
Dear Users,
I have released version 5.67 of stunnel.
### Version 5.67, 2022.11.01, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.7.
* New features
- Provided a logging callback to custom engines.
* Bugfixes
- Fixed "make cert" with OpenSSL olde
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [01 November 2022]
X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602)
==
Severity: High
A buffer overrun can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1s released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1s of our open
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.0.7 released
==
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 3.0.7 of our open source
On 2022-10-31 01:11, Alexei Khlebnikov wrote:
Hello Geoff,
Try the following function, receive the serial number via the
"pserial" pointer. But avoid changing the number via the pserial
pointer because it points inside the OCSP_CERTID structure.
int OCSP_id_get0_info(ASN1_OCTET_STRING
No snapshots since 2022-10-19.
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
How can one be prejudiced and
he correct way and also please provide your inputs on the below error.
FYI, I have included the openssl/evp.h and openssl/dh.h header files.
*error: dereferencing pointer to incomplete type dh = pkey->pkey.dh;
^*
PEM_write_DHparams code is replaced with OSSL_ENCODER_CTX_new_for
and continue to use unexpired certificate/key pairs signed by the expired CA
certificate. I did some research and found "openssl x509 -in ca.crt -days 3650
-out new-ca.crt -signkey ca.key" which seems to work but want to make sure
there aren't any less-than-obvious issue
> From: openssl-users On Behalf Of Felipe
> Gasper
> Sent: Wednesday, 26 October, 2022 11:15
>
> I’m seeing that OpenSSL 3, when it reads empty on a socket, sends some
> sort of response, e.g.:
>
> - before read
> [pid 42417] read(7276781]>, "&quo
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
;
}
else
{
// error
}
Martin
From: Kory Hamzeh
Sent: Monday, October 24, 2022 7:22 PM
To: amar...@xtec.com
Cc: openssl-users@openssl.org
Subject: Re: Setting a group to an existing EVP_PKEY in OpenSSL 3
I haven’t done exactly what you are trying, but something similar
Hi,
How can I set a GROUP to an existing EC type EVP_PKEY in OpenSSL 3?
In 1.0.2 I was using this code having the EC_KEY:
EC_KEY_set_group(eckey, EC_GROUP_new_by_curve_name(nid));
In OpenSSL 3 still EC_GROUP_new_by_curve_name(nid) can be used, but I don't
know how to go from
> From: openssl-users On Behalf Of ???
> Sent: Friday, 21 October, 2022 02:39
> Subject: Re: openssl-users Digest, Vol 95, Issue 27
Please note the text in the footer of each openssl-users digest message:
> When replying, please edit your Subject line so it is more specifi
Hi,
How can I get the nid from the curve name for a EC key in OpenSSL 3? I'm
porting code from OpenSSL 1.0.2.
I'm converting this:
ecc_curve_type = EC_GROUP_get_curve_name(EC_KEY_get0_group((const EC_KEY
*)eckey));
if(ecc_curve_type == NID_undef
> From: openssl-users On Behalf Of David
> Harris
> Sent: Saturday, 22 October, 2022 09:02
>
> I now have wireshark captures showing the exchanges between the working
> instance and the non-working instance respectively; the problem is definitely
> happening after STA
> From: David Harris
> Sent: Friday, 21 October, 2022 01:42
>
> On 20 Oct 2022 at 20:04, Michael Wojcik wrote:
>
> > I think more plausible causes of this failure are things like OpenSSL
> > configuration and interference from other software such as an endpoint
> &g
> From: openssl-users On Behalf Of David
> Harris
> Sent: Wednesday, 19 October, 2022 18:54
>
> Do recent versions of OpenSSL 1.1.1 have dependencies on some Windows
> facility (winsock and wincrypt seem likely candidates) that might work on
> Server 2019 but fail on
> From: openssl-users On Behalf Of ???
> Sent: Tuesday, 18 October, 2022 11:58
> I have downloaded perl strawberry, but I have no clue how to get rid of the
> built-in perl that comes in cygwin, and point cygwin to use the strawberry
> perl.
You don't have to remove the
> From: רונן לוי
> Sent: Monday, 17 October, 2022 12:03
Send messages to the list, not directly to me.
> And, in which header file am I expected to find the Definition for LONG?
That's a question about the Windows SDK, not OpenSSL.
It's in WinNT.h, per Microsoft's documentati
> From: רונן לוי
> Sent: Monday, 17 October, 2022 11:12
> see attached file for cygwin details.
I'm afraid I have no comment on that. I merely mentioned that for some OpenSSL
releases, using a POSIXy perl implementation such as Cygwin's to configure
OpenSSL for a Windows build did
> From: רונן לוי
> Sent: Monday, 17 October, 2022 11:16
Please send messages to the list, not to me directly.
> And for the question with regard to the Windows style, are you referring to
> CRLF as
> opposed to LF from linux?
No, to Windows-style file paths, with drive letters and
Hello OpenSSL users,
I need help on following errors which I am getting from myWindows machine
building on Visual Studio 2019,
Version 16.11.17.
Build started...1>-- Build started: Project: executeHelloWorld,
Configuration: Debug Win32
--1>VerifyJWTSignUsingRSA.cpp1>C:\Us
> From: openssl-users On Behalf Of ???
> Sent: Saturday, 15 October, 2022 15:48
> I have tried to build openssl using cygwin:
> Both options starts compiling, but end up with error:
> In file included from providers/implementations/storemgmt/winstore_store.c:27:
> /
Sent from my iPad
What OpenSSL functions to use in "Visual Studio 2022" to create a C++ program::
PSK = PBKDF2(Passphrase, SSID, 4096)
PMK = PBKDF2(HMAC−SHA1, PSK, SSID, 4096, 256)
PMKID = HMAC-SHA1-128(PMK,"PMK Name" | MAC_AP | MAC_STA)
Sample test data for PSK (Pre-Shared Key)
Network
> From: openssl-users On Behalf Of Dmitrii
> Odintcov
> Sent: Sunday, 2 October, 2022 21:15
>
> This is where the confusion begins: if ‘bar’, the certificate requestor,
> itself
> wants to be a CA (basicConstraints = CA:true),
I assume here you mean bar is going to be a s
Sent from my iPad
much,
Diego Gonzalez
--
-Original Message-
From: Tomas Mraz
Sent: Friday, September 30, 2022 1:22 AM
To: GonzalezVillalobos, Diego ;
openssl-users@openssl.org
> From: openssl-users On Behalf Of Tomas
> Mraz
> Sent: Friday, 30 September, 2022 00:22
>
> unfortunately I do not see anything wrong with the code. Does the
> EVP_DigestVerifyFinal return 0 or negative value? I do not think this
> is a bug in OpenSSL as this API
Hi,
Here is question,can you help me out? Thanks.
Background:
I am working to write an openssl engine to use cryptographic algorithm in a
hardware device. The hardware device support asymmetric/symmetric algorithm,
for example:rsa/aes.
Question:
When I write openssl engine, I shall use
cesful" << endl;
if (verify_md_ctx)
EVP_MD_CTX_free(verify_md_ctx);
break;
}
The only difference still is using the der signature; besides that, it is the
same. Could it be a bug?
Thank you,
Diego Gonzalez
true;
cout << "SEV EC verification Succesful" << endl;
Could it be because I'm creating a ECDSA SIG object and then turning it into a
der format to verify? Again, suggestions would be appreciated.
Thank you!
Diego Gonzalez Villalobos
-
hen I reach EVP_DigestVerifyFinal is showing this error:
Failed Final Verify error:0395:digital envelope routines::no operation set
I have been playing around with it for a while, but I am stuck at this point.
Any advice would be appreciated.
Thank you,
Diego Gonzalez Villalobos
-
> From: openssl-users On Behalf Of Michael
> Ströder via openssl-users
> Sent: Sunday, 18 September, 2022 04:27
>
> On 9/18/22 06:09, Philip Prindeville wrote:
> >> On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users us...@openssl.org> wrote:
> >&
On 9/18/22 06:09, Philip Prindeville wrote:
On Sep 15, 2022, at 4:27 PM, Michael Wojcik via openssl-users
wrote:
You still haven't explained your threat model, or what mitigation
the application can take if this requirement is violated, or why
you think this is a "best practice". >
desktop to wget in the VM.
-Ursprüngliche Nachricht-
Von: openssl-users Im Auftrag von Viktor
Dukhovni
Gesendet: Freitag, 16. September 2022 16:22
An: openssl-users@openssl.org
Betreff: Re: AW: [EXTERNAL] Stricter pathlen checks in OpenSSL 1.1.1 compared
to 1.0.2?.
On Fri, Sep 16, 2022
Oops, sorry. The correct intermediate is of course also SN2.
http://sm-pkitest.atos.net/cert/Atos-Smart-Grid-Test.CA.2.crt
Fingerprint a0 6d 32 c3 56 7d 8e 20 0f a3 8e d3 d0 0a 04 21 2a 0a 1e ae
I’ve also asked my colleagues why the download is http instead of https…
Von: openssl
at only have SN1 as a trust anchor to
verify certificates issued by SN2. But wouldn’t they stumble over pathlen too?
My colleague doing the verifying initially had all three sm-test-root.ca
certificates in his CAfile and OpenSSL 1.1.1 picked the path with the link
certificate. Onc
diagnosing the issue.
Thanks,
Corey
From: openssl-users On Behalf Of Andrew
Lynch via openssl-users
Sent: Friday, September 16, 2022 4:32 AM
To: openssl-users@openssl.org
Subject: AW: [EXTERNAL] Stricter pathlen checks in OpenSSL 1.1.1 compared to
1.0.2?.
So is this a possible bug
Dear OpenSSL Team,
While migrating to OpenSSL 3.0 we are facing issue with use of
DH_generate_key(). Getting dh->pub_key NULL.
Logic used is as given below, I have omitted the error handling code.
* p and g buffer is of type unsigned char *
* p_len is 128 and g_len i
So is this a possible bug or a feature of OpenSSL 1.1.1? (using 1.1.1n right
now)
If I set up the content of CAfile or CApath so that E <- D <- C <- A is the
only path that can be taken then the validation fails with
error 25 at 3 depth lookup: path length constraint exceeded
If
> From: openssl-users On Behalf Of Philip
> Prindeville
> Sent: Thursday, 15 September, 2022 15:41
> I was thinking of the case where the directory containing the keys (as
> configured) is correctly owned, but contains a symlink pointing outside of
> that directory som
On 9/15/22 15:40, Philip Prindeville wrote:
I was thinking of the case where the directory containing the keys (as
configured) is correctly owned, but contains a symlink pointing outside of that
directory somewhere else... say to a file owned by an ordinary user.
In that case, as has been
C5280 and X.509, the
pathlenConstraints contained in the certificate of the Trust Anchor (here,
A or B) is not taken into account. Therefore, the only ones that matter are
the values set in C and D, and these values are coherent with both chains.
On Thu, Sep 15, 2022 at 7:34 PM Andrew Lynch via openssl-
Hi,
I would like to have my understanding of the following issue confirmed:
Given a two-level CA where the different generations of Root cross-sign each
other, the verification of an end-entity certificate fails with OpenSSL 1.1.1 -
"path length constraint exceeded". With Ope
.
So... what's the Best Practices list for handling private key materials? Has
anyone fleshed this out?
This is not really related to openssl, but I will tell you what you are
likely to hear in another setting:
In most cases, applications are not really aware of symlinks, unless
they have been
> From: openssl-users On Behalf Of Philip
> Prindeville
> Sent: Tuesday, 13 September, 2022 14:17
>
> I'm working on a bug in an application where the application config is given
> the directory path in which to find a key-store, which it then loads.
>
> My issue is t
Dear Users,
I have released version 5.66 of stunnel.
### Version 5.66, 2022.09.11, urgency: MEDIUM
* New features
- OpenSSL 3.0 FIPS Provider support for Windows.
* Bugfixes
- Fixed building on machines without pkg-config.
- Added the missing "environ" declaration for
and the rsa_set0_key function
to create the RSA public key and then used RSA_public_decrypt to decrypt the
signature and RSA_verify_PKCS1_PSS to verify it. This whole workflow is now
deprecated.
//OPENSSL 1.1.1 Code
SEV_ERROR_CODE AMDCert::amd_cert_validate_sig(const amd_cert *cert
On 9/4/22 01:55, Roger James via openssl-users wrote:
As I mentioned in an earlier post you need version 1.1 or later of
openssl to successfully validate post September 30, 2021 Lets Encrypt
certificates. The version on your Centos system is 1.0.
The CentOS system was just another VM I ran
As I mentioned in an earlier post you need version 1.1 or later of openssl
to successfully validate post September 30, 2021 Lets Encrypt certificates.
The version on your Centos system is 1.0.
On 9/3/22 16:07, Viktor Dukhovni wrote:
Post the output of:
$ openssl crl2pkcs7 -nocrl -certfile
/etc/ssl/certs/local/DOMAIN.wildcards.pem |
openssl pkcs7 -print_certs -noout |
perl -ne 'BEGIN{$/="\n\n\n"} s/\n+/\n/g; print $_, "\n"'
subject=CN = DOMAIN
issuer=C = US, O
Hi all,
When the openssl interactive mode was still possible, you could set up an
engine and then use it as follows:
OpenSSL> engine -t dynamic -pre
SO_PATH:/usr/lib64/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib64/pkcs11/onepin-ope
On 9/2/22 21:42, Shawn Heisey via openssl-users wrote:
Other bare metal systems and their results with the same PEM file:
Verifies on Proxmox (the one running the VM) with openssl 1.1.1n
Verifies on Ubuntu 22.04 with openssl 3.0.2
Fails on CentOS 7.5.1804 with openssl 1.0.2k-fips
Additional
On an AlmaLinux 8.6 VM hosted in Proxmox:
[root@certs ~]# openssl verify -CAfile
/etc/ssl/certs/local/DOMAIN.wildcards.pem
/etc/ssl/certs/local/DOMAIN.wildcards.pem
C = US, O = Let's Encrypt, CN = R3
error 2 at 1 depth lookup: unable to get issuer certificate
error /etc/ssl/certs/local
knew to do so. Also, a thief can
> break your window and get into your car, so you might as well leave
> them rolled down all the time.
>
> The question wasn't "Should I care that..." or "Is it a good idea
> to...". It was "Can OpenSSL 3 do this".
&
> > It is not clear what threat model warrants taking special action when
> > the client certificate is not requested. It could equally be
> > requested and then largely ignored.
>
> A client in a highly secured network knows that every server it connects to
> will
> require a client
OpenSSL 1.1.1 full support expires on 2022-09-11; it then enters
security-fix-only mode until 2023-09-11.
Are there any plans for a final bug-fix release of 1.1.1 in the next couple
weeks (and hopefully a 3.0 release as well)?
--
-Todd Short
// tsh...@akamai.com
// "One if by land
the invalid encodings are not surviving contact with my d2i_ABC()
functions.
I'm using openssl 1.1.1o, I should say. I should also add these
structures on the cards are read-only, so I can't even fix them, I just
have to deal with them.
These are the 2 invalid encodings I have seen:
First, a bit-string
Trying to compile OpenSSL using Bootlin tool chains for ARMv5 UCLIBC found at
https://toolchains.bootlin.com/
Does anyone have recent experience compiling OpenSSL 1.1.1 specifying alternate
tool-chains?
What commands did you use?
Thanks
> Le 20 août 2022 à 08:17, b1...@b1bb2.com a écrit :
>
> I am experimenting with
> https://github.com/openssl/openssl/archive/refs/heads/master.zip openssl
> 3.1.0 Source Distribution archive
You, probably, should not. This is unreleased development code.
Current release is 3
Dear Users,
I have released version 5.65 of stunnel.
On Windows, this release fixes a high severity OpenSSL vulnerability:
https://www.openssl.org/news/secadv/20220705.txt
### Version 5.65, 2022.07.17, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.5.
* Bugfixes
1 - 100 of 1626 matches
Mail list logo