On 17/10/2022 13:10, Ashok Kumar Sarode via openssl-users wrote:
NOTE: I have re-named file openssl\*configuration.h.in* to
openssl\*configuration.h*
Likewise i re-named err.h, ssl.h, opensslv.h, crypto.h
Don't do that. That is almost certainly the cause of these errors. The
".h.in"
Hello OpenSSL users,
I need help on following errors which I am getting from myWindows machine
building on Visual Studio 2019,
Version 16.11.17.
Build started...1>-- Build started: Project: executeHelloWorld,
Configuration: Debug Win32
--1>VerifyJWTSignUsingRSA.cpp1>C:\Us
xtra option: "subjectKeyIdentifier=hash"
req: Use -help for summary.
and this will be available with OpenSSL 3.1.
BTW, if you want a validity period of exactly 100 years, you need to take into
account 24 leap days/years,
so better use "-days 36524" than "-days 36500".
d setting valid values for
p q and g using DH_set0_pqg().
BIGNUM *a = BN_bin2bn(p, p_len, NULL);
BIGNUM *b = BN_bin2bn(g, g_len, NULL);
DH_set0_pqg(dh, a, NULL, b);
But this did not help, as this set function does not change q value if NULL is
passed.
We don't have idea about what can be a va
va:272)
> at com.android.signapk.SignApk.main(SignApk.java:1210)
>
>
> My ubuntu version is 20.04.4 LTS
>
> openjdk version is 11.0.15 2022-04-19
>
> openssl version is 1.1.1r-dev built on Mon Aug 22 11:19:51 2022 UTC
>
>
> Any help is welcome.
>
> ---
-dev built on Mon Aug 22 11:19:51 2022 UTC
Any help is welcome.
**
努比亚技术有限公司 基础框架团队 李周华
联系电话:18706866323
地址:西安市高新唐延南路10号中兴产业园A座101
Email:0016003...@nubia.com
**
lso have to
> look over your available compiler tool chain or change your configuration.
>
> target already defined - macosx-cross-x86_64 (offending arg:
> darwin64-x86_64-cc)
>
Now, my question is I want to build the OpenSSL using the targets defined
in my "20-ios-tvos-cro
On Mon, May 09, 2022 at 06:00:14AM +, Srinivas, Saketh (c) wrote:
> I need to set the current_issuer field in an object of the
> X509_STORE_CTX structure. Can any suggest the setter function for
> this.
You almost certainly don't *need* to do this. What is the actual
high-level task you're
HI,
i need to set the current_issuer field in an object of the X509_STORE_CTX
structure. Can any suggest the setter function for this.
Also, current_crl_score and current_reasons also are needed to be 0 for me. Can
you suggest setters for these variables.
Thanks,
Saketh.
Notice: This e-mail
HI,
i need to set the current_issuer field in an object of the X509_STORE_CTX
structure. Can any suggest the setter function for this. current_crl_score and
current_reasons also are needed to be 0 for me. Can you suggest setters for
these variables.
Thanks,
Saketh.
Notice: This e-mail
i am using openssl 3.0
From: openssl-users on behalf of Matt
Caswell
Sent: Tuesday, February 15, 2022 6:45 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] Re: need some help with the block size value
On 15/02/2022 12:13, Srinivas, Saketh (c) wrote:
>
On 15/02/2022 12:13, Srinivas, Saketh (c) wrote:
Hi,
i am trying to get the block size of EVP_des_ede3_cbc cipher using the
below function but it's not returning anything.
EVP_CIPHER_get_block_size(EVP_des_ede3_cbc())
This code looks fine to me, and I just tested this and it returned
Hi,
i am trying to get the block size of EVP_des_ede3_cbc cipher using the below
function but it's not returning anything.
EVP_CIPHER_get_block_size(EVP_des_ede3_cbc())
Does anyone have any idea how to.
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information
Hi,
i am trying to modify a function which earlier used openss1 to compute shared
key the aruguments to the function are:
rc_vchar_t *pub , rc_vchar_t *priv ; '// public and private keys.
if (eay_v2bn(>pub_key, pub) < 0)
goto end;
if (eay_v2bn(>priv_key, priv) < 0)
goto
alert" .
I think some issue with closing TLS connection in openssl3.
Can someone help me understand why?
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain
information of Ribbon Communications Inc. and its Affiliates that is
confidential and/or proprietary for th
think some issue with closing TLS connection in openssl3.
Can someone help me understand why?
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential and/or
proprietary for the sole use of th
design docs for FIPS 3.0 module would be great help.
Thanking you in anticipation,
Sanjeev Kumar Mishra
/docs/manmaster/man7/OSSL_PROVIDER-FIPS.html<https://www.openssl.org/docs/manmaster/man7/OSSL_PROVIDER-FIPS.html>
NAME. OSSL_PROVIDER-FIPS - OpenSSL FIPS provider. DESCRIPTION. The Open
r: #error OpenSSL 1.0.1 or greater is
>required
>To satisfy this condition, I downloaded openssl-1.1.1l. I do not know how to
> configure/make this software to create the 5 sets of SSL libraries required by
> SSH to make for my 5 targets.
Have you read the README and INSTALL files in th
I am trying to cross-compile the SSL software on VMware running the following:
Linux Debian 3.16.0-4-686-pae #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19)
i686 GNU/Linux
I need to cross-compile the SSL software for the following targets running two
versions of the QNX Operating System:
ory `/home/williams/ssh/qnx650-ppcbespe/openbsd-compat'
make: *** [openbsd-compat/libopenbsd-compat.a] Error 2
In response, I downloaded OPENSSL Version 1.1.1l. I have no idea how to
configure this to make it cross-compile for the 5 targets I need the libraries
for versus compiling for th
.html
Matt
Please let me know the Openssl 3.0 API's for the same.
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 3:03 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Cc: Kumar Mishra, Sanjeev
Subject: Re: [EXTERNAL] R
Hi Matt,
Thanks for the help. I need get SSL members (ssl->session , ssl->ctx
, ssl->references) and set SSL member (ssl->tlsext_ocsp_resp).
Please let me know the Openssl 3.0 API's for the same.
Thanks and Regards,
Sunil
-Original Message-
From:
ecGrpId = EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
/* some code follows*/
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 2:23 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Subject:
penssl.org
Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL
1.0.2 to 3.0
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
> Hi All,
>
> I need get APIs for accessing the members of EVP_PKEY.
> Please suggest APIs to get following members of EVP_P
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
Hi All,
I need get APIs for accessing the members of EVP_PKEY. Please
suggest APIs to get following members of EVP_PKEY
evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.
EVP_PKEY_get_id() will get you the `evpkey->type`
Hi All,
I need get APIs for accessing the members of EVP_PKEY. Please suggest
APIs to get following members of EVP_PKEY
evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.
Thanks and Regards,
Sunil
Notice: This e-mail together with any attachments may contain information of
Sunil
Sent: Thursday, October 21, 2021 2:49 AM
To: openssl-users@openssl.org
Subject: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Hi All,
Please let me know how I can replace the below 1.0.2 code to 3.0
SSL_SESSION data;
SSL_SESSION *ret=NULL;
On 21/10/2021 09:48, Paramashivaiah, Sunil wrote:
Hi All,
Please let me know how I can replace the below 1.0.2 code to 3.0
* SSL_SESSION data;*
* SSL_SESSION *ret=NULL;*
**
* data.ssl_version = sessVersion;*
* data.session_id_length= sessIdLen;*
**
*
Hi All,
Please let me know how I can replace the below 1.0.2 code to 3.0
SSL_SESSION data;
SSL_SESSION *ret=NULL;
data.ssl_version = sessVersion;
data.session_id_length= sessIdLen;
memcpy(data.session_id, sessId, sessIdLen);
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
On 20/10/2021 11:41, Paramashivaiah, Sunil wrote:
Hi All,
Please let me know APIs to get members(ssl_version, session_id,
references and session_id_length) of SSL_SESSION structure variable.
For ssl_version you can use SSL_SESSION_get_protocol_version.
For
On 20/10/2021 10:57, Kumar Mishra, Sanjeev wrote:
Hi,
I am upgrading the code from OpenSSL 1.0.1 to 3.0. I am getting
following compilation errors. Could you please suggest appropriate
changes for following-
1. X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); error:
Hi All,
Please let me know APIs to get members(ssl_version, session_id,
references and session_id_length) of SSL_SESSION structure variable.
Thanks and Regards,
Sunil
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its
Hi,
I am upgrading the code from OpenSSL 1.0.1 to 3.0. I am getting following
compilation errors. Could you please suggest appropriate changes for following-
1. X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); error:
'X509err' was not declared in this scope
2. RSA *rsa =
Hi,
We encrypt data using openSSL C++ API, decrypt data using java(default
security package).
99.9% of the time, it works fine, but when multi-instances of apps encrypt
data at same time, java fails to decrypt .
We are using version 1.1.01 (AES/CBC/PKCS5Padding)
mpCtx = EVP_CIPHER_CTX_new();
> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Monday, 23 August, 2021 04:40
>
> On 21/08/2021 19:42, Michael Wojcik wrote:
> >> From: rgor...@centerprism.com
> >> Sent: Saturday, 21 August, 2021 11:26
> >>
> >> My openssl.cnf (I have tried `\` and `\\` and `/`
On 21/08/2021 19:42, Michael Wojcik wrote:
From: rgor...@centerprism.com
Sent: Saturday, 21 August, 2021 11:26
My openssl.cnf (I have tried `\` and `\\` and `/` directory separators):
Use forward slashes. Backslashes should work on Windows, but forward slashes work
everywhere. I don't know
Am 21.08.21 um 19:53 schrieb rgor...@centerprism.com:
I am fine on the command line. I just need a little help with openssl. Do you
have any ideas on setting the hostname with openssl.cnf?
If it would be bash on Linux, scripting this not a challenge. About Windows: No
idea, sorry.
Subject: Re: Need some help signing a certificate request
Hi rgor...@centerprism.com,
the substitution for your CA did not work: 'Subject: CN = $(hostname), O =
server'.
My recommendation, if you are not familiar with openssl and the command line
would be, use XCA, there is a Windows version
I am fine on the command line. I just need a little help with openssl. Do you
have any ideas on setting the hostname with openssl.cnf?
-Original Message-
From: openssl-users On Behalf Of Keine Eile
Sent: Saturday, August 21, 2021 1:46 PM
To: openssl-users@openssl.org
Subject: Re: Need
It was the index.txt like you said. Thank you.
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: Saturday, August 21, 2021 1:43 PM
To: openssl-users@openssl.org
Subject: RE: Need some help signing a certificate request
> From: rgor...@centerprism.com
>
K/Q
SrRacEUzOrinThIZ4Wvv0Mjlg7BLbIdOFJkVerYzZKN8kg4V1N3HNR13iP5EuJuv
-END CERTIFICATE REQUEST-
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: Saturday, August 21, 2021 1:22 PM
To: openssl-users@openssl.org
Subject: RE: Need some help signing a certificate request
From: open
> From: rgor...@centerprism.com
> Sent: Saturday, 21 August, 2021 11:26
>
> My openssl.cnf (I have tried `\` and `\\` and `/` directory separators):
Use forward slashes. Backslashes should work on Windows, but forward slashes
work everywhere. I don't know that "\\" will work anywhere.
> [ ca
SrRacEUzOrinThIZ4Wvv0Mjlg7BLbIdOFJkVerYzZKN8kg4V1N3HNR13iP5EuJuv
-END CERTIFICATE REQUEST-
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: Saturday, August 21, 2021 1:22 PM
To: openssl-users@openssl.org
Subject: RE: Need some help signing a certificate request
> From: openssl-users On Behalf Of
>
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: Saturday, August 21, 2021 1:22 PM
To: openssl-users@openssl.org
Subject: RE: Need some help signing a certificate request
> F
e exceptions are mostly the cmd.exe built-ins.
> On Sat, Aug 21, 2021 at 09:21 <mailto:rgor...@centerprism.com> wrote
> When I type ‘openssl ca -config .\openssl.cnf -in ../server/req.pem -out
We need to see the contents of openssl.cnf. It might also help to have the CSR
(req.pem). Sin
Thanks for the comment. I have tried both `/` and `\` with no change.
From: openssl-users On Behalf Of Tom Browder
Sent: Saturday, August 21, 2021 11:41 AM
Cc: openssl-users@openssl.org
Subject: Re: Need some help signing a certificate request
On Sat, Aug 21, 2021 at 09:21 mailto:rgor
On Sat, Aug 21, 2021 at 09:21 wrote
...
> When I type ‘openssl ca -config .\openssl.cnf -in ../server/req.pem -out
>
I don't do wndows, but your directory separators are not consistent--not
sure of the effect.
-Tom
. No 'server_certificate.pem' anywhere I can find.
Any help diagnosing this will be appreciated.
On 8/17/2021 9:47 PM, Sands, Daniel via openssl-users wrote:
The dump you show below is:
Attributes (set, tagged with a 0, optional)
Version
privateKeyAlgorithm
privateKey
This is a PKCS#8 packet for a key. The encapsulated data is the RSA public key
in PKCS1 format. I know OpenSSL has
> My latest attempt to code the below DER is this. It compiles, but the d2i
> segfaults on apparently the second element.
>
> Anything obviously wrong?
>
> typedef struct {
> ASN1_INTEGER *version;
> ASN1_INTEGER *serialNumber;
> X509_ALGOR *signature;
> X509_PUBKEY *key;
>
My latest attempt to code the below DER is this. It compiles, but the d2i
segfaults on
apparently the second element.
Anything obviously wrong?
typedef struct {
ASN1_INTEGER *version;
ASN1_INTEGER *serialNumber;
X509_ALGOR *signature;
X509_PUBKEY *key;
} TPM_ADDTOCERT;
On 8/17/2021 12:57 PM, Sands, Daniel via openssl-users wrote:
Now I would like to do the other end, where I have der and I want to
parse back to the structure, using d2i()
1 - Is there a tutorial on this?
Seems like you don't need one. If you got i2d working you should have d2i
already!
Locking in OpenSSL 1.1.1 and later is completely different. You no
longer need to and should not try to register the locking callbacks.
Pauli
On 17/8/21 11:59 pm, Kumar Mishra, Sanjeev wrote:
Hi All,
I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0.
I am getting compilation errors
> >> Now I would like to do the other end, where I have der and I want to
> >> parse back to the structure, using d2i()
> >>
> >> 1 - Is there a tutorial on this?
> >
> > Seems like you don't need one. If you got i2d working you should have d2i
> already!
> >
>
> I wasn't clear. The input and
On 8/17/2021 10:38 AM, Matt Caswell wrote:
On 16/08/2021 21:56, Ken Goldman wrote:
I am trying to parse some ASN.1 DER so I can add it to an X.509 certificate.
For the input side, a poster showed me
ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then
DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS
On 16/08/2021 21:56, Ken Goldman wrote:
I am trying to parse some ASN.1 DER so I can add it to an X.509
certificate.
For the input side, a poster showed me
ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then
DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS
which created the i2d() function.
It
Hi All,
I am upgrading the code from OpenSSL 1.0.1 to OpenSSL 3.0.
I am getting compilation errors for deprecated functions and macros like
"CRYPTO_num_locks()" , "CRYPTO_LOCK" ..etc. But there is not any
replacement for these functions and macros in OpenSSL 3.0.
How can I handle these
I am trying to parse some ASN.1 DER so I can add it to an X.509 certificate.
For the input side, a poster showed me
ASN1_SEQUENCE, ASN1_SEQUENCE_END, and then
DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS
which created the i2d() function.
Now I would like to do the other end, where I have
; > > -fcf-protection -Wa,--noexecstack
> > > -Wa,--generate-missing-build-notes=yes
> > > -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
> > -DOPENSSL_USE_NODELETE
> > > -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
> > -DOPENSSL_IA32_SSE2
> > > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
> > -DOPENSSL_BN_ASM_GF2m
> > > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM
> > -DRC4_ASM
> > > -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM
> > -DECP_NISTZ256_ASM
> > > -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY
> > > -DDEVRANDOM="\"/dev/urandom\""
> > >
> > -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-
> > ends/openssl.config"
> > >
> > > OPENSSLDIR: "/etc/pki/tls"
> > >
> > > ENGINESDIR: "/usr/lib64/engines-1.1"
> > >
> > > Seeding source: os-specific
> > >
> > > engines:rdrand dynamic
> > >
> > >
> > > Really appriciate your time and help, thanks in advance.
> > >
> > > Thanks,
> > > Vinod
> > >
> >
-DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
>
> OPENSSLDIR: "/etc/pki/tls"
>
> ENGINESDIR: "/usr/lib64/engines-1.1"
>
> Seeding source: os-specific
>
> engines:rdrand dynamic
>
>
> Really appriciate your time and help, thanks in advance.
>
> Thanks,
> Vinod
>
A1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM
> > -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
> > -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY
> > -DDEVRANDOM="\"/dev/urandom\""
> > -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
> >
> > OPENSSLDIR: "/etc/pki/tls"
> >
> > ENGINESDIR: "/usr/lib64/engines-1.1"
> >
> > Seeding source: os-specific
> >
> > engines:rdrand dynamic
> >
> >
> > Really appriciate your time and help, thanks in advance.
> >
> > Thanks,
> > Vinod
> >
>
o-policies/back-ends/openssl.config"
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: os-specific
engines:rdrand dynamic
Really appriciate your time and help, thanks in advance.
Thanks,
Vinod
K1600_ASM -DRC4_ASM -DMD5_ASM
> -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM
> -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\""
> -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config"
>
> OPENSSLDIR: "/etc/pki/tls"
>
> ENGINESDIR: "/usr/lib64/engines-1.1"
>
> Seeding source: os-specific
>
> engines: rdrand dynamic
>
> Really appriciate your time and help, thanks in advance.
>
> Thanks,
> Vinod
>
ce: os-specific
engines: rdrand dynamic
Really appriciate your time and help, thanks in advance.
Thanks,
Vinod
On Fri, Apr 16, 2021 at 04:27:23PM +, Richard Simard wrote:
> root@PKI:/# /usr/bin/openssl ca
> -selfsign
^
> -config /etc/root-ca.conf
> -in /ca/network-ca/csr/network-ca.csr
> -out /ca/network-ca/crt/network-ca.crt
> -extensions intermediate_ca_ext
> -startdate
avril 2021 12:27
À : openssl-users@openssl.org
Objet : Help request
When I try to sign a certificate, I get this message and yet the certificate
and the key match Someone can help me?
Tank You!
Richard Simard
root@PKI:/# /usr/bin/openssl ca -selfsign -config /etc/root-ca.conf -in
/ca/network
When I try to sign a certificate, I get this message and yet the certificate
and the key match
Someone can help me?
Tank You!
Richard Simard
root@PKI:/# /usr/bin/openssl ca -selfsign -config /etc/root-ca.conf -in
/ca/network-ca/csr/network-ca.csr -out /ca/network-ca/crt/network-ca.crt
nSSL_1.0.2_to_OpenSSL_1.1.1_guide
>>
>>
>>
>> -Tom
>>
>>
>>
>> *From:* openssl-users *On Behalf Of *
>> Fabio
>> *Sent:* Tuesday, April 13, 2021 12:59 AM
>> *To:* openssl-users@openssl.org
>> *Subject:* Re: Help with i2d_CMS
gt; *Sent:* Tuesday, April 13, 2021 12:59 AM
> *To:* openssl-users@openssl.org
> *Subject:* Re: Help with i2d_CMS_bio_stream from OpenSSL 1.0 to OpenSSL
> 1.1.1j
>
>
>
> Hi,
>
> no one have some hints?
>
>
>
> Il giorno gio 8 apr 2021 alle ore 10:53 Fabio ha
> scritto
Hello,
Are there any clues for you here?
https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide
-Tom
From: openssl-users On Behalf Of Fabio
Sent: Tuesday, April 13, 2021 12:59 AM
To: openssl-users@openssl.org
Subject: Re: Help with i2d_CMS_bio_stream
Hi,
no one have some hints?
Il giorno gio 8 apr 2021 alle ore 10:53 Fabio ha scritto:
> Hi all,
> I have a problem upgrading my code from openssl 1.0 to the last 1.1.1j.
> Using an older version, I exported the CMS code in order to extend and
> modify some calculations. I used
Hi all,
I have a problem upgrading my code from openssl 1.0 to the last 1.1.1j.
Using an older version, I exported the CMS code in order to extend and
modify some calculations. I used i2d_CMS_bio_stream to convert the struct
to DER.
Using OpenSSL 1.1.1j i had to change all the DECLARE_STACK_OF
Hi Craig,
On Wed, Dec 09, 2020 at 08:35:46PM +0900, Craig Henry wrote:
> Hi,
>
> This is my first post to this list so please be kind!
>
> Environment - Linux Centos
> SSL - 1.0.2k19-el7
>
> Connection - CURL (via PHP) with public / private key auth + http basic auth
>
> We're having an issue
On 09/12/2020 11:35, Craig Henry wrote:
> Hi,
>
> This is my first post to this list so please be kind!
>
> Environment - Linux Centos
> SSL - 1.0.2k19-el7
>
> Connection - CURL (via PHP) with public / private key auth + http basic auth
>
> We're having an issue where we are seeing
Hi,
curl on RHEL-7 and Centos 7 uses NSS and not OpenSSL as the TLS
backend. So this is unfortunately a wrong mailing list to ask.
Tomas Mraz
On Wed, 2020-12-09 at 20:35 +0900, Craig Henry wrote:
> Hi,
>
> This is my first post to this list so please be kind!
>
> Environment - Linux Centos
>
Hi,
This is my first post to this list so please be kind!
Environment - Linux Centos
SSL - 1.0.2k19-el7
Connection - CURL (via PHP) with public / private key auth + http basic auth
We're having an issue where we are seeing intermittent behavior connecting
to a 3rd party of the key being
Hello,
Could anyone help me to compile the openssl static libraries under ARMV4i
compiler.
I have tried and spent long time, still getting error message.
Winsock2.h error servent:struct type redefinition. Return code 0x2.
Thanks
Geetha
Hi,
I am trying to do a walkthrough of verifying a certificate signing.
1) I have pulled the signature as follows:
openssl asn1parse -in cert.pem -out cert.sig -noout -strparse 638
The offset of 638 is because asn1parse of the cert.pem file produces:
625:d=2 hl=2 l= 9 prim: OBJECT
Hi All,
I am seeking help on generating FIPS compliance OpenSSL libs for Android Native
Application.
I am trying to build openssl-1.0.2t with the FIPS module openssl-fips-2.0.16 to
support 64-bit android devices, I have tried following the steps on the Openssl
wiki <https://wiki.openssl.
On 23/07/2020 23:06, John Baldwin wrote:
> On 6/10/20 3:48 PM, John Baldwin wrote:
>> On 6/8/20 4:12 AM, Kurt Roeckx wrote:
>>> On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote:
At the moment there are 3 open PRs related to Kernel TLS offload
support that I'm aware of:
On 6/10/20 3:48 PM, John Baldwin wrote:
> On 6/8/20 4:12 AM, Kurt Roeckx wrote:
>> On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote:
>>> At the moment there are 3 open PRs related to Kernel TLS offload
>>> support that I'm aware of:
>>>
>>> - 11589 adds TLS1.3 for Linux, has one
On 6/8/20 4:12 AM, Kurt Roeckx wrote:
> On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote:
>> At the moment there are 3 open PRs related to Kernel TLS offload
>> support that I'm aware of:
>>
>> - 11589 adds TLS1.3 for Linux, has one approval from Matt Caswell
>> - 10626 adds TLS1.3 for
On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote:
> At the moment there are 3 open PRs related to Kernel TLS offload
> support that I'm aware of:
>
> - 11589 adds TLS1.3 for Linux, has one approval from Matt Caswell
> - 10626 adds TLS1.3 for FreeBSD, from which 11589 is derived, but
it is probably prudent for it to be merged
first at for me to then rebase the other two PRs on top of that
and resolve conflicts, etc.
Is there anything I can do to help with getting 11589 merged? I'm
not an OpenSSL committer, so I can't formally add the second
approval it needs. Similarly once 11589
existing project to build the
executable.
What are the relevant files of the source code shall I use ?
Thanks. Appreciate your help.
[RF IDeas]<http://www.rfideas.com/>
Deep Patel
Embedded Software Engineer
D:
224-333-2084
P:
847-870-1723 Ext 437
E:
ddpa...@rfideas.com<mailto:ddpa...@rf
my target
environment/hardware ?
Thanks. Appreciate your help.
[RF IDeas]<http://www.rfideas.com/>
Deep Patel
Embedded Software Engineer
D:
224-333-2084
P:
847-870-1723 Ext 437
E:
ddpa...@rfideas.com<mailto:ddpa...@rfideas.com>
A:
4020 Winnetka Ave., Rolling Meadows, IL 6
= SEQWRAP, OID:aes-256-ecb
> SMIMECapability.4 = SEQWRAP, OID:aes-256-cbc
> SMIMECapability.5 = SEQWRAP, OID:aes-256-ofb
> SMIMECapability.6 = SEQWRAP, OID:aes-128-ecb
> SMIMECapability.7 = SEQWRAP, OID:aes-128-cb
.51063.0.1.0
GroupeSTIDevice = 1.3.6.1.4.1.51063.0.1.1
GroupeSTIAssuranceEV= 1.3.6.1.4.1.51063.0.1.2
De : openssl-users De la part de Libor
Chocholaty
Envoyé : 6 avril 2020 16:42
À : openssl-users@openssl.org
Objet : Re: Help with certificatePolicies section
Hi,
could you share commands that led to this error?
It looks to me referenced non existent section in config file like as
param "-extensions" option.
Regards,
Libor
On 2020-04-06 19:43, Richard Simard wrote:
> Hi!
>
> Anybody can help me whit this error?
>
>
Hi!
Anybody can help me whit this error?
Error Loading extension section server_cert
140091048477824:error:0E06D06C:configuration file routines:NCONF_get_string:no
value:../crypto/conf/conf_lib.c:273:group=CA_default name=email_in_dn
140091048477824:error:0E06D06C:configuration file
s.
Thanks for your help,
Jason
rGuide-2.0.pdf,Appendix
C Example OpenSSL Based Application,C1, which creates one Makefile and one c
source code file. when run make command, it always use ld to do the link, not
the fipsld, but when I run command like :
make CC=/path/to/fipsld
it seems ran into loop, so, I need your help
CC=/path/to/fipsld
> it seems ran into loop, so, I need your help about what to fix to make
> the example works.
>
>
>
>
>
>
=/path/to/fipsld
it seems ran into loop, so, I need your help about what to fix to make the
example works.
Thanks Rich,
On Wed, Nov 13, 2019 at 12:34 PM Salz, Rich wrote:
> *>*For using 1.1.0, we only need to call RAND_bytes() ?
>
>
>
> Yes. But do check the return value of RAND_bytes.
>
On Wed, Nov 13, 2019 at 12:23:37PM -0500, Jason Qian via openssl-users wrote:
> Here is the code for creating the key (openssl-0.9.8h)
Is this is a new question? It seems to no longer be related to DH
key agreement.
> int AESCipher::createKey(unsigned char *buf, int keySize) {
> char
>For using 1.1.0, we only need to call RAND_bytes() ?
Yes. But do check the return value of RAND_bytes.
Thanks Rich and Tomas,
Here is the code for creating the key (openssl-0.9.8h)
int AESCipher::createKey(unsigned char *buf, int keySize) {
char seed[256];
::sprintf(seed, "%ldXXX_XXX_H__x__xxx_x_xxx__INCLUDED_",
MiscUtils::generateId());
RAND_seed(seed, ::strlen(seed));
> On Nov 12, 2019, at 3:14 AM, Tomas Mraz wrote:
>
> Could it be a padding issue? I.E. use DH_compute_key_padded() instead.
Do we have an open issue to document DH_compute_key_padded(3)?
It should be documented right next to DH_compute_key(3), with
some words to suggest that the caller needs to
>RAND_seed(seed, ::strlen(seed));
>RAND_bytes(buf, keySize / 8);
I don’t know where you are getting the seed, but it is typically binary data,
not a C string.
If you are using 1.1.0 or later, you do not need to seed things.
1 - 100 of 1667 matches
Mail list logo