Re: [openssl-users] s_server and explicit dhparam

2017-09-21 Thread Benjamin Kaduk via openssl-users
On 09/21/2017 03:30 AM, Le Van Gong, Hubert wrote: > Hi there, > > I'm trying to run opensslin server modeand leverage non-default DH > params with the following command: > sudo openssl s_server -cert server_cert.pem -dhparam dhparam_2.pem > -tls1_3 -accept 443 > > Where the dhparam_2.pem file

[openssl-users] Un-signed CSRs

2017-09-21 Thread Ellie Daw
Has anyone had success parsing un-signed CSRs? Based on some research and the errors I’m seeing while trying to get my code working, it seems like the d2i_X509_REQ_bio (and more directly the asn1_parse) API choke on un-signed CSRs… this is the error dump: OSSL error:

Re: [openssl-users] Un-signed CSRs

2017-09-21 Thread Salz, Rich via openssl-users
Ø Has anyone had success parsing un-signed CSRs? By its definition a CSR is signed. So this will not work. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Un-signed CSRs

2017-09-21 Thread Ellie Daw
Right, I’m just trying to fill it out in steps and wanted to check to be sure I wasn’t missing a trick with the API before I implement any “workaround”. Thanks for your response! > On Sep 21, 2017, at 11:26 AM, Salz, Rich via openssl-users > wrote: > > > Ø Has

Re: [openssl-users] s_server and explicit dhparam

2017-09-21 Thread Le Van Gong, Hubert
Hi Ben, Ah, good catch. Maybe the doc should be updated to mention that fact. Does anyone know if this is on the roadmap? Thanks, Hubert On 9/21/17 20:12, Benjamin Kaduk wrote: On 09/21/2017 03:30 AM, Le Van Gong, Hubert wrote: Hi there, I'm trying to run opensslin server modeand leverage

[openssl-users] Creating requests and certificates with Subject Alternative Names

2017-09-21 Thread Angus Robertson - Magenta Systems Ltd
I'm creating X509 certificate requests and certificates in code, trying to add X509v3 Subject Alternative Name, with 1.1.0f. But if I add a list of four domains, ie: www1.mydomain www2.mydomain www3.mydomain www4.mydomain The certificate seems to ignore some and repeat others: X509v3

[openssl-users] s_server and explicit dhparam

2017-09-21 Thread Le Van Gong, Hubert
Hi there, I'm trying to run opensslin server modeand leverage non-default DH params with the following command: sudo openssl s_server -cert server_cert.pem -dhparam dhparam_2.pem -tls1_3 -accept 443 Where the dhparam_2.pem file contains the 2 DH params I want to use. However, I keep getting