Hi,
On 08/01/21 22:35, George wrote:
Hi,
I have been trying to setup mutual authentication using a smart
card but I can't seem to get the OpenSSL Engine to send a response
back to the server containing client's certificate from the smart card.
I'm using the following to configure the
> From: openssl-users On Behalf Of George
> Sent: Sunday, 10 January, 2021 21:01
> Right now I am using the "libp11" DLL (i.e.
> libp11-libp11-0.4.11\src\pkcs11.dll)
> with my PKCS11 smart card middleware DLL. Should I be using the OpenSC pkcs11
> DLL
> instead of my middleware DLL if I am
> From: openssl-users On Behalf Of Timo
> Lange
> Sent: Monday, 11 January, 2021 10:56
> The root certificate, as well as the client private key is not available
> inside
> the container, but stored in a HSM.
> For sure the private key may never leave the HSM
OK.
> and also the root
I have successfully been able to offload specific ECC functionality via my own
engine. For example, I have been able to offload sign, verify and compute_key
methods. My latest task is now to offload, specifically, ECC point
multiplication. I am having a hard go at this. Really looking for
Hey all,
I have a question similar to
http://openssl.6102.n7.nabble.com/private-key-not-available-for-client-cert-cb-td79369.html,
that I am actively following, but though it differs in detail.
What I want to achieve is the following:
My client applications runs inside a container and needs to
Dear Timo,
For 1.0* versions it was possible to provide custom RSA_METHOD and
EC_METHOD and implement an IPC callback.
I think it still should work for 1.1.1
It may be also useful to take a look at the async API.
On Mon, Jan 11, 2021 at 6:56 PM Timo Lange wrote:
> Hey all,
>
> I have a
On Mon, Jan 11, 2021 at 09:26:30PM +, Jeremy Harris wrote:
> On 11/01/2021 08:20, Benjamin Kaduk wrote:
> > Current recommendations are not to use the finished message as the channel
> > binding but instead to define key exporter label for the given usage
> > (see
> >
Hello.
Matt Caswell wrote in
:
|On 09/01/2021 23:24, Steffen Nurpmeso wrote:
|> Hello.
|>
|> I do use SSL_CONF_cmd() (and modules) possibility if it exists,
|> since it allow users to simply use the features of the newest
|> OpenSSL library without any code changes on my side.
|> This is
On 11/01/2021 08:20, Benjamin Kaduk wrote:
What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
I do not find them documented at
On Mon, Jan 11, 2021 at 10:31:01PM +, Jeremy Harris wrote:
> On 11/01/2021 22:07, Benjamin Kaduk wrote:
> > > Looking at the implementation, SSL_export_keying_material() only
> > > functions for TLS 1.3 . This is not documented. Is this a bug?
> > Are you looking at
On 11/01/2021 22:07, Benjamin Kaduk wrote:
Looking at the implementation, SSL_export_keying_material() only
functions for TLS 1.3 . This is not documented. Is this a bug?
Are you looking at SSL_export_keying_material() or
SSL_export_keying_material_early()?
Doh. I was looking at the wrong
On 11/01/2021 08:20, Benjamin Kaduk wrote:
Current recommendations are not to use the finished message as the channel
binding but instead to define key exporter label for the given usage
(see https://tools.ietf.org/html/rfc8446#section-7.5), using
SSL_export_keying_material().
Follow-on
I found out what my problem is! I'm running it in FIPS mode and this
causes the PKCS11 engine to fail during mutual authentication. I
eventually traced the problem to the following issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1827535
It looks like there is a bug in libp11. Once I made
I'm running this in Windows 10 and when I load the smart card middleware
PKCS11 DLL, I see the exception:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: unsigned long at memory location 0x07FCFA00.
During mutual authentication, I also see alot of other exceptions
Hi team,
https://www.openssl.org/docs/man1.0.2/man3/CRYPTO_set_locking_callback.html
: From this , learnt that for openssl multi-threaded applications to be
run safely, the callback functions to be implemented.
I am using this in a multi-threaded application and Above scenario was
again
On 09/01/2021 23:24, Steffen Nurpmeso wrote:
> Hello.
>
> I do use SSL_CONF_cmd() (and modules) possibility if it exists,
> since it allow users to simply use the features of the newest
> OpenSSL library without any code changes on my side.
> This is great, and i think i applauded in the past.
On Sun, Jan 10, 2021 at 02:44:38PM +, Jeremy Harris wrote:
> Hi,
>
> What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
>
> I do not find them documented at
>
>
17 matches
Mail list logo