[openssl-users] Renegotiation with Client Certs failure

Hello, I inherited the code for web-server like server that i need to maintain. It is setup that when you request a certain URL, the server will renegotiate and request a client certificate. They said it worked when they use OpenSSL 0.9.8, but we are seeing issues with 1.0.2l. When it does

Re: [openssl-users] How to get a bye or word from BIGNUM in OpenSSL 1.1?

On 02/08/2017 04:21, Jeffrey Walton wrote: I'm trying to extract the low-order byte or word from a BIGNUM in OpenSSL 1.1. We were told to use BN_bn2binpad, but its not clear to me how to specify the location we want to extract. For example: const char v[] = "ffeeddccbbaa9988776655443322110

[openssl-users] How to get a bye or word from BIGNUM in OpenSSL 1.1?

I'm trying to extract the low-order byte or word from a BIGNUM in OpenSSL 1.1. We were told to use BN_bn2binpad, but its not clear to me how to specify the location we want to extract. For example: const char v[] = "ffeeddccbbaa99887766554433221100"; BIGNUM n = BN_new(); if (BN_hex2b

Re: [openssl-users] session resumption tls1.2/tls1.3

On Tue, Aug 1, 2017 at 10:46 AM, Neetish Pathak wrote: > > > On Mon, Jul 31, 2017 at 2:00 PM, Matt Caswell wrote: > >> >> >> On 31/07/17 20:37, Neetish Pathak wrote: >> > On 26/07/17 00:05, Neetish Pathak wrote: >> > >> *Pseudocode for server* >> > >> * >> > >> * >> >

Re: [openssl-users] session resumption tls1.2/tls1.3

On Mon, Jul 31, 2017 at 2:00 PM, Matt Caswell wrote: > > > On 31/07/17 20:37, Neetish Pathak wrote: > > On 26/07/17 00:05, Neetish Pathak wrote: > > >> *Pseudocode for server* > > >> * > > >> * > > >> tcp_accept > > >> * > > >> * > > >>

Re: [openssl-users] private key difference: openssl genrsa vs opnessl req newkey

On Wed, Jul 26, 2017 at 09:21:43PM +0200, Michele Mase' wrote: > So, what should be the command line to use in order to obtain the same key? > openssl genrsa This creates keys in a legacy RSA algorithm-specific format. > openssl req -nodes -newkey rsa:2048 some_extra_parameters This c

Re: [openssl-users] private key difference: openssl genrsa vs opnessl req newkey

Anyone? On Wed, Jul 26, 2017 at 9:21 PM, Michele Mase' wrote: > Tx. > So, what should be the command line to use in order to obtain the same key? > openssl genrsa > openssl req -nodes -newkey rsa:2048 some_extra_parameters > Michele MAsè > > On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Ka

[openssl-users] -engine pkcs11 - keyform ENGINE -inkey ABC : NOT in command line

I need these openssl parameters to be used without specifying it in command line. It doesn't matter, if it is in config file or environment variables. How to do that? (I need to sign xml documents via xmlsec. xmlsec can use openssl as crypto, but I do not have idea, how xmlsec call openssl. It do