On 16/10/2018 06:19, Viktor Dukhovni wrote:
On Oct 15, 2018, at 9:22 PM, Viktor Dukhovni wrote:
pointing the CACertFile to 750KB file with 149 certificates.
With 149 certs, and typical CA names O(80) bytes, we're looking at
~12KB of cert names, which should fit into an extension that can be
u
> On Oct 15, 2018, at 9:22 PM, Viktor Dukhovni
> wrote:
>
>> pointing the CACertFile to 750KB file with 149 certificates.
>
> With 149 certs, and typical CA names O(80) bytes, we're looking at
> ~12KB of cert names, which should fit into an extension that can be
> up to 64KB in size. So ove
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2018-10-15 at 16:57 -0700, Claus Assmann wrote:
> Please tell whoever is responsible for that default to fix it.
I will do that.
> The certs should be in CACertPath if at all.
Nothing to do with openssl, but for sendmail, suppose we have
> On Oct 15, 2018, at 7:49 PM, Carl Byington wrote:
>
>> Perhaps Sendmail is setting the CA names the client side, and then
>> OpenSSL is trying to serialize the names of all your CAs to the
>> server. This is a bad idea. Don't do that. Try using CApath, and
>> no or an explicitly empty CAf
On Mon, Oct 15, 2018, Carl Byington wrote:
> O CACertFile=/etc/pki/tls/certs/ca-bundle.crt
> pointing the CACertFile to 750KB file with 149 certificates. That just
> seems wrong, but perhaps there is some reason for it. If CACertFile is
sendmail: op.*:
However, do not list too many root
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> Perhaps Sendmail is setting the CA names the client side, and then
> OpenSSL is trying to serialize the names of all your CAs to the
> server. This is a bad idea. Don't do that. Try using CApath, and
> no or an explicitly empty CAfile, and see
Hi,
On Mon, Oct 15, 2018 at 4:19 PM Dmitry Belyavsky wrote:
> Well, you can use opaque pointer and own structure containing a flag and
> switch between native and custom implementations depending on it.
>
> I've tried it and it works
>
We do store some state information in the method app_data,
Well, you can use opaque pointer and own structure containing a flag and
switch between native and custom implementations depending on it.
I've tried it and it works
пн, 15 окт. 2018 г., 23:13 Selva Nair :
> Hi,
>
> How to override the evp_pkey_sign method in EVP_PKEY_METHOD structure for
> a sp
Hi,
How to override the evp_pkey_sign method in EVP_PKEY_METHOD structure for a
specific key? This is to allow signing with PSS padding using Windows CNG
API. Using rsa_priv_enc() we can only get pre-padded data when PSS is in
use, but CNG does not seem to handle padding = none.
Also see issue
On Mon, Oct 15, 2018 at 10:42:26AM -0700, Carl Byington wrote:
> I have a build of sendmail with openssl 1.1.1. It can deliver to
> localhost via tls1.3, but nowhere else.
>
> STARTTLS=client, error: connect failed=-1, reason=internal error,
> SSL_error=1, errno=0, retry=-1
>
> STARTTLS=client:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I have a build of sendmail with openssl 1.1.1. It can deliver to
localhost via tls1.3, but nowhere else.
STARTTLS=client, error: connect failed=-1, reason=internal error,
SSL_error=1, errno=0, retry=-1
STARTTLS=client: error:14228044:SSL routines:c
Hi,
I'm trying to understand how to make "openssl ca" prompt for a PKCS#11
login pin. Version is openssl-1.1.1.
openssl req works as I would expect, prompting for PIN:
YUBIHSM_PKCS11_CONF=yubihsm2-pkcs11.conf \
local-build/bin/openssl \
req -config yubihsm2-openssl.conf -new \
-engine pkcs11 -
* I want to use fips certify crypto libs. Is it possible to use crypto lib
from Openssl-fips 2.0.16 and ssl lib from Openssl1.1.1?
No, it is not possible. The current FIPS code only works with 1.0.2. The
project is working on a new FIPS module. You can find some details at the
blog, ht
Hi
I want to use fips certify crypto libs. Is it possible to use crypto lib
from Openssl-fips 2.0.16 and ssl lib from Openssl1.1.1?
If yes, how we can use, pleas provide details?
Regards
Manish
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
14 matches
Mail list logo
