> On Jun 10, 2019, at 4:41 PM, Paul Smith wrote:
>
>> As a safety measure, OpenSSL does not support "*.tld" wildcards.
>> The non-wildcard portion of the domain name needs to have at
>> least two labels. It seems I've neglected to document this... :-(
>>
>> You can have "*.domain.example", but
On Mon, 2019-06-10 at 15:14 -0400, Viktor Dukhovni wrote:
> As a safety measure, OpenSSL does not support "*.tld" wildcards.
> The non-wildcard portion of the domain name needs to have at
> least two labels. It seems I've neglected to document this... :-(
>
> You can have "*.domain.example", but
On Mon, 2019-06-10 at 20:12 +, Michael Wojcik wrote:
> > What I cut out was only the base64-encoded certificate.
>
> Yes. That was what we needed to see. The certificate.
Yep, that's my bad. Thanks for the reminder.
> As it turns out, you're hitting the OpenSSL restriction on wildcards
> wi
I don't know why you sent this to me directly rather than to the list.
> From: Paul Smith [mailto:p...@mad-scientist.net]
> Sent: Monday, June 10, 2019 12:54
> To: Michael Wojcik
>
> On Mon, 2019-06-10 at 18:49 +, Michael Wojcik wrote:
> > Argh. You cut out the actual relevant information. We
> On Jun 10, 2019, at 2:39 PM, Paul Smith wrote:
>
> On Mon, 2019-06-10 at 14:23 -0400, Viktor Dukhovni wrote:
>>> $ openssl s_client -connect admin0.domain:8004 \
>>> -CAfile ca.cert -verify_hostname admin0.domain
>>>
>>> ---
>>> Verify return code: 62 (Hostname mismatch)
>>
>> It seem
On Mon, 2019-06-10 at 14:23 -0400, Viktor Dukhovni wrote:
> > $ openssl s_client -connect admin0.domain:8004 \
> > -CAfile ca.cert -verify_hostname admin0.domain
> >
> > ---
> > Verify return code: 62 (Hostname mismatch)
>
> It seems that you've elided too much information. Is the host
On Mon, Jun 10, 2019 at 01:52:06PM -0400, Paul Smith wrote:
> Note for my C client I have not set any special flags for matching, I'm
> just using the default and using SSL_set1_host() to add the hostname.
> But, I can't even get it to work with openssl itself.
>
> For example, here's a connecti
I'm having problems trying to get wildcard matching working with
OpenSSL. Full hostname matching is working fine, but when my
certification uses a wildcard I always get an error. That includes
both with OpenSSL 1.1.1b linked into my normal client, AND with the
openssl CLI with a system default ve
Hi,
On Mon, May 13, 2019 at 12:50 AM Dr. Pala wrote:
> Hi All,
>
> I am having issues using AES GCM in EnvelopedData - in particular if I use
> AES CBC, that is ok, but when I try to use the GCM mode, I simply cannot
> finalize the data.
>
> If you want to use AES GCM, then you need AuthEnvelop
On Mon, Jun 10, 2019 at 03:21:16PM +, Patrick Regnouf via openssl-users
wrote:
> All is well and good when the program works on the linux PC and the
> handshake is succesful using the 0xc02f cipher. and that is linked to
> version 3.0.0 of openssl. on the embedded version, (linked with versi
> On Jun 10, 2019, at 10:54 AM, Jeremy Harris wrote:
>
>> |void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(SSL *,
>> SSL_SESSION *));|
>>
>>
>> How do we specify a user-defined callback data pointer in that call?
>
> You don't; you additionally use
> SSL_CTX_set_msg_callback_
Dear Users,
I have released version 5.55 of stunnel.
This release addresses a number of important Windows issues, including
security vulnerabilities.
Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
- Fixed a Windows local privilege escalation vulnerability
caused insecure OpenSS
Hello all,
Hello all,
Presently writing a server/relay dealing with an h264 stream.
one of the threads' job is to establish a handshake with the browser requesting
the stream in order to feed the libsrtp2 with keys and salts and start
encrypting the h264 stream towards the browser.
all is well
On 10/06/2019 15:21, J. J. Farrell wrote:
> |void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(SSL *,
> SSL_SESSION *));|
>
>
> How do we specify a user-defined callback data pointer in that call?
You don't; you additionally use
SSL_CTX_set_msg_callback_arg()
which the OP said h
On 10/06/2019 11:05, Jeremy Harris wrote:
On 10/06/2019 09:32, Viktor Dukhovni wrote:
On Mon, Jun 10, 2019 at 07:16:26AM +, shalu dhamija via openssl-users wrote:
Actually while setting the callback, we can not pass the
user-defined/application data.
You can however attach it to the SSL
In the unmodified directory:
$ make clean
$ make 2>&1 | tee /tmp/openssl-working-build.log
In the modified directory:
$ make clean
$ make 2>&1 | tee /tmp/openssl-broken-build.log
$ diff /tmp/openssl-working-build.log /tmp/openssl-broken-build.log |
${PAGER:more}
Take note of the differences in o
Hi,
Earlier with openssl 1.0.2n version, I was using EVP_sha256 for creating
Certificate Signing Request and "TSS_HASH_OTHER" flag in
Tspi_Context_CreateObject.
Recently I upgraded openssl to 1.1.0g version and now am getting "Signature
Verify Failure" in my CSR. I have attached the screensho
On 10/06/2019 09:32, Viktor Dukhovni wrote:
> On Mon, Jun 10, 2019 at 07:16:26AM +, shalu dhamija via openssl-users
> wrote:
>
>> Actually while setting the callback, we can not pass the
>> user-defined/application data.
>
> You can however attach it to the SSL connection handle as "ex_dat
The unmodified version works. As I said, it's sure the issue is on what I
added, but info from the building logs is not sufficient to figure out what
is the issue there. So as result of the building I have just:
- libcrypto.a
- libssl.a
- libcrypto.map
so what is missing are the followi
On Mon, Jun 10, 2019 at 07:16:26AM +, shalu dhamija via openssl-users wrote:
> Actually while setting the callback, we can not pass the
> user-defined/application data.
You can however attach it to the SSL connection handle as "ex_data":
https://github.com/vdukhovni/postfix/blob/maste
Actually while setting the callback, we can not pass the
user-defined/application data. For example: void
SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int
(*new_session_cb)(SSL *, SSL_SESSION *));
When the callback arrives, I have SSL* and SSL_SESSION*. Earlier I was gettin
Hello,
Starting from the rsa choice "rsa2048", there is crash due to segment fault
when running speed. RSA512 and rsa1024 doesn't have this issue.
Following is the call stacks, registers info when crash happened. It shows that
the register %rbp is zero at that point. The value of %rbp is set b
22 matches
Mail list logo
