I’m somewhat confused as to what I need to do to use ECDHE ciphers
(ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, etc). I’m hoping
this list can help, or at least point me to a good tutorial somewhere. A lot of
the information I’ve looked at is from the following links:
https://wi
On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni
wrote:
> On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
>
> > Oh, I can add extensions by signing and using the -extfile option, and
> > specifying a file with the specific options I want to give the
> > certificate. But I don't want
On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
> Oh, I can add extensions by signing and using the -extfile option, and
> specifying a file with the specific options I want to give the
> certificate. But I don't want to have to use an addon file, I want to
> add parameters to all s
It looks like I need to call init() after new()
m_evpCtx = EVP_ENCODE_CTX_new();
EVP_EncodeInit(m_evpCtx);
From: openssl-users On Behalf Of
Floodeenjr, Thomas
Sent: Thursday, February 6, 2020 2:22 PM
To: openssl-users@openssl.org
Subject: RE: Migrating from 1.0.2 g to 1.1.1d
With
With the old init syntax in 1.0.2, EVP_EncodeInit(&m_evpCtx);, m_evpCtx->
length is initialized to '48'.
With the new syntax in 1.1.1, m_evpCtx = EVP_ENCODE_CTX_new();, m_evpCtx->
length is initialized to '0.
I believe this causes the while loop to loop forever until INT_MAX, thus
overrunning
This is driving me crazy. I have a CA, running on Debian 9, running
openssl 1.1.0. (this CA is for our organization internal use only, of
course). I can successfully sign requests. However, what I can't seem
to do, is add x509 extensions to the signed certificate, as part of
the openssl.cnf.
Oh, I
Hello,
We are in the process of migrating from 1.0.2g to 1.1.1d. We adjusted to the
changes, we think, and everything compiles. Many things also execute correctly.
We are currently seeing a crash in EVP_EncodeUpdate() after we process most of
our data. (last line of the while loop, line 202, *o
If you are using RSA, maybe it should be useful to look at some RSA
implementations, such as engines/e_devcrypto.c
On Thu, Feb 6, 2020 at 7:23 PM Pedro Lopes
wrote:
> Hello,
>
> I'd like that my callback is called when a sign/verify is being requested
> by
> *EVP_DigestSignFinal()* function.
> I
Hello all,
I'm newly registered to this group. To get the introductions out of the
way, I'm a long time contributor to various open source and open standards
projects, including sitting on the Technical Steering Committee for Node.js.
I understand that Rich Salz recently posted the following note
Hello,
I'd like that my callback is called when a sign/verify is being requested by
*EVP_DigestSignFinal()* function.
I've tried add a EVP_PKEY_METHOD to app_methods stack, that works good
however doesnt fit on my solution.
I noticed that creating an engine and set pkey methods there, it could so
A month ago Tim said[2] that PR 8797[1] requires on OMC decision on “whether or
not QUIC in this manner of approach should be added into OpenSSL at this time.”
To save you a click, this PR adds API’s to OpenSSL so that Google’s open source
QUIC implementation can be built on top of OpenSSL. For
> Is it valid to call:
>
> size_t size = SSL_get_finished(ssl, NULL, 0);
No
> Because SSL_get_finished invokes memcpy even if the size is 0, so is the
> undefined behaviour?
Yes
Thanks for the suggestion Michael. We have removed all duplicates of
"opensslconf.h" from our code stack. With those changes, we see all errors
related to "DEPRECATEDIN_1_1_0" are gone. Now, we are not seeing any errors
pointing to "bio.h". However, we have some other errors, where it points to
"x
Is it valid to call:
size_t size = SSL_get_finished(ssl, NULL, 0);
So we can determine the length?
Because SSL_get_finished invokes memcpy even if the size is 0, so is the
undefined behaviour?
Thanks.
14 matches
Mail list logo
