Thanks Victor.
I need to look at X509_VERIFY_PARAM_set_flags() a little closer, but I think I
understand what I need to do.
I also can't concatenate all my trusted certificates into a single file, there
are dozens of certificates in the trusted store. Our users can also manipulate
the trusted
On Mon, Mar 30, 2020 at 09:02:47PM +, Jason Schultz wrote:
> I won't get into the details of my application as it's complex, but it
> can act as a client or a server. The case we are worried about is
> obviously when it's acting as a client. I thought the standard way of
> dealing with these t
Victor, Jeremy-
Thanks for your responses. It sounds like I should maybe take a step back and
describe what I'm doing and how. I'm possibly doing things fundamentally wrong,
maybe because the way I'm doing them is based originally on OpenSSL 0.9.8. I'm
currently moving from 1.0.2 to 1.1.1, whic
> On Mar 30, 2020, at 6:12 AM, Jeremy Harris wrote:
>
> On 30/03/2020 10:12, Viktor Dukhovni wrote:
>> On Mon, Mar 30, 2020 at 09:37:51AM +0100, Jeremy Harris wrote:
>>
>>> On 30/03/2020 08:41, Dan Fulger wrote:
Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
But CentOS
From: openssl-users on behalf of Balázs
Horváth
Sent: Monday, March 30, 2020 10:00
> Following extra includes are needed:
> arpa/inet.h
> netinet/tcp.h
> netinet/in.h
> strings.h
> netdb.h
> sys/socket.h
> sys/ioctl.h
> sys/un.h
These are system headers, not OpenSSL headers. OpenSSL has no con
On Thu, Mar 05, 2020 at 02:04:27PM +, Jason Schultz wrote:
> I have some questions about my application’s verify_callback() function and
> how I handle some of the OpenSSL errors.
You're going about this the wrong way. Instead of tryign (likely
insecurely) to patch up verification errors in
On 30/03/2020 17:01, Jason Schultz wrote:
> For example, if my client application is presented a self-signed certificate
> in the handshake, verify_callback() is called with an error, for which
> X509_STORE_CTX_get_error() returns 18/X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT.
> In this case, my app
Just wanted to bring this up again as I didn't get any responses initially. Has
anyone dealt with this or similar issues with OpenSSL 1.1.1?
From: openssl-users on behalf of Jason
Schultz
Sent: Thursday, March 5, 2020 2:04 PM
To: openssl-users@openssl.org
Su
Just to close the loop: I decided better documentation is the only answer for
now: https://github.com/openssl/openssl/pull/11431
I'll copy the info below into a new issue.
On 3/21/20, 9:47 AM, "Salz, Rich via openssl-users"
wrote:
Argh. Thanks for the detailed explanation.
It
Hi,
in out project we compile OpenSSL V1.0.2p for MIPS and Linux under Linux.
For MIPS we use GCC, and we use sockets for both MIPS and Linux.
Now we want to upgrade to 1.1.1d, and want to use sockets, but MIPS fails,
because it needs extra includes from the socket parts of OpenSSL. Following
extr
On Mon, Mar 30, 2020 at 09:37:51AM +0100, Jeremy Harris wrote:
> On 30/03/2020 08:41, Dan Fulger wrote:
> > Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
> > But CentOS 8.1 was released in January, with OpenSSL 1.1.1c.
>
> Fortunately, with Viktor's help, the application fix is a
>
On 30/03/2020 08:41, Dan Fulger wrote:
> Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
> But CentOS 8.1 was released in January, with OpenSSL 1.1.1c.
Fortunately, with Viktor's help, the application fix is a
one-liner and is compatible across versions.
--
Cheers,
Jeremy
Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
But CentOS 8.1 was released in January, with OpenSSL 1.1.1c.
Hi,
I implemented a DTLS server using openssl. (I have an udp socket and I am
using a memory bio to communicate with openssl.)
However if there is packet loss the DTLS handshake could take 1-2 seconds,
which is a lot in my case.
The normal flow when there is no packet loss: (few milliseconds)
Cli
14 matches
Mail list logo
