I want to reduce the size of EDK2 CryptoPkg by enabling, at build time, only
the OpenSSL algorithms I want supported in my code. Is this possible via a
configuration mechanism? I can't find anything in documentation. Does this
violate the GPL license?
Thanks.Lee
> For JWS signing in relation to Letsencrypt (my use case for this
> - mKey is a RSA keypair in EVP_PKEY*):
My RSA signing is accepted fine by Let's Encrypt, it's trying to use
ECDSA keys that fails, despite OpenSSL verifying my JWS signing as ok.
Failed to Create Account: urn:ietf:params:acme:
[This is a partial repost from another topic]
I have a question, regarding Windows binaries.
(We build our own for x86/amd64 using the documented procedure, the compilers
installed are Visual Studio 2019, with latest updates).
I take it (might be wrong, because the build scripts are complex to
> The OpenSSL team has wondered how many people were trying out 3.0 during the
> beta period without any way of knowing for sure. That you've had what seems
> like a fairly smooth transition is wonderful.
It obviously solely has to do with the huge amount of quality work people
contributing to
> Know I have to do it, but only really use low level stuff to build Json
> Web Keys, and the EC keys I build for signing seen incompatible with
> some servers, so really needs deeper investigation.
For JWS signing in relation to Letsencrypt (my use case for this - mKey is a
RSA keypair in EVP_P
Thanks!
The OpenSSL team has wondered how many people were trying out 3.0 during
the beta period without any way of knowing for sure. That you've had
what seems like a fairly smooth transition is wonderful.
Pauli
On 2/8/21 8:10 pm, Olivier Mascia via openssl-users wrote:
Hello,
Just want
> > Not looked at replacing low level RSA and EC APIs yet.
>
> We forced ourselves down that path because we had an internal
> policy to only build OpenSSL toolkit with 'no-deprecated'
Know I have to do it, but only really use low level stuff to build Json
Web Keys, and the EC keys I build for
> Likewise, I've updated our Windows code to use 3.0 easily, been running
> one public web server for three weeks.
> ...
> Not looked at replacing low level RSA and EC APIs yet.
We forced ourselves down that path because we had an internal policy to only
build OpenSSL toolkit with 'no-deprecated'
> Just wanted to report that our private code update to move on
> from OpenSSL 1.1.1 to 3.0 Beta 2 is successful.
Likewise, I've updated our Windows code to use 3.0 easily, been running
one public web server for three weeks.
Only frustration has been the change of PKCS12 password encryption to
A
Hello,
Just wanted to report that our private code update to move on from OpenSSL
1.1.1 to 3.0 Beta 2 is successful.
It revolved around replacing some code still using RSA_ apis directly by proper
EVP_PKEY_ apis, and some other minor details. Nothing too fancy after some
effort understanding th
10 matches
Mail list logo
