On Mon, Mar 14, 2022 at 12:47:26PM -0700, Edward Tsang via openssl-users wrote:
> I guess I need to explicitly set X509_STORE_CTX_set_error(ctx,
> X509_V_OK) before return 1 in the example if I need caller
> SSL_get_verify_result to return X509_V_OK?
Yes, but I'd like to strongly suggest that thi
xtract 'r' and 's' first and then use
> BN_bn2bin())?
>
> Richard
>
> [1] https://datatracker.ietf.org/doc/html/rfc4253#section-6.6
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> https://mta.openssl.org/pipermail/
On Mon, Mar 14, 2022 at 11:25:51AM -0700, Edward Tsang via openssl-users wrote:
> https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_CTX_verify_cb.html
>
> I am trying to figure out how this example works but it does not seem to
> bypass the (use the second example of X509_V_ERR_CERT_HAS_EXPI
link:
https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_CTX_verify_cb.html
I am trying to figure out how this example works but it does not seem to
bypass the (use the second example of X509_V_ERR_CERT_HAS_EXPIRED)
However the caller code ll
long res = SSL_get_verify_result( sslCtx ); still
On Mon, 14 Mar 2022 at 11:03, Tomas Mraz wrote:
> On Mon, 2022-03-14 at 08:58 -0300, Richard Dymond wrote:
> > By the way, the reason I need to get the 'r' and 's' values from the
> > DSA signature is that I am encoding them one after the other as 160-
> > bit unsigned integers, in network byte o
On Mon, 2022-03-14 at 08:58 -0300, Richard Dymond wrote:
> On Mon, 14 Mar 2022 at 04:52, Tomas Mraz wrote:
> > The DSA_SIG_* functions are not deprecated including the i2d and
> > d2i
> > functions. So you can use d2i_DSA_SIG to decode the DER produced by
> > the
> > EVP_DigestSign() and then obta
On Mon, 14 Mar 2022 at 04:52, Tomas Mraz wrote:
> The DSA_SIG_* functions are not deprecated including the i2d and d2i
> functions. So you can use d2i_DSA_SIG to decode the DER produced by the
> EVP_DigestSign() and then obtain the r and s values from the DSA_SIG.
>
Thank you, that works! For so
FWIW: I noticed recently, that in TLSv1.3 it seems to be rather normal to
encounter an SSL_WANT_READ immediately
after returning from a successful SSL_connect() call (even in the blocking
case), because part of the handshake is disguised
as application data and apparently SSL_connect() returns be
On Fri, 2022-03-11 at 15:21 -0400, Richard Dymond wrote:
> Hi
>
> I recently migrated an application from OpenSSL 1.1.1 to OpenSSL 3.0,
> and I'm wondering how best to handle DSA signatures - specifically,
> the 'r' and 's' values - in OpenSSL 3.0.
>
> In OpenSSL 1.1.1, it was pretty easy:
>
> D
