Re: Library and DLL names on Windows X64

On Fri, Jul 12, 2024 at 9:03 AM BENTLEY Thom via openssl-users < openssl-users@openssl.org> wrote: > Hi All, > > > > I had to change the names of the .lib files to: >"dcmtkcrypto_d.lib" - debug version > >"dcmtkcrypto_o.lib" - release version (optimized) > >"dcmtkssl_d.lib"

Re: Non-heap based structures

looks like https://linux.die.net/man/3/evp_md_ctx_init initializes a structure that's allocated already. Yes it could be on the stack, or static... (instead of _new) On Wed, Jul 27, 2022 at 1:42 AM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote: > Hi, > > I suspect I already know

Re: Differently named symbols between OpenSSL and RFC

On Fri, Nov 29, 2019 at 10:16 AM Viktor Dukhovni wrote: > On Thu, Nov 28, 2019 at 04:31:38PM -0800, J Decker wrote: > > > from openssl/tls1.h 1.1.1b > > > > # define TLSEXT_TYPE_psk_kex_modes 45 > > This was added in 1.1.1-dev. > > > pre_sh

Differently named symbols between OpenSSL and RFC

I made this issue on LibreSSL's github... https://github.com/libressl-portable/portable/issues/537 It's about ... TLSEXT_TYPE_psk_kex_modes: from openssl/tls1.h 1.1.1b # define TLSEXT_TYPE_psk_kex_modes 45 from libressl/2.9.2 tls1.h #define TLSEXT_TYPE_psk_key_exchange_modes

Re: BIO in memory usage....

On Sun, Jun 16, 2019 at 3:17 AM Tobias Wolf wrote: > I`d like to understand how a memory bio can be reseted with the internal > read counter back to zero for further reusage. > > > > e.g. > > I want to try to read first der and then pem > > > > d2i_X509

Re: Trying to use a ((constructor)) to force libcrypto.so into FIPS mode

On Thu, Jun 6, 2019 at 2:34 PM Larry Jordan via openssl-users < openssl-users@openssl.org> wrote: > Re: openssl-1.0.2r > > Re: openssl-fips-2.0.16 > > OS: Linux Mint 19.1 (Ubuntu) > > > > I have added a shared library initializer function to cryptlib.c to force > OpenSSL into FIPS mode, without re

Re: Building OpenSSL with Emscripten

https://stackoverflow.com/questions/52327290/linking-openssl-with-webassembly Looks very similar... 'target_link_libraries(mainTest crypto) after that it all worked without warnings.' On Mon, May 20, 2019 at 1:56 AM Richard Levitte wrote: > The issue isn't with any defined or not so defined ma

Re: In-memory SSL_CTX_use_certificate_chain_file?

On Sun, Mar 17, 2019 at 5:17 PM Felipe Gasper wrote: > > > On Mar 17, 2019, at 7:55 PM, J Decker wrote: > > > On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper > wrote: > >> Buffer, not buffet. Silly autocorrect! >> >> -F >> >>

Re: In-memory SSL_CTX_use_certificate_chain_file?

On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper wrote: > Buffer, not buffet. Silly autocorrect! > > -F > > > On Mar 17, 2019, at 7:21 PM, Felipe Gasper > wrote: > > > > Hello, > > > > Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM > buffet that’s already in memory? > SSL_C

Re: [openssl-users] when should client stop calling SSL_read to get TLS1.3 session tickets after the close_notify?

On Mon, Feb 18, 2019 at 2:18 PM Jakob Bohm via openssl-users < openssl-users@openssl.org> wrote: > On 17/02/2019 14:26, Matt Caswell wrote: > > On 16/02/2019 05:04, Sam Roberts wrote: > >> On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote: > >>> On 15/02/2019 20:32, Viktor Dukhovni wrote: >

Re: [openssl-users] Path Length Constraint ignored for Root and any self-issued certificate

It was my interpretation that 0 pathlen on the root self signed meant infinite. The pathlen only applies on the certs between root and the leaf (which obviously can be 0, and CA true or not, but bad form to say true I'd imagine.) On Mon, Oct 8, 2018 at 1:57 AM Peter Magnusson < blaufish.public.em.

Re: [openssl-users] Using Windows system certficate store for server authentication

On Fri, Sep 7, 2018 at 11:55 PM Juan Isoza wrote: > > It's a good idea using openssl under windows (with new openssl 1.1.1, we > will be able to use TLS 1.3 under Windows, from 7/2008 to 10/2016) instead > internal windows crypto.. > > But, by example, curl build for windows with openssl need a -

Re: [openssl-users] passing CA bundle as buffer, instead of file path, to X509_STORE_CTX_ functions

You can use a BIO_new( BIO_s_mem() ) to feed the memory through BIO_writeand PEM_read_bio_X509 something like ... https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L780 On Tue, Sep 4, 2018 at 8:07 AM Eli Golosovsky wrote: > Is there an option, in *OpenSSL 1.1.1*, to load a CA bu

Re: [openssl-users] How to prove a Certificate is Signed or not

a root cert is the self signed cert. On Thu, May 3, 2018 at 2:50 AM, morthalan wrote: > But In my case, I do not have any root certificate. I have only one signed > certificate (SignedCertificate.pem) and one certificate signing request > (certReq.pem) . So when I use it as below > > openssl ve

Re: [openssl-users] How to prove a Certificate is Signed or not

Or using the javascript interface https://www.npmjs.com/package/sack.vfs#interface https://github.com/d3x0r/sack.vfs/blob/master/tests/tlsTest.js#L28 if( vfs.TLS.validate( {cert:signedCert3, chain:signedCert2+cert} ) ) console.log( "Chain is valid." ); On Thu, May 3, 2018 at 1

Re: [openssl-users] How to prove a Certificate is Signed or not

https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538 this routine does cert validation but I don't thkn that's what you want this verified on a connection https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274 which boils down to SSL_get_peer_certificate

Re: [openssl-users] Has client validated successfully?

ient's applied policy > > allows the connection to continue. You cannot know if the policy that > > was applied was specifically related to the certificate chain > > presented. > > > > -Kyle H > > > > On Mon, Feb 12, 2018 at 10:06 PM, J Decker wrote: &

[openssl-users] Has client validated successfully?

Is there a way for a server to know if the client verified the cert chain successfully or not? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Correct way to free SSL_CTX* ?

On Sun, Jan 28, 2018 at 7:05 PM, pratyush parimal < pratyush.pari...@gmail.com> wrote: > Hi all, > > I'm trying to write an application in which I create an instance of > SSL_CTX* using SSL_CTX_new(), and set the following things in it: > > (1) An EVP_PKEY* : > 1a> created with PEM_read_bio_Privat

Re: [openssl-users] Fwd: Information to detach a BIO from fd

I'm not 100% sure what you're doing I'd imagine that if SSL was managing the fd's you wouldn't have this issue. You hvae to call accept() to get a new FD... and you'll only get that once, so when you accept() you should attach the bio and call ssl_accept(), no? On Fri, Jan 12, 2018 at 5:52 PM, Pri

Re: [openssl-users] cert chain file ordering question

The certs are built into a stack... they are pushed... so element 0 is the last thing in the list. The chain starts with 0, and then can search the rest. On Tue, Jan 9, 2018 at 2:55 PM, Norm Green wrote: > On 1/9/2018 6:03 AM, Benjamin Kaduk wrote: > >> Did you try something like (with a 1.1.0

Re: [openssl-users] Sudden control data sent during large transfer.

( result < amount_to_send ) { /* sent less than full packet */ } so I ended up backing up the send offset by 1 byte instead of 0 bytes... this was then injecting 1 extra byte into the TCP layer. On Mon, Dec 25, 2017 at 1:38 PM, Jakob Bohm wrote: > On 23/12/2017 04:06, J Decker wrote: &g

Re: [openssl-users] Evaluation of OpenSSL stack software

On Fri, Dec 22, 2017 at 8:40 PM, Viktor Dukhovni wrote: > > > > On Dec 22, 2017, at 11:33 PM, J Decker wrote: > > > > Very similar to OpenSSL 1.0.2, plus its own extensions. That's not > exactly > > "same". > > > > The same

Re: [openssl-users] Evaluation of OpenSSL stack software

On Fri, Dec 22, 2017 at 7:23 PM, Viktor Dukhovni wrote: > > > > On Dec 22, 2017, at 10:21 PM, J Decker wrote: > > > > I would also suggest check out LibreSSL which uses the same API as > OpenSSL > > Very similar to OpenSSL 1.0.2, plus its own extensions. Th

Re: [openssl-users] Evaluation of OpenSSL stack software

On Fri, Dec 22, 2017 at 4:44 AM, Jan Graczyk wrote: > Hello OpenSSL-Users, > > > > I am actually evaluating OpenSSL stack software to be possibly used in my > company next generation products. We would like to have a secure connection > between our device TCP/IP stack and web server which already

[openssl-users] Sudden control data sent during large transfer.

How can I know what/why openssl is sending control data? I have this Node addon that uses TLS 1.2 to communicate. I'm sending a large file transfer (100M), which is chunked into 8100 byte blocks and sent on websocket protocol. It's additionally chunked into 4327 byte blocks (which after encoding

Re: [openssl-users] Certificate Verify and non-root Trust Anchors

I'm pretty sure you need the root also, not just the intermedia ca... I use a custom generated chain... I encode the root cert in the application, and then pass it when inintializing the client socket. This bit of code takes the root cert and adds it to the SSL_CTX the client socket is created fro

[openssl-users] How to know maximum sendable fragment size?

I've been developing this NodeJS plugin, it implements HTTPS server and now client. I was having an issue with HTTPS request getting ECONNRESET for no apparent reason; so I implemented my own request, and ran into the same sort of issue. What I was requesting was some .js files from the server, an