handshake, while RSA guarantees the authenticity of the Certificate.
Best regards,
Nicola Tuveri
On Fri, Aug 26, 2022, 20:49 radiatejava wrote:
> I am a bit confused when an RSA signed ECDSA certificate is being used in
> TLS.
> For example, if you run the test for facebook.com, you will s
Just chiming in quickly to mention that this could be related to
https://github.com/openssl/openssl/issues/16996
Nicola
On Wed, Nov 10, 2021 at 10:33 AM Tomas Mraz wrote:
>
> On Wed, 2021-11-10 at 03:38 +, Blumenthal, Uri - 0553 - MITLL
> wrote:
> > On 11/9/21, 22:23, "
mentioned security advisory.
Best regards,
Nicola Tuveri
On Fri, Aug 27, 2021, 15:40 Michael Wojcik
wrote:
> I imagine I could figure this out by reading the source, but does the SM2
> fix (the high-severity issue for OpenSSL 1.1.1l) apply to TLS using SMx
> (RFC 8998), or just to app
There is the migration guide:
https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
Best regards,
Nicola
On Wed, Jul 14, 2021, 00:04 Ken Goldman wrote:
> What is the 3.0.0 equivalent to RSA_set0_key() when I
> want to create a key token from n and e.
>
> M
A migration guide is being worked on in
https://github.com/openssl/openssl/pull/14710
You might want to provide feedback with comments there to help making sure
useful information is not left out.
Nicola
P. S. It's a pity that a lot of external resources, including blog post,
article
I independently reached the same failure and I opened a github issue that
references this report: https://github.com/openssl/openssl/issues/12432
The fix should be coming in the form of
https://github.com/openssl/openssl/pull/12433
Thanks for reporting this issue!
Cheers,
Nicola Tuveri
caveat as before: at some point the link above will likely be
broken once the PR is merged, but the updated INSTALL.md file will be
available at
https://github.com/openssl/openssl/blob/master/INSTALL.md#installing-openssl
On Sun, 28 Jun 2020 at 16:56, Nicola Tuveri wrote:
>
> Hello and w
merged (but at that point you will be able to find the same
file in `master`).
Hope this helps!
Best regards,
Nicola Tuveri
on it, though!
If anyone is interested we have more "good first issue" items on github
that we considered a good starting point for users from the community that
are willing to start contributing to the project by coding or working on
the documentation.
Nicola
On Sun, Apr 26, 2020,
library context.
Cheers,
Nicola
On Fri, 24 Apr 2020 at 17:56, Sam Roberts wrote:
> On Fri, Apr 24, 2020 at 1:05 AM Matt Caswell wrote:
> > This one is interesting:
> >
> > ERR_OSSL_EVP_FETCH_FAILED
> >
> >
> > This means that the algorithm you are trying t
d the issue first) or anyone else from the community, are you willing
to get your hands dirty and help out the project?
Nicola
On Thu, 23 Apr 2020 at 19:33, Viktor Dukhovni
wrote:
> On Thu, Apr 23, 2020 at 11:23:35AM +0200, Nicola Tuveri wrote:
>
> > > On 22/04/2020 18:12, V
he dev phase -
> but it was taken out. I forget the reasoning.
>
Yes, that change was intentional, the reasoning is detailed in the
discussion in: https://github.com/openssl/openssl/pull/6284
Nicola
-pubin -inkey pub.pem \
-rawin -in /bin/echo -sigfile sig.dat
Signature Verification Failure
```
On Wed, Apr 22, 2020, 19:12 Viktor Dukhovni
wrote:
> On Wed, Apr 22, 2020 at 01:27:03PM +0200, Nicola Tuveri wrote:
>
> > Unfortunately at the moment the command line utilities do
files, I would suggest opening first an issue on GitHub
about it, signalling your will to contribute towards its resolution, so
that solutions to these controversial problems can be discussed before
committing to major development efforts.
Hope this helps,
Nicola Tuveri
On Wed, 22 Apr 2020 at 10:
regards,
Nicola Tuveri
On Tue, Mar 3, 2020, 06:39 Kaushal Shriyan wrote:
> Hi,
>
> I am curious to know regarding *k* in 1.0.2k-fips, *d* in 1.1.1d, *l* in
> 1.1.0l and *u* in 1.0.2u. What does this alphabet mean?
>
> Best Regards,
>
> Kaushal
>
ing a development build
from latest master.
Best regards,
Nicola Tuveri
On Thu, Feb 27, 2020, 10:15 John Jiang wrote:
> I would have highlighted that OpenSSL 1.1.1d was being used in my testing.
>
> On Thu, Feb 27, 2020 at 5:13 PM John Jiang
> wrote:
>
>> Hi,
>> It sounds FF
dentifier matches the Authority key identifier, ans where the
certificate signature is ECDSA because the Issuer key is an EC key.
I hope this long email clarified the doubts you expressed.
Cheers,
Nicola Tuveri
On Tue, 18 Feb 2020 at 19:45, Jason Schultz wrote:
> Nicola-
>
> Thank
pport
(most TLS 1.2 and 1.3 clients will be happy to support P-256 and X25519 key
exchanges) from the named curves: also in this case there is no need to
generate a separate ecparam file.
Hope this helps!
Best regards,
Nicola Tuveri
On Tue, 18 Feb 2020 at 15:27, Jason Schultz wrote:
> This
.
Best regards,
Nicola Tuveri
On Sun, Dec 29, 2019, 00:11 PEILLON Stephane wrote:
> Hello
>
>
>
> For several days, we have been unable to carry out operating commands on
> our OpenLdap server (2.4.48), such as:
>
> /usr/local/openldap/sbin/slapcat –F
> /usr/local/op
mplementation to obtain the cryptographically secure randomness
needed, e.g. for the key generation above.
Of course I cannot say anything about the functionality provided by
whatever framework you are going to use for the rest of your RFC7518
operations, as what they use depends on their cryptographic backend
(which could be OpenSSL or some other software).
Best regards (and Happy Holidays to you as well)
Nicola Tuveri
Hope this helps,
Nicola Tuveri
On Fri, Oct 18, 2019, 11:31 Luca Di Mauro wrote:
>
> Hello all,
>
> I don't know if it is the correct mailing list to ask this, so I'm
> sorry if it is the wrong palce.
>
> I'm using openssl v1.1, and I'm trying to compute b
erated PEM file would
be invalid.
Best regards,
Nicola Tuveri
On Wed, 20 Mar 2019 at 19:29, shiva kumar wrote:
>
> Hi,
> When I run openssl ecparam on elliptic curve Oakley-EC2N-3,
> Oakley-EC2N-4 on openssl 1.0.2r version,
> I am getting the following error, can anyone please
only cause problems with any other package that depends on openssl.
BR,
Nicola
On Wed, 20 Mar 2019 at 13:40, Swamy J-S wrote:
>
> Ubuntu released any libssl development package already for openssl 1.1.1? I
> want to download package internally, I don’t want to download openssl and
&
ainst 1.1.1
If you have your own code using the OpenSSL API directly and have not
updated since 1.0.2, some changes will most likely be required as since
1.1.0 most structs are opaque and you need to use accessors to get and set
their members.
Best regards,
Nicola Tuveri
On Tue, Mar 19, 2019, 09:56
ntributing to the project while some
of these decisions were made, and I don't have the same insight on the
history of the design of the library as other project members.
BR,
Nicola
On Sat, Mar 16, 2019, 17:00 Sam Roberts wrote:
> That helps a lot, I can see why they are different
re cryptosystem (EdDSA) and the `derive` (i.e. equivalent to
ECDH) operation is defined on different (although related) Montgomery
curves (i.e. X25519 for Ed25519 and X448 for Ed448).
Hope this answers your question,
Nicola
On Fri, Mar 15, 2019, 20:20 Sam Roberts wrote:
> It seems like they
Might this be related to https://github.com/openssl/openssl/issues/7406 and
https://github.com/openssl/openssl/pull/7420 ?
Nicola
On Wed, 17 Oct 2018 at 15:12, Steffen Nurpmeso wrote:
> Hello, and fyi.
>
> I have built final 1.1.1 yesterday on AlpineLinux musl after
> running a p
Hi,
I did not run this in the debugger, but one issue is that you are not
initializing `pub` before calling EC_POINT_mul : try adding
pub = EC_POINT_new(curve);
(and check for errors making sure pub is not null afterwards).
Hope this helps!
Best regards,
Nicola
On Mon, Oct 8, 2018, 00:31
Would it be possible for you to open this as an issue on Github and include
there your first email and the full logs?
Thanks,
Nicola Tuveri
On Tue, 18 Sep 2018 at 01:15, Paras Shah (parashah) via openssl-users <
openssl-users@openssl.org> wrote:
> That is not it. It results in the s
Hi!
I would suggest using the newer `EVP_DigestSign` interface.
You could find more documentation about it here:
https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
Here is the relevant manpage:
https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestVerifyInit.html
Best regards,
Nicola
Just created the PR: https://github.com/openssl/openssl/pull/7000
Thanks again for reporting this!
Nicola Tuveri
On Sat, 18 Aug 2018 at 00:15, Dmitry Belyavsky wrote:
> Dear Nicola,
> On Fri, Aug 17, 2018 at 11:00 PM Nicola wrote:
>
>> You just reproduced it :)
>>>
e
alternative implementation.
In the meantime you might open a proper issue in Github for this problem so
that the bug will be properly tracked!
Thanks for reporting this,
Nicola Tuveri
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I can't reproduce the issue, using latest master for both gost and openssl:
/tmpram/gost > export OPENSSL_ENGINES=/tmpram/gost/engine/bin
/tmpram/gost > /tmpram/openssl-111-pre9-dev/bin/openssl pkey -engine gost
-pubout -text -in tmp.pem
engine "gost" set.
Private key:
28A509558DB1969DB89A4CB517D8
sting
OpenSSL-based applications. https://github.com/romen/libsuola
Thanks,
Nicola Tuveri
D.Sc. Student
NISEC group
Laboratory of Pervasive Computing
Tampere University of Technology, FINLAND
[0]: https://eprint.iacr.org/2018/354.pdf
[1]: https://github.com/jedisct1/libsodium
[2]:
Hello! I set up a verification callback with SSL_CTX_set_verify. Both my
client and server use simple self-signed certificates.
The problem is: when they connect, the verification callback is called
twice.
My guess was that it was called for the peer certificate and then for the
CA, but when i requ
When i try to compile i get:
ld:
Unresolved:
bn_div_words
how can i fix ???
Nicola Ranaldo <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailin
36 matches
Mail list logo
