Hi All,
Is there any guideline for upgrading openssl version from 1.0.2 to 1.1.1?
Thanks
Bob
ec_pmeth.c:331:
-Original Message-
From: Michael Richardson
Sent: Tuesday, September 22, 2020 4:36 PM
To: Yan, Bob
Cc: openssl-users@openssl.org
Subject: Re: ECDSA certificate question
Yan, Bob via openssl-users wrote:
> Is there a way to generate a ECDSA certificate with SM2
Hello everybody,
Is there a way to generate a ECDSA certificate with SM2 typed public key and
ecdsa-with-SM3 as the signature algorithm in openssl 1.1.1x version?
Thank you very much!
Bob
Hi All,
I used a mutex lock to prevent the SSL_accept() method being called by multiple
thread concurrently since it may get coredump if there is no lock on
SSL_accept() method. I am just wondering is the lock is still needed for
openssl 1.0.2e version?
mutex.lock();
int rt = S
Thanks Scott, it can be done. I am also looking for some functions which can
compare the fingerprint of certificates
-Original Message-
From: Scott Neugroschl [mailto:scot...@xypro.com]
Sent: Tuesday, September 19, 2017 11:30 AM
To: Yan, Bob ; openssl-users@openssl.org
Subject: RE
Hi All,
I need to compare a received certificate object with a PEM-formatted
certificate stored at local file system. Is there any openssl library functions
or an easy way to compare these two certificates?
Thank you very much!
Bob
--
openssl-users mailing list
To unsubscribe: https://mta.ope
-users] SSL_accept error code
On 08/03/16 01:04, Yan, Bob wrote:
> Hi All,
>
> I have a SSL server application which use SSL_accept to accept the
> connections from client, see the code below:
>
> int retcode = SSL_accept(mSsl);
> unsigned long error = SSL_ge
Hi All,
I have a SSL server application which use SSL_accept to accept the connections
from client, see the code below:
int retcode = SSL_accept(mSsl);
unsigned long error = SSL_get_error(mSsl, retcode);
ERR_error_string_n(error, errmsg, sizeof(errmsg));
When something w
H All,
I used the following methods to load CRL hashed-directory into a SSL_CTX object
to verify the client certificate against the CRL. The code works fine and it's
able to verify the client certificate against the loaded CRLs.
X509_STORE *x509Store = SSL_CTX_get_cert_store(sslCtx
n
running openssl command
On Thu, Feb 04, 2016, Yan, Bob wrote:
> Hi Rich,
>
> It works, thank you for your suggestions! I am just wondering is there any
> other options, for example eliminate the WARNING message while building the
> openssl libraries and executables?
>
Thanks again, Rich!
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Salz, Rich
Sent: Thursday, February 04, 2016 10:57 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] WARNING message "can't open config file” when
running openss
Hi Rich,
It works, thank you for your suggestions! I am just wondering is there any
other options, for example eliminate the WARNING message while building the
openssl libraries and executables?
Thank you very much!
Bob
-Original Message-
From: openssl-users [mailto:openssl-users-boun
Hi All,
I downloaded openssl 1.0.2e source files and built it in a Linux server. It
seems everything working fine except there is a WARNING message, “can't open
config file” always shown on screen when I run openssl command, see below for
detail:
$ openssl x509 -in cert.pem -noout -text
$ WARN
-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jan
Just Keijser
Sent: Wednesday, February 03, 2016 8:17 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Certificate verification failure
Yan, Bob wrote:
> Thanks Jan,
>
> When I am using the CApath, I do
to:openssl-users-boun...@openssl.org] On Behalf Of Jan
Just Keijser
Sent: Monday, February 01, 2016 1:04 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Certificate verification failure
Yan, Bob wrote:
>
> Dear Sir/Madam,
>
> I have an application which acting as SSL server
Dear Sir/Madam,
I have an application which acting as SSL server. When the application loads
the root and intermediate CA files from a CA path, the handshake between my
application and openssl client was failed at the point when my application was
authenticating the client's certificate. But wh
Gordon,
Just quick question for you, have you seen any dynamic mutex lock been created
while your openssl application is running? I implemented both static and
dynamic locking mechanism in my application. I can see that there are a total
of 41 static mutex locks been created during initializati
Hi All,
When I am running my test code with IBM purify, my code was coredump. The same
code worked fine in openssl 1.0.0a release but coredump under 1.0.1c release.
Following is the debug message reported by IBM purify:
Purify instrumented testapp (pid 16764)
COR: Fatal core dump:
Dear Sir/Madam,
I have used SSL_negotiate() and SSL_do_handshake() function to move the SSL
connection into renegotiate state in my server side code. It works fine in
openssl 1.0.0.a release. But after I upgraded the openssl library from version
1.0.0a to 1.0.1c, this code does not work. Basica
-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Chris Dodd
Sent: Friday, June 24, 2011 5:30 PM
To: openssl-users@openssl.org
Subject: Re: Question regarding to memory leak
On Fri, Jun 24, 2011, Yan, Bob wrote:
> Hi,
>
> I have used IBM pur
use the pointer until it
> is too small, then I realloc to a larger size. In modern systems
> often the "leak" is worth the performance gain. I run on IBM AIX.
> Having said that, I have not dug in to your specifics which may just
> be bugs, an error with the tool, or del
Hi,
I have used IBM purify to check my test program which invokes openssl library.
There are some memory leaks reported by Purify, please see below. Could
somebody point to me from which function those leaks were generated, and how to
avoid those leaks? Thanks, Bob
MLK: 1104 bytes le
Hi,
I am using "SSL_CTX_load_verify_locations(ssl_ctx, NULL, CApath)" function to
load the CA certificates from the "CApath" directory. Since the certificates in
CApath are only looked up when required, my questions is that, is any openssl
function can be used to load all trusted CA certificate
Thanks Steve,
Currently my test program does not setup the locking callbacks as well as the
thread ID callback. In general, should I must setup them in multi-threading
openssl application? If so, should the following two functions be used to setup
the locking callbacks and the thread ID callbac
Hi,
I have an application which has more than 100 SSL client threads and each of
those threads tried to connect to a SSL server simultaneously. Occasionally the
application process got coredump on the call to ssl_connect(), please see the
stack trace below for detail.
*** glibc detected *** te
Hi Akash,
I have encountered the same issue as you mentioned in your email but I still
haven't figured out the cause of the failure. However, after I replaced "d2i(0,
&data, ext->value->length)" function with X509V3_EXT_d2i(ext), the problem was
gone.
Regards
Bob
___
Hi,
I have a simple SSL Client and SSL Server program. SSL Client connects to SSL
Server via an established ssl session and transmit data each other.
Every time when SSL Server invokes the SSL_write() function and successful
wrote some data into the ssl session, if, at the same time, the SSL Cl
r.com]
Sent: Monday, March 07, 2011 3:43 PM
To: openssl-users@openssl.org
Cc: Yan, Bob
Subject: Re: SSL_ERROR_WANT_READ and SSL_ERROR_WANT-WRITE question
On 3/7/2011 2:45 PM, Yan, Bob wrote:
> My question is that if my Reader thread gets a SSL_ERROR_WANT_WRITE
> error from SSL_read fu
I have two questions regarding to SSL/TLS Renegotiation:
1) Can SSL/TLS Renegotiation happen automatically during the normal SSL_read
and SSL_write operation on a SSL connection? Basically if the application
doesn't invoke the SSL_renegotiate function, can SSL/TLS Renegotiation still
happen aut
Thread are two threads in my application and one thread is called Reader and
another one is Writer. The Reader thread calls the SSL_read function to receive
the incoming data from the SSL socket connection; and the Writer thread invokes
the SSL_write function to send out the data to the same SSL
30 matches
Mail list logo
