On Fri, Dec 21, 2018 at 11:20:43AM -0500, Viktor Dukhovni wrote:
> Which naturally does not map to any kind of certificate. While TLS
> 1.2 still lives and is still capable of aNULL ciphersuites, it might
> make sense to add a line of code to detect that condition, and not
> push anything onto th
On Fri, Dec 21, 2018 at 02:24:18PM +, Jeremy Harris wrote:
> > You provide much too little detail. This particular "error"
> > happens when a TLS 1.2 ciphersuite does not correspond to any
> > any public key type for which OpenSSL might have a certificate.
>
> A packet capture showed me the
On 21/12/2018 00:02, Viktor Dukhovni wrote:
>> Thanks for the hint. You are correct, and a clear before that set
>> of crypto operations gets me a far more reasonable message.
>
> Makes sense.
>
>> The error seems to be left around after SSL_accept(), and yet
>> it does not appear in my SNI callb
> On Dec 20, 2018, at 6:43 PM, Jeremy Harris wrote:
>
> Thanks for the hint. You are correct, and a clear before that set
> of crypto operations gets me a far more reasonable message.
Makes sense.
> The error seems to be left around after SSL_accept(), and yet
> it does not appear in my SNI
On 20/12/2018 17:16, Viktor Dukhovni wrote:
>> "14142044:SSL routines:SSL_GET_SERVER_CERT_INDEX:internal error"
>
> This is an SSL library error in your error stack. Likely left
> over from an earlier function call, with no ERR_clear_error()
> before the new call.
Thanks for the hint. You are co
> On Dec 20, 2018, at 8:00 AM, Jeremy Harris wrote:
>
> Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017
> Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017
> built on: reproducible build, date unspecified CentOS 7.6.181
>
> "14142044:SSL routines:SSL_
Hi,
Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017
Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017
: built on: reproducible build, date
unspecified
CentOS 7.6.181
"14142044:SSL routines:SSL_GET_SERVER_CERT_INDEX:internal
