Howdy,
But my question is why q is not 160 bits but instead 224 bits was used by
openssl since the FIPS 186 standard clearly says to use q size 160 bits for p
size 1024 bits?
Can someone familiar with the topic, clarify my doubt please? Maybe I missed
some fine points in the standard.
I'd
On Sat, Jun 08, 2024 at 08:12:57AM -0400, Neil Horman wrote:
> > I see someone at
> > https://github.com/openssl/openssl/issues/13382#issuecomment-1181577183
> > with a similar concern suggested -macopt keyfile:file
The requested feature (explicit keyfile option) makes sense to me. Is
there a mo
On 6/8/2024 5:12 AM, Neil Horman wrote:
printf '%s' "hello" | LD_LIBRARY_PATH=$PWD ./apps/openssl dgst -sha1
-hmac $(cat key.txt)
SHA1(stdin)= c3b424548c3dbd02161a9541d89287e689f076d7
That will expose the key in the process args, so is NOT secure.
--
Carson
the openssl-mac utility already contains such a option (though it doesn't
circumvent the issue as the option for the key is also passed on the
command line)
It seems some bash magic solves this problem though. By putting your key
in a file, you can use command substitution to solve this:
nhorman
2024-06-08 08:43:26 +0100, Stephane Chazelas:
[...]
> Would it be possible to have a: -macopt keyenv:varname and
> -macopt keyexenv:varname for instance to be able to pass the
> secret via environment variables instead (which on most systems
> are a lot less public than command arguments)?
[...]
I
2022-08-07 18:20:56 +0200, Francois:
[...]
> I am reading some doc instructing me to run
>
> printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}
>
> Doing so would leak the APP_TOKEN on the command line arguments (so a
> user running a "ps" at the right time would see the APP_T
On 5/16/24 08:28, Neil Horman wrote:
Glad its working a bit better for you. If you are inclined, please feel
free to open a PR with your changes for review.
Well, the changes are *really* trivial. Necessary and trivial.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
Glad its working a bit better for you. If you are inclined, please feel
free to open a PR with your changes for review.
Best
Neil
On Thu, May 16, 2024 at 7:40 AM Dennis Clarke wrote:
> On 5/15/24 18:34, Neil Horman wrote:
> > You are correct, the files you reference (most of them in fact) get
On 5/15/24 18:34, Neil Horman wrote:
You are correct, the files you reference (most of them in fact) get built
into separate objects in the event the build flags are different for shared
and static libraries, and should be unrelated to the issue you are seeing
I was somewhat puzzled by thi
You are correct, the files you reference (most of them in fact) get built
into separate objects in the event the build flags are different for shared
and static libraries, and should be unrelated to the issue you are seeing
As for the undefined symbols, thats definitely a mystery. most notably,
t
On 5/13/24 03:34, Matt Caswell wrote:
On 13/05/2024 02:42, Neil Horman wrote:
We added support for RCU locks in 3.3 which required the use of
atomics (or emulated atomic where they couldn't be supported), but
those were in libcrypro not liberal
Right - its supposed to fallback to emulated
On 13/05/2024 02:42, Neil Horman wrote:
We added support for RCU locks in 3.3 which required the use of atomics
(or emulated atomic where they couldn't be supported), but those were in
libcrypro not liberal
Right - its supposed to fallback to emulated atomic calls where atomics
aren't av
On 5/12/24 21:42, Neil Horman wrote:
We added support for RCU locks in 3.3 which required the use of atomics (or
emulated atomic where they couldn't be supported), but those were in
libcrypro not liberal
I see. I am having great difficulty with 3.3 on an old Sun SPARC64
server where there
We added support for RCU locks in 3.3 which required the use of atomics (or
emulated atomic where they couldn't be supported), but those were in
libcrypro not liberal
On Sun, May 12, 2024, 7:26 PM Dennis Clarke via openssl-users <
openssl-users@openssl.org> wrote:
>
> On 4/9/24 08:56, OpenSSL w
On 4/9/24 08:56, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.3.0 released
==
Trying to compile this on an old Solaris 10 machine and over and over
and over I see these strange things as Undefined symbols :
Undefin
That is the master branch CHANGES.md. It will be synced later.
For the 3.1 changes please look at the CHANGES.md in the openssl-3.1
branch and/or inside the alpha tarball.
Tomas
On Thu, 2022-12-01 at 15:15 +, Kenneth Goldman wrote:
> The changes show a jump from 3.0 to 3.2
>
> https://githu
The changes show a jump from 3.0 to 3.2
https://github.com/openssl/openssl/blob/master/CHANGES.md
smime.p7s
Description: S/MIME cryptographic signature
All the same, it would be good to mention, or to link to, new features that
might allow reconsideration of technical constraints, etc.
Anyhow, thank you!
-FG
> On Dec 1, 2022, at 09:43, Tomas Mraz wrote:
>
> Hmm, good point.
>
> Though when migrating from 1.1.1 the 3.0 guide still applies an
Hmm, good point.
Though when migrating from 1.1.1 the 3.0 guide still applies and
migration from 3.0 to 3.1 should be just seamless.
Tomas
On Thu, 2022-12-01 at 09:40 -0500, Felipe Gasper wrote:
> AFAICT, the migration guide doesn’t actually seem to mention upgrades
> to 3.1.
>
> -FG
>
>
> >
AFAICT, the migration guide doesn’t actually seem to mention upgrades to 3.1.
-FG
> On Dec 1, 2022, at 09:00, OpenSSL wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> OpenSSL version 3.1 alpha 1 released
>
>
> OpenSSL - The Open S
A good question.
In a nut shell: the 3.0.0 FIPS provider is designed to work with all
3.0.x releases. We actively test this as part of our CI loops and it's
the way to claim FIPS compliance when using OpenSSL 3.0.7. You need to
build 3.0.7 (with or without FIPS support) and the 3.0.0 FIPS pr
Hello Jinze.
The issue doesn't come from OpenSSL. It comes from at least two buffer overruns.
In aesEncrypt:
>
> ret = EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, (const unsigned
> char*)key.c_str(), NULL);
You use key.c_str() to set the key. However, key here is "input":
>
> if (!aesEnc
On 2022-11-04 09:14, Michael Wojcik via openssl-users wrote:
Specifically, limits.h is part of the C standard library (see e.g. ISO
9899:1999 7.10). This is a GCC issue; there's something wrong with John's GCC
installation, or how his environment configures it.
GCC often appears to have adopt
> From: openssl-users On Behalf Of Matt
> Caswell
> Sent: Friday, 4 November, 2022 06:43
>
> This looks like something environmental rather than a problem with
> OpenSSL itself. /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h
> is clearly a system include file, trying to include some other
On 04/11/2022 12:06, John Boxall wrote:
apps/lib/libapps-lib-app_libctx.o apps/lib/app_libctx.c
In file included from
/usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/syslimits.h:7,
from
/usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h:34,
from includ
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
On Wed, Oct 26, 2022 at 11:50:16AM -0400, Viktor Dukhovni wrote:
> On Wed, Oct 26, 2022 at 11:15:25AM +0100, Matt Caswell wrote:
>
> > > I'm not promising anything. But if you send me the captures I can take a
> > > look at them.
> >
> > I've taken a look at the captures for the working and non-
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
On Wed, Oct 26, 2022 at 11:15:25AM +0100, Matt Caswell wrote:
> > I'm not promising anything. But if you send me the captures I can take a
> > look at them.
>
> I've taken a look at the captures for the working and non-working scenarios.
>
> Do I understand correctly that your application is ac
On 24/10/2022 10:17, Matt Caswell wrote:
On 22/10/2022 16:02, David Harris wrote:
On 21 Oct 2022 at 13:50, Michael Wojcik via openssl-users wrote:
That was my initial thought too, except that if it were
firewall-related, the initial port 587 connection would be blocked,
and it isn't - the
On 22/10/2022 16:02, David Harris wrote:
On 21 Oct 2022 at 13:50, Michael Wojcik via openssl-users wrote:
That was my initial thought too, except that if it were
firewall-related, the initial port 587 connection would be blocked,
and it isn't - the failure doesn't happen until after STARTTLS
What do you need the NID for? Maybe the code could be changed to use
names instead of NIDs? The NIDs are somehow legacy thing that might
eventually be completely internal at some point.
However, if you need the NID, you should be able to use OBJ_sn2nid() to
obtain the NID if the curve name is in t
> From: openssl-users On Behalf Of David
> Harris
> Sent: Saturday, 22 October, 2022 09:02
>
> I now have wireshark captures showing the exchanges between the working
> instance and the non-working instance respectively; the problem is definitely
> happening after STARTTLS has been issued and dur
--Randall S. BeckerNexbridge Inc.
Original message From: רונן לוי Date:
2022-10-23 09:26 (GMT-05:00) To: openssl-users@openssl.org, Michael Wojcik
Subject: Re: openssl-users Digest, Vol 95,
Issue 27 Subject: Porting OpenSSL to vxWorks (using cygwin)Hi Michael,- Why are
you
u can reach the person managing the list at
> openssl-users-ow...@openssl.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
>
>
> Today's Topics:
>
>1. RE: openssl-users D
On 21 Oct 2022 at 13:50, Michael Wojcik via openssl-users wrote:
> > That was my initial thought too, except that if it were
> > firewall-related, the initial port 587 connection would be blocked,
> > and it isn't - the failure doesn't happen until after STARTTLS has
> > been issued.
>
> Not nece
> From: David Harris
> Sent: Friday, 21 October, 2022 01:42
>
> On 20 Oct 2022 at 20:04, Michael Wojcik wrote:
>
> > I think more plausible causes of this failure are things like OpenSSL
> > configuration and interference from other software such as an endpoint
> > firewall. Getting SYSCALL from
eplying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
>
>
> Today's Topics:
>
>1. RE: openssl-users Digest, Vol 95, Issue 24 (Michael Wojcik)
>2. OpenSSL 1.1.1 Windows dependencies (David Harris)
>3.
On 21 Oct 2022 at 7:27, Richard Levitte wrote:
> Let me ask you this: on what Windows version was your application
> built? Common wisdom would be to build on the oldest version...
My application is a very traditional Win32 application, and at the moment (and
until circumstances *force* me to c
On 20 Oct 2022 at 20:04, Michael Wojcik wrote:
> OpenSSL 1.1.1 uses Windows cryptographic routines in two areas I'm
> aware of: rand_win.c and the CAPI engine. I don't offhand see a way
> that a problem with the calls in rand_win.c would cause the particular
> symptom you described. My guess is th
Hi David,
I just did a check to see what Windows libraries the openssl.exe app
depends on, going back to look in 1.0.2, and looking at the current
development branch (master).
1.0.2:
ws2_32.lib(cond: no-sock)
gdi32.lib advapi32.lib crypt32.lib user32.lib
> From: openssl-users On Behalf Of David
> Harris
> Sent: Wednesday, 19 October, 2022 18:54
>
> Do recent versions of OpenSSL 1.1.1 have dependencies on some Windows
> facility (winsock and wincrypt seem likely candidates) that might work on
> Server 2019 but fail on Server 2012?
OpenSSL on Wind
> From: openssl-users On Behalf Of ???
> Sent: Tuesday, 18 October, 2022 11:58
> I have downloaded perl strawberry, but I have no clue how to get rid of the
> built-in perl that comes in cygwin, and point cygwin to use the strawberry
> perl.
You don't have to remove the Cygwin version of p
I have downloaded perl strawberry, but I have no clue how to get rid of the
built-in perl that
comes in cygwin, and point cygwin to use the strawberry perl.
Need Assistance!
בתאריך יום ג׳, 18 באוק׳ 2022 ב-0:49 מאת <openssl-users-requ...@openssl.org
>:
> Send openssl-users mailing list submi
Dear Sergio,
please use a to-the-point email subject, not "openssl-users Digest, Vol 94,
Issue 24".
You just made a small mistake with the below command:
after the "-subj" option its "/" (which denotes the empty Distinguished Name)
is missing, or any other DN string,
and thus the subsequent "-a
On 01/09/2022 16:41, Short, Todd via openssl-users wrote:
OpenSSL 1.1.1 full support expires on 2022-09-11; it then enters
security-fix-only mode until 2023-09-11.
Are there any plans for a final bug-fix release of 1.1.1 in the next
couple weeks (and hopefully a 3.0 release as well)?
Goo
On Fri, Aug 26, 2022 at 03:59:02AM +, Danilo Singh wrote:
> The URL we are trying to connect to is notacarioca.rio.gov.br. When
> trying to run an openssl s_client -connect, we get error 104, with the
> following return:
> write:errno=104
That is a write system call errno value, which trans
Dear Timo,
I'm aware of Simo Sorce (in CC) efforts in this area:
https://github.com/simo5/libp11/tree/ossl3provider
On Tue, Jun 28, 2022 at 7:45 AM Timo Teras wrote:
> Hi all,
>
> I am looking into implementing an OpenSSL 3 PKCS#11 Provider. Similar
> to libp11 engine, but targetting the new
64-whatever-linux2
This system (linux-x86_64) is not supported. See file INSTALL for details.
Gaurav Mittal
-Original Message-
From: Matt Caswell
Sent: 23 June 2022 05:53 PM
To: Gaurav Mittal11 ; openssl-users@openssl.org
Subject: [EXTERNAL] Re: Openssl upgrade to 1.1.1o on Red Lin
nfigure": No such file or directory
Regards,
Gaurav Mittal
-Original Message-
From: Matt Caswell
Sent: 23 June 2022 02:56 PM
To: Gaurav Mittal11 ; openssl-users@openssl.org
Subject: [EXTERNAL] Re: Openssl upgrade to 1.1.1o on Red Linux 5.11
On 22/06/2022 15:32, Gaurav Mittal11 w
": No such file or directory
-bash-3.2$ perl configure LIST
Can't open perl script "configure": No such file or directory
Regards,
Gaurav Mittal
-Original Message-
From: Matt Caswell
Sent: 23 June 2022 02:56 PM
To: Gaurav Mittal11 ; openssl-users@openssl.org
S
On 22/06/2022 15:32, Gaurav Mittal11 wrote:
This system (linux-x86_64) is not supported. See file INSTALL for details.
That is very odd. I would expect linux-x86_64 to always be reported as
supported by config.
Do you get sensible output from:
$ perl Configure LIST
You should see a list
It is not building at all, This system (linux-x86_64) is not supported.
Regards,
Gaurav Mittal
-Original Message-
From: openssl-users On Behalf Of Ken Goldman
Sent: 22 June 2022 09:44 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] Re: Openssl upgrade to 1.1.1o on Red Linux 5.11
On 6/22/2022 10:32 AM, Gaurav Mittal11 wrote:
Hi Team,
Is there any way to upgrade openssl in redhat 5.11 as I am getting error its
not supported.
> uname -a
Linux serverxxx 2.6.18-419.el5 #1 SMP Wed Feb 22 22:40:57 EST 2017 x86_64
x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server re
Thanks for the answer - Ii found out that it has todo with the -static
flag.
My rationale was that I wanted to have openSSL statically compiled into
my code, so its to be used easier in the transition period where
OpenSSL3 is not yet rolled out in major distributions.
With dynamic linkage, it
Hi again Beni,
On Wed, 2022-06-22 at 08:29 +0200, Benedikt Hallinger wrote:
> Hi David and thank you for your advice and example.
my pleasure.
I was about to send a slightly improved version of my example code
regarding the use of proxies and the expected content type - see
attached
and an extend
Hi David and thank you for your advice and example.
I tried to compile it, run onto errors tough.
I just put the file into my openssl source tree, which is on commit:
commit 9e86b3815719d29f7bde2294403f97c42ce82a16 (HEAD,
origin/openssl-3.0)
Author: Randall S. Becker
Date: Tue Jun 14 06:10:5
On Wed, 2022-05-18 at 16:37 -0500, Kevin R. Bulgrien wrote:
> > From: "Matt Caswell"
> > Subject: Re: openssl 1.1.1 minor patches to build on SCO OpenServer
> > 5.0.7
> >
> > Hi Kevin,
> >
> > The patch in s_socket.c is likely to be acceptable
Since you did not give us a lot of information, I compiled the old
openssl version and checked against your server.
OpenSSL 1.0.2 does not send the Server Name Indication and it seems
that your server does not have a default server set up.
Forcing the SNI to be included allows it to connect:
openss
Hi Kevin,
The patch in s_socket.c is likely to be acceptable. It looks reasonable
to me, it may well be useful on other systems and can probably be
described as a bug fix.
The other changes require the new OPENSSL_SYS_SCO5 define and are
essentially adding support for a new platform into the
> It was necessary to apply 5 minor patches to openssl 1.1.1n to build it for
> SCO OpenServer 5.0.7. One patch fixing a missing #ifdef AF_INET6 is
> already applied to current development for this base version.
Though the prior e-mail references 1.1.1n, the information in it is equally
applicabl
All the providers can use the low-level APIs internally to implement
crypto algorithms. The FIPS provider however includes all the low level
implementations as a separately built and statically linked code.
That means you cannot use the low-level calls in an application and
still be FIPS compliant
h,22th,25th Apr
Holiday – 15th Apr
-Original Message-
From: Tomas Mraz
Sent: 21 April 2022 11:24 PM
To: Gaurav Mittal11 ; Michael Wojcik
; openssl-users@openssl.org
Subject: [EXTERNAL] Re: Openssl 3.0.2- Build error - catgets_failed
Maybe https://github.com/openssl/openssl/pull/18136 co
aving directory '/home/infod3/tools/openssl-3.0.2'
> gmake: *** [Makefile:1680: build_sw] Error 2
>
> --
> Gaurav Mittal
>
> -Original Message-
> From: openssl-users On Behalf Of
> Michael Wojcik
> Sent: 21 April 2022 09:57 PM
> To: openssl-users@openssl.org
&
enssl-3.0.2'
gmake: *** [Makefile:1680: build_sw] Error 2
--
Gaurav Mittal
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: 21 April 2022 09:57 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] RE: Openssl 3.0.2- Build error - catgets_failed
> From: Gau
> From: Gaurav Mittal11
> Sent: Thursday, 21 April, 2022 09:55
>
> Yes, I have gone through internet search, I have not found any clue.
>
> Still same error even after setting LANG to C
>
> Yes, HP is kind of legacy server and very less help available on internet.
>
> Any more suggestions woul
ed
hpux64-ia64-cc
make
--
Gaurav Mittal
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: 20 April 2022 06:56 PM
To: openssl-users@openssl.org
Subject: [EXTERNAL] RE: Openssl 3.0.2- Build error - catgets_failed
> From: openssl-users On Behalf Of Gaurav
>
> From: openssl-users On Behalf Of Gaurav
> Mittal11
> Sent: Wednesday, 20 April, 2022 06:52
> ...
> as: "crypto/aes/aes-ia64.s", catgets_failed 2: catgets_failed 1052:
> catgets_failed - IDENT
A web search isn't turning anything up, but you probably tried that already.
I wonder if "catgets_f
Simon Chopin wrote:
> This test suite fails several times with a failed call to
> EVP_PKEY_derive_set_peer, without much more details:
>
https://github.com/net-ssh/net-ssh/blob/master/test/transport/kex/test_diffie_hellman_group14_sha1.rb
> However, the *exact same* test suite w
How do you load the legacy provider? Into which library context? It
needs to be loaded into the default (NULL) library context for the
PKCS12_parse() function.
The workaround would be to not use the certificate/key pair for the
server in the PKCS12 format but in the PEM format with separate key an
Hello,
Seems our email system scrubbed the response to my question because it was a
link.
Could I ask the response be sent to the follow email instead,
chiliquing...@outlook.com
Thanks!
Message: 3
Date: Fri, 1 Apr 2022 18:14:38 +
From:
To:
Cc:
Subject: OpenSSL 3.0.2 PKCS12_parse Failur
> From: Michael Richardson
> Sent: Friday, 1 April, 2022 07:40
>
> Michael Wojcik wrote:
> > Actually, in the context of #if expressions, unrecognized tokens
> expand to 0 anyway:
>
> > After all replacements due to macro expansion and the defined unary
> > operator have been perfor
Michael Wojcik wrote:
> Actually, in the context of #if expressions, unrecognized tokens expand
to 0 anyway:
> After all replacements due to macro expansion and the defined unary
> operator have been performed, all remaining identifiers are replaced
> with the pp-number 0...
> From: Michael Richardson
> Sent: Thursday, 31 March, 2022 14:18
>
> Michael Wojcik wrote:
> > #if defined OPENSSL_SYS_WINDOWS
> > # include
> > #else
> > # include
> > #endif
>
> But, don't all the OPENSSL_* macros expand to 0/1, anyway, so we actually
> just want #if OP
> From: openssl-users On Behalf Of
> Michael Richardson
> Sent: Thursday, 31 March, 2022 14:19
>
> The clang-9 test fails with:
>
> # ERROR: @ test/bio_dgram_test_helpers.c:150
> # failed to v6 bind socket: Permission denied
> #
> #
> # OPENSSL_TEST_RAND_
The clang-9 test fails with:
# ERROR: @ test/bio_dgram_test_helpers.c:150
# failed to v6 bind socket: Permission denied
#
#
# OPENSSL_TEST_RAND_ORDER=1648577511
not ok 2 - iteration 1
https://github.com/mcr/openssl/runs/5741887864?check_suite_foc
Michael Wojcik wrote:
> #if defined OPENSSL_SYS_WINDOWS
> # include
> #else
> # include
> #endif
But, don't all the OPENSSL_* macros expand to 0/1, anyway, so we actually
just want #if OPENSSL_SYS_WINDOWS?
> (Note C does not require the argument of the operator "defined
Hi Todd,
Thanks for the information.
I've looked at compiling. I'm assuming this is the file you're referring to?
/usr/local/src/openssl-1.1.1m/configdata.pm
What am I looking for in that file? There is no mention of malloc?
Do I alter this file before running
make clean
make
make install
Th
> From: openssl-users On Behalf Of Matt
> Caswell
> Sent: Tuesday, 22 March, 2022 10:31
>
> There is already code in bss_dgram.c that is conditionally compiled on
> OPENSSL_USE_IPV6. Is it reasonable to assume that if AF_INET6 is defined
> then ip6.h exists?
I meant to look into this earlier but
Matt Caswell wrote:
> There is already code in bss_dgram.c that is conditionally compiled on
> OPENSSL_USE_IPV6. Is it reasonable to assume that if AF_INET6 is
> defined then ip6.h exists?
I think so, so I changed that code, and also made it consistently use
OPENSSL_USE_IPV6, rather
Got it, thank you Matt.
On Mon, Mar 28, 2022 at 6:29 PM Matt Caswell wrote:
>
>
> On 28/03/2022 13:11, Brahmaji K wrote:
> > Hi Team,
> >
> > I'm trying to store the invalid EC certificate as a negative test for my
> > application. My application calls the X509_STORE_load_locations() to
> > load
On 28/03/2022 13:11, Brahmaji K wrote:
Hi Team,
I'm trying to store the invalid EC certificate as a negative test for my
application. My application calls the X509_STORE_load_locations() to
load the certificate from a specific path. For invalid EC certificate it
is expected to FAIL but it
This will be very interesting and risky for server, will try it.
Thank you for information.
Regards,
Gaurav Mittal
-Original Message-
From: Tomas Mraz
Sent: 25 March 2022 03:30 PM
To: Gaurav Mittal11 ; openssl-users@openssl.org
Subject: [EXTERNAL] Re: Openssl 0.9.8 to 1.0.2u - HP-UX
0.9.8 and 1.0.2 versions are not binary compatible. So if your SSH
server is built against the 0.9.8 version and it expects to be loading
the libcrypto.so from that version it will not work against the
libcrypto.so from 1.0.2. The SSH server has to be built against the
1.0.2 version to work with it
On 22/03/2022 16:22, Michael Richardson wrote:
Michael Wojcik wrote:
> The RFC specifically mentions using this API to retrieve and set
> addresses, so it seems like a fix for issue 5257 does need to use it,
> if that's to be done in a portable way.
> 3542 is only Inform
Matt Caswell wrote:
>> Matt Caswell wrote: > Nit; We insert an
>> extra space when enclosed within a "#if", i.e.
>>
>> I assume that this applies recursively?
> Yes.
>> I think that in some cases the indent could be quite deep.
> It hasn't been a major issue so far
Michael Wojcik wrote:
> The RFC specifically mentions using this API to retrieve and set
> addresses, so it seems like a fix for issue 5257 does need to use it,
> if that's to be done in a portable way.
> 3542 is only Informational, but I'd expect most or all platforms with
>
> From: openssl-users On Behalf Of Matt
> Caswell
> Sent: Monday, 21 March, 2022 05:33
>
> Given that OpenSSL already supports IPv6 but we've never needed to
> include [netinet/ip6.h], I am wondering what is in that header that needs to
> be used?
netinet/ip6.h is for the "Advanced API for IPv6"
On 19/03/2022 13:28, Michael Richardson wrote:
I'm working on dealing with Matt's detailed review.
This issue seems bigger than the github issue.
https://github.com/openssl/openssl/pull/5257
about: #include
matt> This remains an issue. It's unclear to me whether all of these headers
I'm working on dealing with Matt's detailed review.
This issue seems bigger than the github issue.
https://github.com/openssl/openssl/pull/5257
about: #include
matt> This remains an issue. It's unclear to me whether all of these headers
will
matt> be available on all platforms. At least i
Hi,
Le 15/03/2022 à 23:49, Matt Caswell a écrit :
Those 2 links should be ok now. A problem with our scripts to flush
the CDN cache.
https://www.openssl.org/news/openssl-1.1.1-notes.html is updated, thanks !
but https://www.openssl.org/news/changelog.html#openssl-111 still shows
OpenSSL 1.1
On 15/03/2022 21:03, Michael Wojcik wrote:
From: openssl-users On Behalf Of Yann
Droneaud
Sent: Tuesday, 15 March, 2022 14:19
At the time of writing neither
https://www.openssl.org/news/openssl-1.1.1-notes.html nor
https://www.openssl.org/news/changelog.html#openssl-111 are updated to
match
Those 2 links should be ok now. A problem with our scripts to flush the
CDN cache.
Matt
On 15/03/2022 20:18, Yann Droneaud wrote:
Hi,
Le 15/03/2022 à 17:34, Matt Caswell a écrit :
OpenSSL version 1.1.1n released
===
OpenSSL - The Open Source toolkit f
> From: openssl-users On Behalf Of Yann
> Droneaud
> Sent: Tuesday, 15 March, 2022 14:19
>
> At the time of writing neither
> https://www.openssl.org/news/openssl-1.1.1-notes.html nor
> https://www.openssl.org/news/changelog.html#openssl-111 are updated to
> match 1.1.1n release.
Neither have th
Hi,
Le 15/03/2022 à 17:34, Matt Caswell a écrit :
OpenSSL version 1.1.1n released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1n of our ope
On Mon, Mar 14, 2022 at 12:47:26PM -0700, Edward Tsang via openssl-users wrote:
> I guess I need to explicitly set X509_STORE_CTX_set_error(ctx,
> X509_V_OK) before return 1 in the example if I need caller
> SSL_get_verify_result to return X509_V_OK?
Yes, but I'd like to strongly suggest that thi
I was hoping to tolerate some error "for now" and flag it and continue the
whole process (complete the handshake and treat the ssl connection as
"pass").
So for my case long res = SSL_get_verify_result( sslCtx ) from caller
should return X509_V_OK.
I guess I need to explicitly set X509_STORE_CTX_se
On Fri, Mar 11, 2022 at 04:40:24PM -0800, Edward Tsang via openssl-users wrote:
> Does verify_ip supports leftmost wildcard?
I am not aware of any RFC specifying wildcard matching in iPAddress
X.509 SANs, and no such feature is implemented in OpenSSL.
The SAN syntax is raw binary data in network
On Fri, Mar 04, 2022 at 02:31:01PM +, Short, Todd wrote:
> Apple uses LibreSSL, not OpenSSL, in their recent OSes:
>
> ~$ openssl version -a
> LibreSSL 2.8.3
> built on: date not available
> platform: information not available
> options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(id
Apple uses LibreSSL, not OpenSSL, in their recent OSes:
~$ openssl version -a
LibreSSL 2.8.3
built on: date not available
platform: information not available
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: information not available
OPENSSLDIR: "/private/etc/ssl"
~$ un
1 - 100 of 2007 matches
Mail list logo
