xceptions to these rules require a vote by the OMC." clause they
use for API/ABI breakage for minor releases.
...
|> [.] I must say, out of my head i have no idea
|> whether it has always been like that for minor releases for one,
|> and whether that is also true for LibreSSL, an
-users@openssl.org
Subject: Open SSL 1.1.1 and Vxworks 5.4.2 - Query on Entropy source
Hi Users,
A beginner on cryptography and Open SSL here.
First query - On our VxWorks 5.4.2 based system with Open SSL 1.1.1, I would
like to know what entropy source would be used by RAND_priv_bytes() to
Subject: I have successfully installed Godaddy Wildcard SSL certificate in
9 units of Hikvision DS-K1TA70MI-T / DS-K1T341AMF Face Recognition Terminal
Door Access Systems on 27 Oct 2022 Thursday
Good day from Singapore,
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 27 Oct
Subject: I have finally figured out how to export Private Key from
Fortigate firewall and successfully install Godaddy Wildcard SSL
certificate in UniFi Cloud Key Gen 2 Plus Network Controller
Good day from Singapore,
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 26 Oct
Subject: I have achieved PARTIAL SUCCESS in installing Godaddy SSL
Certificate in UniFi Cloud Key Gen 2 Plus
Good day from Singapore,
I am posting here because UniFi Cloud Key Gen 2 Plus is powered by Debian
GNU/Linux 9.
I have found many reference guides on installing SSL certificate in UniFi
Subject: Resources and reading materials for installing Godaddy Wildcard
SSL certificate in Fortigate firewall
Good day from Singapore,
The following is a list of reference guides which I have read.
[1] Fortigate firewall: Purchase and import a signed SSL certificate
Link:
https
Sent from my iPad
> What you're doing should work, if implemented correctly, but my advice
> is to not use SSL_clear(), rather create a fresh (SSL *) handle for
> each connection. These are cheap enough to not warrant recycling.
Using a fresh (SSL *) seems to work.
So I guess there is something wrong w
On Tue, Sep 27, 2022 at 06:35:47PM +0200, Thomas Bailleux wrote:
> However, I am still facing issues when I use `SSL_CTX` and `SSL` objects.
>
> I use `SSL_CTX` and `SSL` inside a threaded application. Threads are managed
> using pthread primitives.
>
> Basically, I create
Hello OpenSSL.
I know that thread safety in OpenSSL is a much discussed topic. I have read
several GitHub issues[1], Stack Overflow threads[2], and I have read the blog
paper[3] too.
However, I am still facing issues when I use `SSL_CTX` and `SSL` objects.
I use `SSL_CTX` and `SSL` inside a
I was able to trace the failure to ssl/ssl_sess.c line 279.
I’m not sure what needs to done additionally in application code for this.
Could someone please explain this error?
I’m just trying to add support for tls 1.3 in application which already
supports tls 1.2.
(gdb) bt
#0
; openssl-users@openssl.org
Subject: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing
tls 1.3
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
>
> *SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_prin
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
*SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_print_errors_fp(stdout);").
We need a bit more to go on to figure out where specifically the malloc
failure is
: openssl-users@openssl.org
Subject: SSL error (78c0100): malloc failure while implementing tls 1.3
Hi All,
I'm trying to implement tls 1.3 support in my application. But I'm facing
malloc failure error.
Could you please help me understand why this error is happening? How to solve
the
initial handshake occurred.
What you are talking about is moving an in-progress TLS connection from
one server to another. This would require the whole SSL object to be
serialized (or at least potentially we could get away with only certain
fields - that would need to be investigated
Hi Matt,
What would it take to expose this?
Also would you accept a patch if we implement what’s missing?
Thank You
James
On 6/20/22, 10:13 AM, "Matt Caswell" wrote:
On 20/06/2022 15:11, Rouzier, James via openssl-users wrote:
> Hey Guys,
>
> Is it possible to serialize/des
On 20/06/2022 15:11, Rouzier, James via openssl-users wrote:
Hey Guys,
Is it possible to serialize/deserialize an ongoing TLS session in any way?
We are trying to create a stateless RADIUS server.
Where we place multiple RADIUS servers behind a UDP loader balancer.
Each part of EAP-TLS proce
Hey Guys,
Is it possible to serialize/deserialize an ongoing TLS session in any way?
We are trying to create a stateless RADIUS server.
Where we place multiple RADIUS servers behind a UDP loader balancer.
Each part of EAP-TLS process could hit a different server.
The plan is to save the current s
utual auth, tlsSipAuthRequired = FALSE
*SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for ssl is NOT set.
*SSL handshake started undefined:before SSL initialization 240
*SSL_accept:before SSL initialization
*SSL_accept:before SSL initialization
*SSL_accept:SSLv3/TLS read client hello
*SSL_accept:SSLv3/TLS write se
Isn't it a fix for this issue?
https://github.com/php/php-src/issues/8369
On Thu, 19 May 2022, 21:17 Frederic Leclercq, wrote:
> Hi all,
>
> Apologies for just popping in here, but since I installed ubuntu 22.04 LTS
> I often come across the error
> "file_get_content
Hi all,
Apologies for just popping in here, but since I installed ubuntu 22.04 LTS
I often come across the error
"file_get_contents(): SSL operation failed with code 1. OpenSSL Error
messages:
error:0A000126:SSL routines::unexpected eof while reading"
It seems to occur mostly in PHP ap
On 11/05/2022 10:05, Souheila Hechaichi wrote:
With my actual configuration, an SSL client established more connections
with the SSL server. Each process (server or client) creates only one
thread for Its sockets, I observe a strange behavior. Some server
sockets remain blocked on the call
With my actual configuration, an SSL client established more connections with
the SSL server. Each process (server or client) creates only one thread for Its
sockets, I observe a strange behavior. Some server sockets remain blocked on
the call of SSL_write even if they are in mode non-blocking
After establishing a secure connection between my SSL server and SSL client
with OpenSSL library installed on separate Linux hosts, the SSL server send the
packet FIN than the user data. The use of ssldump command indicates the
presence of the following traces:
TCP: dc01dshared1p(2524
[ssl_default_sect]
Options = UnsafeLegacyServerConnect
You can read more about the OpenSSL config file in general and its
format here:
https://www.openssl.org/docs/man3.0/man5/config.html
There is more information on SSL/TLS specific configuration options in
the "SUPPORTED CONFIGURATION
On 18/02/2022 19:53, Brian Pilati wrote:
I am receiving this error
Error: write EPROTO 000660120100:error:0A000152:SSL
routines:final_renegotiate:unsafe legacy renegotiation
disabled:ssl/statem/extensions.c:880
after upgrading to macOS Monterey v12.2.1
I am running Nodejs v16.13.2
I am receiving this error
Error: write EPROTO 000660120100:error:0A000152:SSL
routines:final_renegotiate:unsafe legacy renegotiation
disabled:ssl/statem/extensions.c:880
after upgrading to macOS Monterey v12.2.1
I am running Nodejs v16.13.2
Can someone please give me detailed instructions
On Thu, Feb 10, 2022 at 11:48:06PM +, Ma Zhenhua wrote:
> Hi Team,
>
> My SSL/TLS server crashed with the following call stack.
> I'm using OpenSSL 1.1.1l. I compared 1.1.1l with 1.1.1 master branch and
> didn't find related fixes in crypto/asn1.
> Your advic
Hi Team,
My SSL/TLS server crashed with the following call stack.
I'm using OpenSSL 1.1.1l. I compared 1.1.1l with 1.1.1 master branch and didn't
find related fixes in crypto/asn1.
Your advice will be highly appreciated.
(gdb) 0 0x7f4cf7844ce6 in ASN1_OBJECT_free ()
issue with the test client application written in
c++ which uses the same library and the same certificates. I am not doing
any Client Authentication. I get the same error -*Error in SSLv3/TLS write
client hello*
The non SSL socket connects and data is exchanged.
Thanks
Kamala
On Tue, Feb 8
function
*SSL_acceptSSL_CB_LOOP | SSL_accept:before SSL initializationSSL_accept*
*SSL_accept:Error in before SSL initialization*
On the client side the error is
*SSL_connectSSL_CB_LOOP | SSL_connect:before SSL
initializationSSL_connectSSL_connect:Error in SSLv3/TLS write client hello*
I used
xists
The SSL_get_error() gives us SSL_ERROR_SYSCALL
*Server *code is roughly like below
SSL_CTX *m_pCtx;
SSL *m_pSsl;
m_pCtx = SSL_CTX_new(TLS_server_method();
if ((dwRet = LoadCertificates()) != rSUCCESS)
throw dwRet;
if ((m_pSsl = SSL_new(m_pCtx)) != NULL)
{
if ((iRet = SSL_set_fd(m_pS
Hello Matt,
I call the WSAGetLastError() for Windows and that returns 183
(ERROR_ALREADY_EXISTS) //Cannot create a file when that file already exists
The SSL_get_error() gives us SSL_ERROR_SYSCALL
*Server *code is roughly like below
SSL_CTX *m_pCtx;
SSL *m_pSsl;
m_pCtx = SSL_CTX_new
t;
> We are facing a strange handshake failure issue with a test
server and
> client application using OpenSSL in Windows. We have tried with
both
> 1.1.1g and 3.0.1 versions- same problem. We created a Dll to
handle the
> OpenSSL functions- where the SSL con
with both
> > 1.1.1g and 3.0.1 versions- same problem. We created a Dll to handle the
> > OpenSSL functions- where the SSL context, SSL object and certificates
> > are handled. The certificates are obtained from the Windows store and
> > converted to cert and key using PKCS1
the SSL context, SSL object and certificates
are handled. The certificates are obtained from the Windows store and
converted to cert and key using PKCS12_parse()
The server accepts non secure connection from the client and then passes
the socket to the Dll that calls the TLS_server_method() and
Hello,
We are facing a strange handshake failure issue with a test server and
client application using OpenSSL in Windows. We have tried with both
1.1.1g and 3.0.1 versions- same problem. We created a Dll to handle the
OpenSSL functions- where the SSL context, SSL object and certificates are
> From: openssl-users On Behalf Of Jan Just
> Keijser
> Sent: Monday, 31 January, 2022 03:51
> To: Srinivas, Saketh (c) ; openssl-users@openssl.org
> Subject: Re: Doubt regarding ssl options
> On 31/01/22 10:27, Srinivas, Saketh (c) wrote:
> > what i
Hi,
On 31/01/22 10:27, Srinivas, Saketh (c) wrote:
Hi,
what is the difference between SSL_CTX_set_min_proto_version
and SSL_set_min_proto_version.
How will they effect the SSL handsahke.
I can see two versions numbers in the PCAP files,
1. content type is handshake , version v1.0
2
Hi,
what is the difference between SSL_CTX_set_min_proto_version and
SSL_set_min_proto_version.
How will they effect the SSL handsahke.
I can see two versions numbers in the PCAP files,
1. content type is handshake , version v1.0
2. handshake type client hello, version v1.2
what is the
Subject: How to renew and install SSL certificate for
Virtualmin/Webmin, Apache web server, Dovecot and Postfix for a
company in Singapore on 6 Dec 2021 Mon
Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 6 Dec 2021 Monday Singapore Time
Type of
L 1.1.1l 24 Aug 2021
In fact, normally, this version of OpenSSL appears to correctly validate
our leaf certificate. However, this vendor also does the following:
* they append our entire cert chain, leaf, intermediate and all, to
/etc/ssl/certs/ca-certificates.crt
* they append an internal, sel
> From: openssl-users On Behalf Of
> Williams, Roger
> Sent: Monday, 8 November, 2021 07:55
> I am trying to cross-compile the SSL software
Specifically, you're trying to build OpenSSL 1.1.1l, using cross-compilation.
OpenSSL is only one implementation of SSL/TLS, so ca
I am trying to cross-compile the SSL software on VMware running the following:
Linux Debian 3.16.0-4-686-pae #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19)
i686 GNU/Linux
I need to cross-compile the SSL software for the following targets running two
versions of the QNX Operating System
On 02/11/2021 04:42, Alex Dankow wrote:
Matt,
Thank you very much for your response. I understand that the FIPS
certified OpenSSL module is long awaited and the team was quite limited
in time to complete all features.
I tried Windows certificates +Openssl because it implements the most
com
On Tue, 2021-11-02 at 11:42 +0700, Alex Dankow wrote:
> Matt,
>
> Thank you very much for your response. I understand that the FIPS
> certified OpenSSL module is long awaited and the team was quite
> limited in time to complete all features.
> I tried Windows certificates +Openssl because it impl
Matt,
Thank you very much for your response. I understand that the FIPS certified
OpenSSL module is long awaited and the team was quite limited in time to
complete all features.
I tried Windows certificates +Openssl because it implements the most common
scenario: you can get a certificate to Opens
Hello
I get my log spammed with this alert:
sslize error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown
As far as I can read from the net, it is because the CA certificates on my
server is not up to date.
Actually there is none, as this is an embedded target, and
Hi Alex,
On 29/10/2021 14:32, Alex Dankow wrote:
Hi OpenSSL team!
I wrote a provider for Windows certificates and implemented "openssl ca".
Now, I think it would be fun to see a HTTPS server using certificates
installed in Windows storage.
Nice!
Certificate is loaded using load_cert_pass (
Hi OpenSSL team!
I wrote a provider for Windows certificates and implemented "openssl ca".
Now, I think it would be fun to see a HTTPS server using certificates
installed in Windows storage.
Certificate is loaded using load_cert_pass (taken from apps.c) with custom
uri "wincert://11:22:33",
Suppose the TLS layer is initialized in the form:
SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
BIO *r = BIO_new(BIO_s_mem());
BIO *w = BIO_new(BIO_s_mem());
SSL *ssl = SSL_new(ctx);
SSL_set_bio(ssl, r, w);
SSL_set_connect_state(ssl);
I want to use BIO so that I can control IO to
Subject: I have successfully configured SSL/TLS for Postfix SMTP
outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed
Good day from Singapore,
I have successfully configured SSL/TLS for Postfix SMTP outgoing mail
server for a customer in Singapore on 25 Aug 2021 Wed. It took me 7
: Saturday, August 14, 2021 6:09 AM
To: openssl-users@openssl.org
Subject: How to debug ssl library in OpenSSL 1.1.1a? Thanks in advance.
Hi Team,
I modified OpenSSL 1.1.1a ssl library but it seemed that there was some problem.
How can I debug it? Thanks in advance.
Sincerely,
Allen
smime.p7s
Description
Hi Team,
I modified OpenSSL 1.1.1a ssl library but it seemed that there was some problem.
How can I debug it? Thanks in advance.
Sincerely,
Allen
Learning to use opessl, I managed to generate private keys and publish in
.pem format and I also signed where I was generated two types of private
files (.csr and .crt), my doubts on the linux server running (debian 10)
where I keep such keys because I want to serve web pages in the format
(https)?
AUTOSOL/PSS/MNL]
Subject: [EXTERNAL] RE: Can OpenSSL handle multiple authentication mechanisms
on the same SSL context?
> We are trying to support a server that would support PSK and SRP
> authentication mechanisms.
[...]
> Would multiple callbacks for different mechanisms work simul
> We are trying to support a server that would support PSK and SRP
authentication mechanisms.
[.]
> Would multiple callbacks for different mechanisms work simultaneously on
the same SSL context?
My quick answer is Yes.
In a recent past I did some [multi-threaded] servers using both SRP a
OL/PSS/MNL]
Cc: openssl-users@openssl.org
Subject: [EXTERNAL] Re: Can OpenSSL handle multiple authentication mechanisms
on the same SSL context?
On Tue, Jun 22, 2021 at 04:18:25AM +, Revestual, Raffy [AUTOSOL/PSS/MNL]
wrote:
> Also asked this question in stackoverflow.com
>
> h
On Tue, Jun 22, 2021 at 04:18:25AM +, Revestual, Raffy [AUTOSOL/PSS/MNL]
wrote:
> Also asked this question in stackoverflow.com
>
> https://urldefense.com/v3/__https://stackoverflow.com/questions/68077419/can-openssl-handle-multiple-authentication-mechanisms-on-the-same-ssl-
Also asked this question in stackoverflow.com
https://stackoverflow.com/questions/68077419/can-openssl-handle-multiple-authentication-mechanisms-on-the-same-ssl-context
We are trying to support a server that would support PSK and SRP authentication
mechanisms. However, when we run to try to run
> On 19 Jun 2021, at 10:08 pm, Jakob Bohm via openssl-users
> wrote:
>
>> Differences are observed once the local trust store contains some
>> intermediate certificates or the remote chain provides a cross cert for
>> which the local store instead contains a corresponding (same subject
>> name a
On 2021-06-18 17:07, Viktor Dukhovni wrote:
On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote:
Now the client simply works backwards through that list, checking if
each certificate signed the next one or claims to be signed by a
certificate in /etc/certs. This looku
2021 07:10
> >> To: openssl-users@openssl.org
> >> Subject: Re: reg: question about SSL server cert verification
> >>
> > And there are a whole bunch of other checks: signature, validity dates, key
> > usage, basic constraints...
>
> Those checks would
On Fri, Jun 18, 2021 at 05:37:33PM +0200, Jakob Bohm via openssl-users wrote:
> > Also, the correspondence between the peer identity as requested by
> > the client, and as represented by the entity certificate, should not
> > be done using the CN component of the Subject DN (as OP suggested),
> >
On 2021-06-18 16:23, Michael Wojcik wrote:
From: openssl-users On Behalf Of Jakob
Bohm via openssl-users
Sent: Friday, 18 June, 2021 07:10
To: openssl-users@openssl.org
Subject: Re: reg: question about SSL server cert verification
On 2021-06-18 06:38, sami0l via openssl-users wrote:
I&#
On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote:
> Now the client simply works backwards through that list, checking if
> each certificate signed the next one or claims to be signed by a
> certificate in /etc/certs. This lookup is done based on the complete
> distingu
> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Friday, 18 June, 2021 07:10
> To: openssl-users@openssl.org
> Subject: Re: reg: question about SSL server cert verification
>
> On 2021-06-18 06:38, sami0l via openssl-users wrote:
> > I'm c
On 2021-06-18 06:38, sami0l via openssl-users wrote:
I'm curious how exactly an SSL client verifies an SSL server's
certificate which is signed by a CA. So, during the SSL handshake,
when the server sends its certificate, will the SSL client first
checks the `Issuer`'s `CN` fiel
I'm curious how exactly an SSL client verifies an SSL server's certificate
which is signed by a CA. So, during the SSL handshake, when the server sends
its certificate, will the SSL client first checks the `Issuer`'s `CN` field
from the x509 SSL certificate that it received f
> On Jun 8, 2021, at 6:48 AM, Hubert Kario wrote:
>
> On Monday, 7 June 2021 21:01:04 CEST, Arran Cudbard-Bell wrote:
>> The tables to convert extension IDs and compression methods to humanly
>> readable names are not available outside ssl/t1_trace.c.
>>
>>
On Monday, 7 June 2021 21:01:04 CEST, Arran Cudbard-Bell wrote:
The tables to convert extension IDs and compression methods to
humanly readable names are not available outside ssl/t1_trace.c.
SSL_trace() itself produces reams of helpful information as
handshakes progress, and is particularly
On 08/06/2021 00:09, Arran Cudbard-Bell wrote:
On Jun 7, 2021, at 4:57 PM, Matt Caswell wrote:
On 07/06/2021 20:01, Arran Cudbard-Bell wrote:
The tables to convert extension IDs and compression methods to humanly readable
names are not available outside ssl/t1_trace.c.
SSL_trace
> On Jun 7, 2021, at 4:57 PM, Matt Caswell wrote:
>
>
>
> On 07/06/2021 20:01, Arran Cudbard-Bell wrote:
>> The tables to convert extension IDs and compression methods to humanly
>> readable names are not available outside ssl/t1_trace.c.
>> SSL_trace()
On 07/06/2021 20:01, Arran Cudbard-Bell wrote:
The tables to convert extension IDs and compression methods to humanly readable
names are not available outside ssl/t1_trace.c.
SSL_trace() itself produces reams of helpful information as handshakes
progress, and is particularly useful for
The tables to convert extension IDs and compression methods to humanly readable
names are not available outside ssl/t1_trace.c.
SSL_trace() itself produces reams of helpful information as handshakes
progress, and is particularly useful for dealing with encrypted handshakes,
where wireshark et
On Tue, 2021-05-11 at 05:22 +, Kumar Mishra, Sanjeev wrote:
> Hi,
> How to access different fields of structure SSL in OpenSSL 3.0 ? For
> example the code is like this -
>
> SSL *ssl;
> ..
> ...
> SSL_CTX_set_tlsext_status_cb(ssl->ctx, NULL);
> MRM_LO
Hi,
How to access different fields of structure SSL in OpenSSL 3.0 ? For example
the code is like this -
SSL *ssl;
..
...
SSL_CTX_set_tlsext_status_cb(ssl->ctx, NULL);
MRM_LOG_INFO("SSL_free ref %d ", ssl->references);
Thanks With Best Regards,
Sanjeev Kumar Mishra
Not
Hi,
I am using Lets Encrypt SSL Certificates for Nginx 1.20.00 webserver
running on CentOS Linux release 7.9.2009 (Core). I will appreciate it if
someone can guide me to set the cipher suites in the Nginx Webserver
config. I am referring to https://ssl-config.mozilla.org/. Is there a way
to
On 28/03/21 15:20, Yassine Chaouche wrote:
Le 3/26/21 à 12:35 PM, Embedded Devel a écrit :
This has now been fixed SSL is working
In a few hours ?
Yup, took me about 4 hours to understand the problem and get a working
fix - there wasn't much wrong with the code itself, but I susp
Le 3/26/21 à 12:35 PM, Embedded Devel a écrit :
This has now been fixed SSL is working
In a few hours ?
This has now been fixed SSL is working
On 3/26/21 3:51 PM, Embedded Devel wrote:
On 3/26/21 2:46 PM, David von Oheimb wrote:
Embedded Devel,
my sympathy - I know this can be painful and frustrating.
From which old OpenSSL version to which target version do you need to
get the code
"LOG" does but if it goes somewhere
other than stderr then the errors are going somewhere different to
your log file. Are you able to show us the stderr output from running
your application?
just compiled with gcc, i see no -lstatic in the makefile ... ive
attached the ssl .c and .h f
ewhere
> > other than stderr then the errors are going somewhere different to
> > your log file. Are you able to show us the stderr output from running
> > your application?
> >
> >
> >> just compiled with gcc, i see no -lstatic in the makefile ... ive
> >> attached the ssl .c and .h files in question if you want to see them
> >
> > What does "ldd" show you for the application binary? i.e.
> >
> > ldd name-of-you-binary-here
> >
> >
> > Matt
>
going somewhere different to
your log file. Are you able to show us the stderr output from running
your application?
just compiled with gcc, i see no -lstatic in the makefile ... ive
attached the ssl .c and .h files in question if you want to see them
What does "ldd" show you for the application binary? i.e.
ldd name-of-you-binary-here
Matt
Mar 23 16:10:05 2021 user.info : ac_send_init(): Error
client side console
2011704912:error:140C5042:SSL routines:ssl_undefined_function:called a
function you should not call:ssl/ssl_lib.c:3690:
2011704912:error:140C5042:SSL routines:ssl_undefined_function:called a
function you should not call:ssl/
cc, i see no -lstatic in the makefile ... ive
attached the ssl .c and .h files in question if you want to see them
What does "ldd" show you for the application binary? i.e.
ldd name-of-you-binary-here
Matt
cally
linked to OpenSSL?
Ive attached the code in question if it helps
just compiled with gcc, i see no -lstatic in the makefile ... ive
attached the ssl .c and .h files in question if you want to see them
as for a packet capture i can try, they are both remote systems
and lastly if it help
On 23/03/2021 15:02, Embedded Devel wrote:
IM inclined top think the code for the certs is ok, but can really say,
and im not an openssl programmer by any means... just need someone to
put eyes on the code and fix it really.
The cert looks ok - at least nothing obviously wrong. 2048 bi
getting
it functional... basic info below.
I have a client process which is supposed to speak to a server via
ssl, and then send data
Ive created a "CA" and generated the CSR / and certs for both the
client and the server.
What kind of certs did you generate? How big are the keys? Are
are you using?
and the original dev is no longer available, so who can i pay to bang
this out and make it happy, or who can guide me through getting it
functional... basic info below.
I have a client process which is supposed to speak to a server via ssl,
and then send data
Ive created a
which is supposed to speak to a server via ssl,
and then send data
Ive created a "CA" and generated the CSR / and certs for both the client
and the server.
when i run the client - i get an error on the client side
Tue Mar 23 02:13:58 2021 user.err : ac_ssl_client_write(): Error
SSL
On 2021-03-01 17:28, Viktor Dukhovni wrote:
On Mon, Mar 01, 2021 at 09:21:29PM +0530, Archana wrote:
I am new to SSL programming. On our SSL Server implementation, we are
trying to enforce Mutual Authentication. Is it Mandatory to provide a user
defined Callback using SSL_ctx_setverify()
No
On Mon, Mar 01, 2021 at 09:21:29PM +0530, Archana wrote:
> I am new to SSL programming. On our SSL Server implementation, we are
> trying to enforce Mutual Authentication. Is it Mandatory to provide a user
> defined Callback using SSL_ctx_setverify()
No callback is required (call
I am new to SSL programming. On our SSL Server implementation, we are
trying to enforce Mutual Authentication. Is it Mandatory to provide a user
defined Callback using SSL_ctx_setverify()
If yes, Is it expected to do the IP or hostname validation?
Hi Craig,
On Wed, Dec 09, 2020 at 08:35:46PM +0900, Craig Henry wrote:
> Hi,
>
> This is my first post to this list so please be kind!
>
> Environment - Linux Centos
> SSL - 1.0.2k19-el7
>
> Connection - CURL (via PHP) with public / private key auth + http basic auth
&g
On 09/12/2020 11:35, Craig Henry wrote:
> Hi,
>
> This is my first post to this list so please be kind!
>
> Environment - Linux Centos
> SSL - 1.0.2k19-el7
>
> Connection - CURL (via PHP) with public / private key auth + http basic auth
>
> We're
- Linux Centos
> SSL - 1.0.2k19-el7
>
> Connection - CURL (via PHP) with public / private key auth + http
> basic auth
>
> We're having an issue where we are seeing intermittent behavior
> connecting to a 3rd party of the key being rejected with a 8152 error
> - "
Hi,
This is my first post to this list so please be kind!
Environment - Linux Centos
SSL - 1.0.2k19-el7
Connection - CURL (via PHP) with public / private key auth + http basic auth
We're having an issue where we are seeing intermittent behavior connecting
to a 3rd party of the key
Guide on Renewing SSL Certificate for Apache, Postfix and Dovecot on CentOS
6.8 Linux
=
Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 12 November 2020 Thursday
On 02/11/2020 09:00, Mahendra SP wrote:
> Hi Matt,
>
> Error is reported from this:
> FILE:../openssl-1.1.1b/ssl/statem/statem_srvr.c, FUNCTION:415,
> LINE:3055, reason=147, alert=51
>
> We see that hardware is returning 48 bytes. Even if the decrypted
> premaster dat
1 - 100 of 4696 matches
Mail list logo
