hello packet. I'm seeing
> >that the contents of the entire packet are proper. But it seems some
> > more data is missing. Can someone help me understand why the apache2
> >server(Ubuntu platform) is sending fatal error.
> >Thanks & Regards
> >--
> >Lokesh Chakka.
>
>
>
custom client hello packet. I'm seeing
>that the contents of the entire packet are proper. But it seems some
>more data is missing. Can someone help me understand why the apache2
>server(Ubuntu platform) is sending fatal error.
>Thanks & Regards
>--
>Lokesh Chakka.
Hi,
Please find the attached capture file.
I'm trying to craft a minimal custom client hello packet. I'm seeing that
the contents of the entire packet are proper. But it seems some more data
is missing. Can someone help me understand why the apache2 server(Ubuntu
platform) is sending f
://github.com/christiangda/LicenseValidator/blob/c591e2174ad049f7e773092202bf627ec5862210/src/License.cpp#L79
)
and now in both versions, I have a new and similar error:
```
Failed to verify license
008C96F90100:error:0268:rsa routines:ossl_rsa_verify:bad
signature:crypto/rsa/rsa_sign.c:426
ristian F. Gonzalez Di Antonio wrote:
I posted this on
https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signature-length-when-i-try-to-validate
<https://urldefense.com/v3/__https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signa
I posted this on
https://stackoverflow.com/questions/78604338/why-do-i-get-the-following-error-wrong-signature-length-when-i-try-to-validate
I'm writing an c++ program LicenseValidator ->
https://github.com/christiangda/LicenseValidator
<https://github.com/christiangda/LicenseVa
On 08/05/2024 18:15, Rahul Shukla wrote:
The issue I'm encountering here occurs after the first SSL_read() call
in myread(). Despite encountering SSL_ERROR_WANT_READ, upon checking for
available data using isReadable(),there appears to be no activity or
pending data. This inconsistency occur
Hi Everyone,
I'm currently using the following implementation to read the data for
TLSv1.3 where the SSL_MODE_AUTO_RETRY flag has been turned off for blocking
transport.
The issue I'm encountering here occurs after the first SSL_read() call in
myread(). Despite encountering SSL_ERROR_WANT_READ, u
tring,
and thus the subsequent "-addext" gets misinterpreted.
Unfortunately, the "openssl" CLI command so far did not provide a useful error
message in such cases,
but some time ago I improved this. So with the current master version, the hint
given is slightly better:
req: E
{
char msg[1024];
ERR_error_string_n(ERR_get_error(), msg,
sizeof(msg));
printf("%s,, %s,, %s,, %s\n", msg,
ERR_lib_error_string(0),
ERR_func_error
ds up with the following error:
>
> curl: (35) error:1012606B:elliptic curve
> routines:EC_POINT_set_affine_coordinates:point is not on curve
>
> Reproduces on Linux (-O3) and Windows (-O2). Doesn't reproduce for
> non-optimized builds and for Clang versions prior to 14.0.
Hello,
After building an optimized version of cURL 7.76.0 with OpenSSL 1.1.1n
using Clang 14.0.6, running
curl https://www.example.com
ends up with the following error:
curl: (35) error:1012606B:elliptic curve
routines:EC_POINT_set_affine_coordinates:point is not on curve
Reproduces on
I am trying to connect my client to my server but I always receive
> > an
> > error.(ssl3_get_record:wrong version
> > number:../ssl/record/ssl3_record.c:331)
> >
> > How can I get more information about the error and fix it? (the
> > error
> > is probably
On Sun, Jul 10, 2022 at 02:41:23PM +, loic nicolas wrote:
> I am trying to connect my client to my server but I always receive an
> error.(ssl3_get_record:wrong version
> number:../ssl/record/ssl3_record.c:331)
>
> How can I get more information about the error and fix it?
Hello,
I am trying to connect my client to my server but I always receive an
error.(ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331)
How can I get more information about the error and fix it? (the error is
probably in my client)
openssl s_server -accept 127.0.0.1:3000
I was able to trace the failure to ssl/ssl_sess.c line 279.
I’m not sure what needs to done additionally in application code for this.
Could someone please explain this error?
I’m just trying to add support for tls 1.3 in application which already
supports tls 1.2.
(gdb) bt
#0
Hi Matt,
Below is the error I got when I printed using ERR_error_string().
error:078C0100:common libcrypto routines::malloc failure
Any pointers on this?
Regards,
Ravi
-Original Message-
From: Matt Caswell
Sent: Tuesday, June 21, 2022 4:25 PM
To: Ramaiah, Ravichandran Bagalur
I am trying to build the 1.1.1p and 3.0.4 versions of OpenSSL. Each
version now fails in the same place (test/v3ext.c). The error is about
undefined ASIdentifiers, etc. in the newly added test_asid() function.
It looks like the newly added test_asid() function needs an '#i
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
*SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_print_errors_fp(stdout);").
We need a bit more to go on to figure out where specifically the malloc
failure is
Hi All,
Could anyone tell me if this issue is caused due to application error or an
openssl bug?
This malloc failure is happening when I try to establish TLS connection between
2 SIP applications.
Regards,
Ravi
From: Ramaiah, Ravichandran Bagalur
Sent: Thursday, June 16, 2022 10:23 AM
To
Hi All,
I'm trying to implement tls 1.3 support in my application. But I'm facing
malloc failure error.
Could you please help me understand why this error is happening? How to solve
this issue?
*Set TLSv1.3 Cipher list TLS_AES_128_GCM_SHA256 ret 1
*SipCmOpenSSLNew: TLS, m
; Test Summary Report
> ---
> 80-test_ssl_new.t (Wstat: 256 Tests: 30 Failed: 1)
> Failed test: 12
> Non-zero exit status: 1
> Files=243, Tests=3106, 2594 wallclock secs (21.45 usr + 2.69 sys =
> 24.14 CPU)
> Result: FAIL
> NMAKE : fatal
2594 wallclock secs (21.45 usr + 2.69 sys =
24.14 CPU)
Result: FAIL
NMAKE : fatal error U1077: 'cmd' : return code '0x1'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual
Studio\2022\Community\VC\Tools\MSVC\14.32.31326\bin\HostX64\x64\nmake.exe"&
esult: FAIL
NMAKE : fatal error U1077: 'cmd' : return code '0x1'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual
Studio\2022\Community\VC\Tools\MSVC\14.32.31326\bin\HostX64\x64\nmake.exe"'
: return code '0x2'
Stop.
Hey list,
I am having difficulty trying to allocate an EVP_PKEY_CTX via
EVP_PKEY_CTX_new(3) from a public key loaded via PEN_read_PUBKEY(3).
The former fails with OpenSSL setting the following error:
error:0308010C:digital envelope routines::unsupported
See L135: https://pastebin.com
On Mon, 2022-05-30 at 08:27 +0200, Tomas Mraz wrote:
> For the pairwise check, you need to initialize a new EVP_PKEY_CTX
> context with EVP_PKEY_CTX_new_from_pkey().
>
> You cannot reuse the key generation context.
Thanks Tomas. I will give that a try.
In the mean time, I'm having another proble
as best I can.
>
> Right now I am having an issue generating an RSA key pair:
>
> https://pastebin.com/jbLdqUdv
>
> Note that the call to EVP_PKEY_pairwise_check(3) fails on L66 with
> "error:039A:digital envelope routines::no key set". This error
> str
https://pastebin.com/jbLdqUdv
Note that the call to EVP_PKEY_pairwise_check(3) fails on L66 with
"error:039A:digital envelope routines::no key set". This error
string was set by OpenSSL internally.
I'm not sure exactly what I'm doing wrong. All I want to do is generate
the RSA key
Isn't it a fix for this issue?
https://github.com/php/php-src/issues/8369
On Thu, 19 May 2022, 21:17 Frederic Leclercq, wrote:
> Hi all,
>
> Apologies for just popping in here, but since I installed ubuntu 22.04 LTS
> I often come across the error
> "file_get_content
Hi all,
Apologies for just popping in here, but since I installed ubuntu 22.04 LTS
I often come across the error
"file_get_contents(): SSL operation failed with code 1. OpenSSL Error
messages:
error:0A000126:SSL routines::unexpected eof while reading"
It seems to occur mostly in PHP ap
.2k (amazon
> linux2) to check the connection.
>
> [ec2-user@ip-172-31-29-28 ~]$ openssl s_client -connect
> data.reversinglabs.com:443 -tls1_2
> CONNECTED(0003)
> 139994515941280:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number:s3_pkt.c:365:
> ---
>
I run into the following issue when I use openssl 1.0.2k (amazon linux2)
to check the connection.
[ec2-user@ip-172-31-29-28 ~]$ openssl s_client -connect
data.reversinglabs.com:443 -tls1_2
CONNECTED(0003)
139994515941280:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
h,22th,25th Apr
Holiday – 15th Apr
-Original Message-
From: Tomas Mraz
Sent: 21 April 2022 11:24 PM
To: Gaurav Mittal11 ; Michael Wojcik
; openssl-users@openssl.org
Subject: [EXTERNAL] Re: Openssl 3.0.2- Build error - catgets_failed
Maybe https://github.com/openssl/openssl/pull/18136 co
Maybe https://github.com/openssl/openssl/pull/18136 could help you?
Regards,
Tomas Mraz
On Thu, 2022-04-21 at 16:49 +, Gaurav Mittal11 wrote:
> I tried same commands and same setting with root access, seems like I
> pass that error.
> Can you help why its not giving any error and
I tried same commands and same setting with root access, seems like I pass that
error.
Can you help why its not giving any error and not even generating
crypto/chacha/libcrypto-lib-chacha-ia64.o file
CC="/opt/aCC/bin/aCC" perl crypto/chacha/asm/chacha-ia64.pl "void" -I.
-
> From: Gaurav Mittal11
> Sent: Thursday, 21 April, 2022 09:55
>
> Yes, I have gone through internet search, I have not found any clue.
>
> Still same error even after setting LANG to C
>
> Yes, HP is kind of legacy server and very less help available on internet.
&
Yes, I have gone through internet search, I have not found any clue.
Still same error even after setting LANG to C
Yes, HP is kind of legacy server and very less help available on internet.
Any more suggestions would be helpful.
> echo NLSPATH
NLSPATH
> echo $NLSPATH
> export LANG
set too?
(Someone at HP clearly didn't get the memo about emitting useful error
messages. It's really not hard to wrap your message output to have a default
string when the catalog lookup fails. Right up there in the list of Why
Software Sucks, to use Platt's phrase.)
--
Michael Wojcik
Hi,
I am using HP-UX B.11.31 U server.
While compiling openssl 3.0.2, I am getting below error along with warnings,
any help would be appreciated.
Warning 67: "include/openssl/txt_db.h", line 12 # Invalid pragma name: 'once'
(ignored).
# pragma once
The UTF8 type is a string and if its length is known, it doesn't need to
be '\0' terminated. So passing the address of a char works (it's a char
* after all).
Thanks for the other fix.
Pauli
On 26/3/22 10:43 am, Kory Hamzeh wrote:
Thanks, Paul. I noticed the type values matched the RFC, but
Thanks, Paul. I noticed the type values matched the RFC, but thought maybe it
should be a string if that was the case.
I did find another issue:
if (EVP_KDF_derive(kctx, out, &outlen, params) <= 0)
The actual value of ‘outlen’ should be passed, not the address.
Kory
> On Mar 25, 2022, at 4:0
It is correct, the KDF is expecting the characters 'A' through 'F'
here. This is what is specified in the RFC:
https://datatracker.ietf.org/doc/html/rfc4253#section-7.2
That line of code ought to have cast to (char *) or type defined simply
as char, but it is essentially correct.
Pauli
On
Hi All,
If you look at the example SSH KDF code here:
https://www.openssl.org/docs/manmaster/man7/EVP_KDF-SSHKDF.html
Specifically, these lines:
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
&type, sizeof(type));
The variable ‘ty
3DES is in the default provider - only normal DES is in the legacy
provider. So you should not need to load the legacy provider for this to
work.
Matt
On 23/02/2022 06:20, pa...@openssl.org wrote:
Have you loaded the legacy provider before trying this?
Pauli
On 23/2/22 5:03 pm, Srinivas, S
Have you loaded the legacy provider before trying this?
Pauli
On 23/2/22 5:03 pm, Srinivas, Saketh (c) wrote:
Hi
I am trying to encrypt and decrypt using EVP_des_ede3_cbc() type. iam
using openssl3.0
_
_
the functions i am using are
encryption side:
EVP_EncryptIni
Hi
I am trying to encrypt and decrypt using EVP_des_ede3_cbc() type. iam using
openssl3.0
the functions i am using are
encryption side:
EVP_EncryptInit_ex -> EVP_EncryptUpdate -> EVP_EncryptFinal_ex
decryption side:
--
EVP_DecryptInit_ex -> EVP_
FILE COMMANDS" section on this page:
https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html
(Note. I just noticed an error on that last page which claims that
SSL_OP_LEGACY_SERVER_CONNECT is set by default - this is no longer the
case in 3.0).
Matt
Brian
Brian
On Mon, Feb 21,
On 18/02/2022 19:53, Brian Pilati wrote:
I am receiving this error
Error: write EPROTO 000660120100:error:0A000152:SSL
routines:final_renegotiate:unsafe legacy renegotiation
disabled:ssl/statem/extensions.c:880
after upgrading to macOS Monterey v12.2.1
I am running Nodejs v16.13.2
I am receiving this error
Error: write EPROTO 000660120100:error:0A000152:SSL
routines:final_renegotiate:unsafe legacy renegotiation
disabled:ssl/statem/extensions.c:880
after upgrading to macOS Monterey v12.2.1
I am running Nodejs v16.13.2
Can someone please give me detailed instructions
calls. See the crypto(7) and config(5) manpages.
Tomas
On Fri, 2022-02-04 at 09:56 +, Srinivas, Saketh (c) wrote:
> HI,
>
> I am getting this error while importing p12 file
>
> PKCS12_parse failed, error : error:0308010C:digital envelope
> routines::unsupported
>
HI,
I am getting this error while importing p12 file
PKCS12_parse failed, error : error:0308010C:digital envelope
routines::unsupported
can anyone explain this?
thanks,
Saketh.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its
Hi
> -Original Message-
> From: Gaurav Jain
> Sent: Monday, January 10, 2022 1:12 PM
> To: John Baldwin ; bor...@mellanox.com; openssl-
> us...@openssl.org; m...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: RE: [EXT] Re: KTLS with openssl 3.0 fail
Hi John/Matt
> -Original Message-
> From: John Baldwin
> Sent: Thursday, January 6, 2022 11:21 PM
> To: Gaurav Jain ; bor...@mellanox.com; openssl-
> us...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: Re: [EXT] Re: KTLS with openssl 3.0 fail with error
On 1/6/22 5:58 AM, Gaurav Jain wrote:
Hi
-Original Message-
From: John Baldwin
Sent: Thursday, January 6, 2022 12:26 AM
To: Gaurav Jain ; bor...@mellanox.com; openssl-
us...@openssl.org
Cc: Varun Sethi ; Pankaj Gupta
Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN
Hi
> -Original Message-
> From: John Baldwin
> Sent: Thursday, January 6, 2022 12:26 AM
> To: Gaurav Jain ; bor...@mellanox.com; openssl-
> us...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN(Transp
Gaurav Jain would like to recall the message, "[EXT] Re: KTLS with openssl 3.0
fail with error ENOTCONN(Transport endpoint is not connected)".
Hi
> -Original Message-
> From: John Baldwin
> Sent: Thursday, January 6, 2022 12:26 AM
> To: Gaurav Jain ; bor...@mellanox.com; openssl-
> us...@openssl.org
> Cc: Varun Sethi ; Pankaj Gupta
> Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN(Transp
enable-ktls and and try to run the
s_server, s_client application.
I observe that connection is successfully established - but it didn't use KTLS.
Then I added additional log in kernel(file net/tls/tls_main.c) and see that
kernel is returning error -ENOTCONN
when (sk->sk_state != TCP_EST
s_server, s_client application.
I observe that connection is successfully established - but it didn't use KTLS.
Then I added additional log in kernel(file net/tls/tls_main.c) and see that
kernel is returning error -ENOTCONN
when (sk->sk_state != TCP_ESTABLISHED) in function static int tls_ini
server.pem -accept 443
error
file: crypto/bio/bio_sock2.c
function: BIO_socket()
ktls_enable(sock); failed with ENOTCONN error
setsockopt failed, 107, Transport endpoint is not connected
server logs( added some debug logs)
root@imx8mmevk:~# ./openssl s_server -key rsa.key -cert server.pem -accept
On 06/12/2021 15:49, Cristian Andrei Sandu wrote:
Hi guys,
Is there any way I can re-load the FIPS provider after it reached its
error state? I’d like to do it without restarting the process. (If it
matters, I’m already using a non-default library context with a separate
configuration
Hi guys,
Is there any way I can re-load the FIPS provider after it reached its error
state? I'd like to do it without restarting the process. (If it matters, I'm
already using a non-default library context with a separate configuration file
that I load with OSSL_LIB_CTX_load_confi
On Sun, Dec 05, 2021, russellb...@gmail.com wrote:
> Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error:
> SSL_CTX_use_certificate_file(/etc/ssl/certs/server.csr) failed
> Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error:
> SSL_CTX_check_private_key fai
When I send an e-mail /var/log/maillog (sendmail) reports:
Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error:
SSL_CTX_use_certificate_file(/etc/ssl/certs/server.csr) failed
Dec 5 08:56:54 mydomain sm-mta[30576]: STARTTLS=client, error:
SSL_CTX_check_private_key failed
Hello
I get my log spammed with this alert:
sslize error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown
As far as I can read from the net, it is because the CA certificates on my
server is not up to date.
Actually there is none, as this is an embedded target, and
tion file and add the dynamic path to the shared library like the
>> following,
>> ==
>> [rsa_section]
>> engine_id = rsa-engine-new
>> dynamic_path = /opt/openssl/lib/engines-1.1/rsa-engine-new.so
>> ==
>>
>> My en
/lib/engines-1.1/rsa-engine-new.so
> ==
>
> My engine load without any error. Thanks.
> One more question, Do I need to compile and install my engine with Openssl
> source code in-order for it to work with mod_ssl?
>
> Regards,
> Shariful Alam
>
>
>
>
>
> On T
==
My engine load without any error. Thanks.
One more question, Do I need to compile and install my engine with Openssl
source code in-order for it to work with mod_ssl?
Regards,
Shariful Alam
On Thu, Aug 26, 2021 at 10:30 AM Dmitry Belyavsky wrote:
> As I suspected, you have
AM Dmitry Belyavsky
> wrote:
>
>> Dear Shariful,
>>
>> 1. Don't hurry :)
>> 2. It looks like there are some more configuration options in your
>> openssl.cnf [rsa_section]
>> I think they came from the standard configuration. So if I am wrong,
>
>> openssl.cnf [rsa_section]
>> I think they came from the standard configuration. So if I am wrong,
>> please provide the whole file.
>> 3. I'd recommend you also update the lines
>> `
>> static const char *engine_dasync_id = "dasync";
>> static c
t;>>
>>> (dasync) Dummy Async engine support
>>>
>>> [RSA]
>>>
>>> [ available ]
>>>
>>>
>>> I also modify *openssl.cnf* configuration as following to load this
>>> engine,
>>>
>>>
>&g
t; [ available ]
>>
>>
>> I also modify *openssl.cnf* configuration as following to load this
>> engine,
>>
>>
>> openssl_conf = openssl_def
>>
>>
>> [openssl_def]
>>
>> engines = engine_section
>>
>>
>> [e
odify *openssl.cnf* configuration as following to load this
> engine,
>
>
> openssl_conf = openssl_def
>
>
> [openssl_def]
>
> engines = engine_section
>
>
> [engine_section]
>
> rsa-engine-new = rsa_section
>
>
> [rsa_section]
>
> engine_id =
engine-new
Then when I run the command "$*openssl engine*", I get the following error,
$openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(dasync) Dummy Async engine support
139633213376256:error:260AB089:engine
routines:ENGINE_ctrl_cmd_string:inv
> On 19 Aug 2021, at 12:11 am, Jayalakshmi bhat
> wrote:
>
> We are trying to integrate OpenSSL 1.1.1i on our device that runs on the ARM
> platform. Device boots to ready
> state with OpenSSL 1.1.1i. However when we try to access the device EWS, we
> are getting b
Hi All,
We are trying to integrate OpenSSL 1.1.1i on our device that runs on the
ARM platform. Device boots to ready
state with OpenSSL 1.1.1i. However when we try to access the device EWS, we
are getting below error
error:0B080074:x509 certificate routines:X509_check_private_key:key values
Hi Tomáš and openssl users,
finally the server at gibs.earthdata.nasa.gov was upgraded in order to
support SHA256 (instead of SHA1) as peer signing digest algorithm.
So, it is now possible to properly connect to it on Ubuntu 20.04 without
the need of lower the default SECURITY LEVEL from 2 t
An EE certificate is an "end entity" certificate, which identifies an
entity that isn't a certifier.
On Wed, Jul 21, 2021, 18:23 Thejus Prabhu wrote:
> Thanks for your reply Viktor. I would like to add that this is a self
> signed certificate created on the server. What is EE certificate?
>
>
>
Thanks for your reply Viktor. I would like to add that this is a self
signed certificate created on the server. What is EE certificate?
On Wed, Jul 21, 2021 at 6:55 PM Viktor Dukhovni
wrote:
> On Wed, Jul 21, 2021 at 06:34:03PM -0400, Thejus Prabhu wrote:
>
> > verify error:num=26:unsupported c
On Wed, Jul 21, 2021 at 06:34:03PM -0400, Thejus Prabhu wrote:
> verify error:num=26:unsupported certificate purpose
The certificate in question is CA certificate, not an EE certificate.
Specifically, the key usage and Netscape Cert Type signal that its
purpose is exclusively to be a CA, not a TL
Hi,
I am new to openssl and learning how to use it.
I am trying to read the self-signed SSL certificate created on a webserver.
I am using OpenSSL 1.1.1k on the client machine when I make a request
using:
openssl s_client -showcerts -connect 192.168.1.200:443
I end up with the following error
> From: openssl-users On Behalf Of
> Jayalakshmi bhat
> Sent: Wednesday, 30 June, 2021 08:29
> I am getting the below error. Does anyone have inputs. Any help would be
> appreciated.
> openssl/safestack.h(159) : error C2054: expected '(' to follow '__inli
Hi,
On 30/06/21 15:22, Paulo Wollny wrote:
Hi,
thank you for the answer.
can you please point the right direction for solution, please?
try
http://httpd.apache.org/userslist.html
Regarding the "look suspicious - it means your client is connecting
from 127.0.0.1 and your server is also li
Hi All,
We are trying to compile OpenSSL 1.1.1i on our system. It is a hybrid
system. Compiler is arm -gcc for WinCE 6.0 and the module that compiles
openssl is on Vxworks 5.0 abstraction.
I am getting the below error. Does anyone have inputs. Any help would be
appreciated.
openssl/safestack.h
nSSL 1.1.1f 31 Mar 2020
Ubuntu 20.04
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-06-17T18:27:53
My problem:
connecting to a secure server requiring client certificate, i get the
following error when presenting my certificate:
ERR_BAD_SSL_CLIENT_AUTH_CERT
It started to
Hi,
On 30/06/21 00:23, Paulo Wollny wrote:
Dear @ll
My environment:
OpenSSL 1.1.1f 31 Mar 2020
Ubuntu 20.04
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-06-17T18:27:53
My problem:
connecting to a secure server requiring client certificate, i get the
following error when
Dear @ll
My environment:
OpenSSL 1.1.1f 31 Mar 2020
Ubuntu 20.04
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-06-17T18:27:53
My problem:
connecting to a secure server requiring client certificate, i get the
following error when presenting my certificate
est Email" -aes256 encryption.pem
> encrypted.out
with the old RSA certificate, everything works as expected.
But, when I replace the RSA cert with the EC certificate, it does not.
Instead, I see:
15724089243112:error:2EFFF06F:CMS routines:CRYPTO_internal:ctrl
fail
with the EC certificate, it does not.
Instead, I see:
15724089243112:error:2EFFF06F:CMS routines:CRYPTO_internal:ctrl
failure:/usr/src/lib/libcrypto/cms/cms_env.c:124:
15724089243112:error:2EFFF074:CMS routines:CRYPTO_internal:error setting
recipientinfo:/usr/src/lib/libcrypto/cms/cms_env.c:944:
1572408924311
> > provider instead.
> >
> >
> > Pauli
> >
> > On 12/4/21 5:04 am, Shariful Alam wrote:
> >> Hello,
> >> Hope you guys are doing well. I'm trying to develop an RSA engine.
> >> My engine was somewh
Hello,
>> Hope you guys are doing well. I'm trying to develop an RSA engine.
>> My engine was somewhat working until I try to integrate my engine
>> with an apache httpd server. After installing the httpd from the
>> source code, i
lam wrote:
>> Hello,
>> Hope you guys are doing well. I'm trying to develop an RSA engine.
>> My engine was somewhat working until I try to integrate my engine
>> with an apache httpd server. After installing the httpd from the
>>
y to integrate my engine
with an apache httpd server. After installing the httpd from the
source code, it turns out that, I can't compile my engine anymore.
I get the following error while I try to compile (it was compiling
before and I did not make
y engine with an
> apache httpd server. After installing the httpd from the source code, it
> turns out that, I can't compile my engine anymore. I get the
> following error while I try to compile (it was compiling before and I did
> not make any changes to my e
lling the httpd from the source code,
it turns out that, I can't compile my engine anymore. I get the
following error while I try to compile (it was compiling before and I
did not make any changes to my engine code).
==
*$gcc -fPIC -c r_engine.c*
*r_engine.c:29:8:
Hello,
Hope you guys are doing well. I'm trying to develop an RSA engine. My
engine was somewhat working until I try to integrate my engine with an
apache httpd server. After installing the httpd from the source code, it
turns out that, I can't compile my engine anymore. I get the
follo
receiver must already have a
> trust store containing (root) certs that are considered trusted,
> and for the chain received from the server there should be a suitable trust
> anchor (which typically takes the form of a self-signed cert) in that trust
> store.
>
store.
> and if no match is found in the trust store,
> you'll get the reported error.
The reason must be something else. Note that the error was
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
which means that the chain built contains only one element, and this
element is self-signed and n
Codename:focal
*From Nginx server error log : *
2021/03/05 13:56:19 [crit] 82641#82641: *5 SSL_do_handshake() failed (SSL:
error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL
handshaking, client: 10.201.35.201, server: 0.0.0.0:443
We are able to see client hello
thon library is insisting on DER encoding (per the spec).
-Ben
On Thu, Feb 25, 2021 at 05:19:32PM +, John Robson via openssl-users wrote:
Hi all,
I'm encountering an error connecting to a device which as far as I can see
has a reasonable certificate...
The error coming back (through tw
1 - 100 of 3602 matches
Mail list logo
