Re: Problems with ECDSA signature and verification

On 17/10/2022 09:34, Fernando Elena Benavente wrote: Hi guys, we are having problems with the implementation of the signature and verification of messages with ECDSA, because the demo of ECDSA in github  us does not allow us to determine the type of ECDSA curve, I assume you are looking at

Problems with ECDSA signature and verification

Hi guys, we are having problems with the implementation of the signature and verification of messages with ECDSA, because the demo of ECDSA in github us does not allow us to determine the type of ECDSA curve, In addition, we have seen that we have problems when it comes to having strings and

Problems using openssl inside parallels desktop

Hello list, I stumbled upon a problem which I think originates in openssl. My initial goal was to build lineageos inside a virtual machine (parallels desktop) running on my 2019 iMac. I installed debian on an external usb drive, which went pretty smooth. Disk speed is pretty awful, but for my n

RE: problems with too many ssl_read and ssl_write errors

Please reply to the list rather than to me directly. > From: Kamala Ayyar > Sent: Thursday, 26 August, 2021 08:57 > We call the WSAGetLastError immediately after SSL_ERROR_SYSCALL and we get > the > WSAETIMEDOUT OK. This wasn't entirely clear to me from your previous message. So you are get

RE: problems with too many ssl_read and ssl_write errors

> From: Kamala Ayyar > Sent: Monday, 23 August, 2021 09:22 > We get the SSL_ERROR_SYSCALL from SSL_Read and SSL_Write quite often. You'll get SSL_ERROR_SYSCALL any time OpenSSL makes a system call (including, on Windows, a Winsock call) and gets an error. > It seems the handshake is done corr

Re: problems with too many ssl_read and ssl_write errors

For the below symptoms, I would recommend a watching the application port with WireShark. This should show any the TLS protocol deviations and any problems in handling and establishing the TCP connections. On 2021-08-19 00:38, David Bowers via openssl-users wrote: * We have a server that

Re: problems with too many ssl_read and ssl_write errors

d > application > > limitation > > You said you're specifically getting SSL_ERROR_SYSCALL from SSL_read and > SSL_write. That has nothing to do with whether the socket is in blocking > mode -- system calls on blocking sockets can certainly return errors. I > don't unders

RE: problems with too many ssl_read and ssl_write errors

d this question. There are any number of reasons why the server's ability to handle this load might be compromised. Network congestion, bufferbloat, load on the CPU or NIC (particularly if TCP offload is enabled to the NIC), contention for DMA, other application I/O, Years ago, I had one custome

problems with too many ssl_read and ssl_write errors

* We have a server that has around 2025 clients connected at any instant. * Our application creates a Server /Listener socket that then is converted into a Secure socket using OpenSSL library. This is compiled and built in a Windows x64 environment. We also built the OpenSSL for the Win

Re: creating certificate by code / problems to load via openssl x509 / pem format

On Thu, 2020-12-10 at 10:39 +0100, Andreas Tengicki wrote: > The solution was to choice a EVP by signing the certificate > > i = X509_sign(x, CApkey, EVP_sha256()); I do not really think this was the problem. In the code below you do not set the notBefore time which is actually indicated by the p

Re: creating certificate by code / problems to load via openssl x509 / pem format

The solution was to choice a EVP by signing the certificate i = X509_sign(x, CApkey, EVP_sha256()); Best regards   Andreas Am 09.07.2020 um 11:09 schrieb Andreas Tengicki: Hello, your first help in this project, helps much, but now some weeks later, there is a new problem, and I cannot fin

Facing problems with openssl-1.1.1c & later versions

Hi, There, I am new to openSSL and currently working on integrating openSSL libraries in our product which has linux-ppc platform. We have an old version of kernel in our product i.e. 2.6.37.6. I want to integrate lighttpd with openSSL for HTTPS support. When I use openSSL-1.1.1b or older versi

Re: Real MTU problems with BIO pair

On 2020-08-21 19:48, Benjamin Kaduk wrote: On Fri, Aug 21, 2020 at 05:05:51PM +0200, Detlef Vollmann wrote: On 2020-08-20 21:44, Detlef Vollmann wrote: Is there any way to set the maximum fragment size for DTLS handshake with a BIO pair? One solution is to set the MTU and the int_bio size to

Re: Real MTU problems with BIO pair

On Fri, Aug 21, 2020 at 05:05:51PM +0200, Detlef Vollmann wrote: > On 2020-08-20 21:44, Detlef Vollmann wrote: > > > > Is there any way to set the maximum fragment size for > > DTLS handshake with a BIO pair? > One solution is to set the MTU and the int_bio size to > exactly the same value. > Anot

Re: Real MTU problems with BIO pair

On 2020-08-20 21:44, Detlef Vollmann wrote: if I create a BIO pair with   BIO_new_bio_pair(&int_bio, 0, &ext_bio_, 0); then I tried to use SSL_set_mtu(), DTLS_set_link_mtu() and SSL_CTX_set_max_send_fragment(ctx, 1000). None of them gave me an error, but also none of them worked: the ServerHell

Real MTU problems with BIO pair

Hello, if I create a BIO pair with BIO_new_bio_pair(&int_bio, 0, &ext_bio_, 0); then I tried to use SSL_set_mtu(), DTLS_set_link_mtu() and SSL_CTX_set_max_send_fragment(ctx, 1000). None of them gave me an error, but also none of them worked: the ServerHello was still sent as a single packet (>

creating certificate by code / problems to load via openssl x509 / pem format

Hello, your first help in this project, helps much, but now some weeks later, there is a new problem, and I cannot find any tipps via google. For all the coding a have looked into the openssl examples. I create a private key per code, the "openssl rsa -in test_privatekey.pem -check" is fine I c

Re: Problems porting Openssl 1.1.1d to zos.

Yes, I encountered the same problem in my OS/400 port of OpenSSL 1.1.1.

Re: Problems porting Openssl 1.1.1d to zos.

Am 14.04.20 um 14:57 schrieb K Lengauer: Hi Stephan, Thank you for your quick response and also the link to your github issue. I must have brushed over it when searching for similar issues, apologies. Anyway, this seems to further confirm the issue(s) at hand... Did you have any success or have

Re: Problems porting Openssl 1.1.1d to zos.

Hi Stephan, Thank you for your quick response and also the link to your github issue. I must have brushed over it when searching for similar issues, apologies. Anyway, this seems to further confirm the issue(s) at hand... Did you have any success or have you made any attempts at fixing this so far

Re: Problems porting Openssl 1.1.1d to zos.

Hello Kevin, Am 14.04.20 um 10:00 schrieb K Lengauer: Dear all, I want to add another issue that occurred to me and would appreciate some input from others using zOS OpenSSL. Calls like "ossl_isascii(c)" such as is done in "a_print.c" in method "int ASN1_PRINTABLE_type(const unsigned char *s,

Re: Problems porting Openssl 1.1.1d to zos.

Dear all, I want to add another issue that occurred to me and would appreciate some input from others using zOS OpenSSL. Calls like "ossl_isascii(c)" such as is done in "a_print.c" in method "int ASN1_PRINTABLE_type(const unsigned char *s, int len)" lead to wrong behavior for me on zOS if the in

Re: Problems porting Openssl 1.1.1d to zos.

First of all, thanks Michael Wojcik for your answer regarding the datasets. I was able to get it working. In the meantime I got the whole build done and am working on my tests. One thing that I noticed recently is a wrong certificate X509 name output that happens because of the following code sect

Re: Problems porting Openssl 1.1.1d to zos.

behalf of K Lengauer Sent: Monday, March 9, 2020 10:29 To: openssl-users@openssl.org Subject: Re: Problems porting Openssl 1.1.1d to zos. Dear Patrick and co I am currently stuck during my build with the following error: IKJ56228I DATA SET CEE.SCEEBND2 NOT IN CATALOG OR CATALOG CAN NOT BE ACCESS

Re: Problems porting Openssl 1.1.1d to zos.

Dear Patrick and co I am currently stuck during my build with the following error: IKJ56228I DATA SET CEE.SCEEBND2 NOT IN CATALOG OR CATALOG CAN NOT BE ACCESSED FSUM3052 The data definition name SYSLIB cannot be resolved. The data set was not found. Ensure that data set name CEE.SCEEBND2 is s

Re: Problems porting Openssl 1.1.1d to zos.

On 3/4/20 5:31 PM, Salz, Rich via openssl-users wrote: Perhaps someone should writeup and submit a "NOTES.zos" file to add? I could put the contents of my previous mail in a NOTES.zos file, if that would be considered helpful, knowing it works for us at the moment and might not to the trick for

Re: Problems porting Openssl 1.1.1d to zos.

Perhaps someone should writeup and submit a "NOTES.zos" file to add?

Re: Problems porting Openssl 1.1.1d to zos.

Regarding perl, this is the version which works for us : > perl -v This is perl 5, version 24, subversion 0 (v5.24.0) built for os390 Copyright 1987-2016, Larry Wall MVS (OS390) port by Mortice Kern Systems, 1997-1999 Perl may be copied only under the terms of either the Artistic License or t

Re: Problems porting Openssl 1.1.1d to zos.

Thank you very much Patrick Steuer. This certainly helps! I am now also in the progress of building OpenSSL and come across missing "cflags" and the likes so with your config I can hopefully save some time as well as verify what I already use. I will also share my config in the near future once I

Re: Problems porting Openssl 1.1.1d to zos.

This is a very helpful post. Thank you. We lacked Perl and had no clear path to getting it. Can't say this deficiency caused our project to miss generous targets, but it certainly contributed. On Wed, Mar 4, 2020, 6:07 AM Patrick Steuer wrote: > > I stumbled across this mails when looking for

Re: Problems porting Openssl 1.1.1d to zos.

I stumbled across this mails when looking for information regarding OpenSSL on zOS. Currently, I am working on getting OpenSSL 1.1.1c running on zOS. So far I created my own config "target" inside 10-main.conf based on the old configuration that was used pre OpenSSL 1.1.0. Still, I was not able

Re: Problems porting Openssl 1.1.1d to zos.

We recently abandoned our effort to port 1.1.1d to zos. Attempting to use GSK now. Lack of a zos dev community is a hurdle. M On Mon, Mar 2, 2020, 6:04 AM K Lengauer wrote: > Dear all, > > I stumbled across this mails when looking for information regarding OpenSSL > on zOS. Currently, I am work

Re: Problems porting Openssl 1.1.1d to zos.

Dear all, I stumbled across this mails when looking for information regarding OpenSSL on zOS. Currently, I am working on getting OpenSSL 1.1.1c running on zOS. So far I created my own config "target" inside 10-main.conf based on the old configuration that was used pre OpenSSL 1.1.0. Still, I was

Re: Problems revoking a cert

On Mon, Feb 24, 2020 at 12:09 PM Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Michael Leone > > Sent: Monday, February 24, 2020 09:37 > > > SO I was an idiot, and signed a certificate, but specified an inva

RE: Problems revoking a cert

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Michael Leone > Sent: Monday, February 24, 2020 09:37 > SO I was an idiot, and signed a certificate, but specified an invalid > location. i.e., > I used a "/" instead of a "/" in the location. I assume that was supp

Problems revoking a cert

SO I was an idiot, and signed a certificate, but specified an invalid location. i.e., I used a "/" instead of a "/" in the location. $ sudo openssl ca -in requests/.req -out certs\-2020-02-24. And so I can't find that cert file anywhere (obviously). So I'd like to revoke it, so that I can re-sign

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 4:02 PM Michael Wojcik wrote: > > > From: Michael Leone [mailto:tur...@mike-leone.com] > > Sent: Friday, February 07, 2020 13:13 > > > > I've got it almost all figured out, except how to get a subjectAltName > > automatically populated by the CN of the requestor. My requests

RE: Problems adding specific extensions to signed certificates

> From: Michael Leone [mailto:tur...@mike-leone.com] > Sent: Friday, February 07, 2020 13:13 > > I've got it almost all figured out, except how to get a subjectAltName > automatically populated by the CN of the requestor. My requests aren't > asking for a SAN, but Chrome isn't happy without one, so

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 3:08 PM Michael Wojcik wrote: > > > From: Michael Leone [mailto:tur...@mike-leone.com] > > Sent: Friday, February 07, 2020 11:55 > > > > How is that this works for everyone else, and not me? :-) > > It doesn't. > > I just reviewed this whole note stream, and realized you're

RE: Problems adding specific extensions to signed certificates

> From: Michael Leone [mailto:tur...@mike-leone.com] > Sent: Friday, February 07, 2020 11:55 > > How is that this works for everyone else, and not me? :-) It doesn't. I just reviewed this whole note stream, and realized you're using "openssl req" to create the certificate, rather than "openssl c

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 1:46 PM Michael Leone wrote: > > On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik > wrote: > > Or copied using the copy_extensions option, as noted in the discussion of > > that issue. > > > > In the OpenSSL configuration file used by "openssl ca", in the CA section > > (th

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik wrote: > Or copied using the copy_extensions option, as noted in the discussion of > that issue. > > In the OpenSSL configuration file used by "openssl ca", in the CA section > (that is, the section named by the default_ca option, or in the section

RE: Problems adding specific extensions to signed certificates

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Salz, Rich via openssl-users > Sent: Friday, February 07, 2020 09:17 > > I think the mismatch is that CSR extensions are not carried over; they have > to be added at signing time. > See https://github.com/openssl/openss

Re: Problems adding specific extensions to signed certificates

I think the mismatch is that CSR extensions are not carried over; they have to be added at signing time. See https://github.com/openssl/openssl/issues/10458

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 11:02 AM Sergio NNX wrote: > > This is the basics of OpenSSL! > > You would like to add extensions to a CSR or the problem arises when signing > it? Yes, when I sign, I get no extensions that are requested in the CSR. Nor are any added, when I sign (requested or not). > >

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 10:30 AM Michael Richardson wrote: > > > Michael Leone wrote: > > On Fri, Feb 7, 2020 at 8:54 AM Michael Leone > wrote: > >> Thanks, tho, I did learn a thing or two. I see from this example > >> > >> openssl req -config $cfgdir/openssl-root.cnf $passin \ >

Re: Problems adding specific extensions to signed certificates

From: openssl-users on behalf of Michael Leone Sent: Saturday, 8 February 2020 2:01 AM To: openssl-users@openssl.org Subject: Re: Problems adding specific extensions to signed certificates On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni wrote: > > On Thu, F

Re: Problems adding specific extensions to signed certificates

On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni wrote: > > On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote: > > > Oh, I can add extensions by signing and using the -extfile option, and > > specifying a file with the specific options I want to give the > > certificate. But I don't want

Re: Problems adding specific extensions to signed certificates

On Fri, Feb 7, 2020 at 8:54 AM Michael Leone wrote: > Thanks, tho, I did learn a thing or two. I see from this example > > openssl req -config $cfgdir/openssl-root.cnf $passin \ > -set_serial 0x$(openssl rand -hex $sn)\ > -keyform $format -outform $format\ > -key $rootca/private/ca.

Re: Problems adding specific extensions to signed certificates

On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni wrote: > On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote: > > > Oh, I can add extensions by signing and using the -extfile option, and > > specifying a file with the specific options I want to give the > > certificate. But I don't want

Re: Problems adding specific extensions to signed certificates

On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote: > Oh, I can add extensions by signing and using the -extfile option, and > specifying a file with the specific options I want to give the > certificate. But I don't want to have to use an addon file, I want to > add parameters to all s

Problems adding specific extensions to signed certificates

This is driving me crazy. I have a CA, running on Debian 9, running openssl 1.1.0. (this CA is for our organization internal use only, of course). I can successfully sign requests. However, what I can't seem to do, is add x509 extensions to the signed certificate, as part of the openssl.cnf. Oh, I

Re: Problems porting Openssl 1.1.1d to zos.

> An error occurred during a connection to cafe.na.tibco.com:1802. SSL > received a record with an incorrect Message Authentication Code. Error > code: SSL_ERROR_BAD_MAC_READ In case this error occurs with a chacha-poly cipher suite, the following PR probably has a fix: https://github.com/openssl

Re: Problems porting Openssl 1.1.1d to zos.

Please see also GitHub issue #4154, in particular https://github.com/openssl/openssl/issues/4154#issuecomment-552838141

Re: Problems porting Openssl 1.1.1d to zos.

On 11.11.19 16:42, Wendell Nichols via openssl-users wrote: Is there anyone on this group with experience with ebcdic platforms, specifically zOS?  I have built 1.1.1d on zOS and connections to my server work for firefox 60 but not newer versions.  I don't know exactly where the cut off is o

Problems porting Openssl 1.1.1d to zos.

Is there anyone on this group with experience with ebcdic platforms, specifically zOS?  I have built 1.1.1d on zOS and connections to my server work for firefox 60 but not newer versions.  I don't know exactly where the cut off is or what they changed but current versions get an HMAC error.  I

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in >> order to write database/disk encryption software. >> >> When encrypting, I have problems if I call EVP_CipherUpdate() and >> encrypt the data in chunks. Encrypting only works when I encrypt the >> ent

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

ystems.com>> wrote: Hi all, I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in order to write database/disk encryption software. When encrypting, I have problems if I call EVP_CipherUpdate() and encrypt the data in chunks. Encrypting

Re: EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

nSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in > order to write database/disk encryption software. > > When encrypting, I have problems if I call EVP_CipherUpdate() and > encrypt the data in chunks. Encrypting only works when I encrypt the > entire payload with one and only

EVP_aes_256_xts() problems with multiple calls to EVP_CipherUpdate

Hi all, I'm using OpenSSL 1.1.1d on Linux with the cipher EVP_aes_256_xts() in order to write database/disk encryption software. When encrypting, I have problems if I call EVP_CipherUpdate() and encrypt the data in chunks. Encrypting only works when I encrypt the entire payload with on

Re: Problems building for IOS and linking to libssh2

https://stackoverflow.com/questions/6429494/undefined-symbols-for-architecture-armv7 Look at common cause 3 in the first answer. These are the undefined symbols: "_ENGINE_load_builtin_engines", referenced from: _libssh2_init in global.c.o __libssh2_init_if_needed in global.c.o

Problems building for IOS and linking to libssh2

Hello. I have built libssh2 with openssl in windows (MVC 2017), linux (GCC >6), mac (clang 8 - 10), android (NDK19 / API 21-24 / clang) successfully. Now I am stuck trying to build it for iOS. The error I get is about an undefined symbol as folows ld: warning: -headerpad_max_install_names is

Re: [openssl-users] Problems on authentication during TLS handshake

Agreed. I use this as my engine sample and rewrite it to support OpenSSL 1.1 since this repo only works in OpenSSL 1.0.2. This takes a long time. Moreover very appreciated the support from everyone and Viktor, it's *important *to use public key in SSL_CTX_use_PrivateKey(). Now my engine is working

Re: [openssl-users] Problems on authentication during TLS handshake

Il giorno mar 8 gen 2019 alle ore 19:32 Jin Xie ha scritto: > Thank you! I would have a try. > > Look here: https://github.com/MicrochipTech/cryptoauth-openssl-engine Antonio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Problems on authentication during TLS handshake

Thank you! I would have a try. On Tue, Jan 8, 2019 at 1:10 AM Viktor Dukhovni wrote: > On Tue, Jan 08, 2019 at 12:38:32AM -0800, Jin Xie wrote: > > > As for “in which case it will use the public key as a stand-in for the > > missing private key”, do you mean use “client cert public key” instead

Re: [openssl-users] Problems on authentication during TLS handshake

On Tue, Jan 08, 2019 at 12:38:32AM -0800, Jin Xie wrote: > As for “in which case it will use the public key as a stand-in for the > missing private key”, do you mean use “client cert public key” instead of > “client cert private key”? If so is it possible that I pass “client cert > public key” in

Re: [openssl-users] Problems on authentication during TLS handshake

possible that I pass “client cert public key” in “SSL_CTX_use_PrivateKey_file”? (I’m running on 1.1 : ) Thanks, Jim From: Viktor Dukhovni Sent: Tuesday, January 8, 2019 12:05 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Problems on authentication during TLS handshake On Mon

Re: [openssl-users] Problems on authentication during TLS handshake

On Mon, Jan 07, 2019 at 11:43:47PM -0800, Jin Xie wrote: [ Going forward, please try to post plain-text with regular spaces, rather than Unicode non-breaking spaces. ] >// load client-side cert and key, signed by intermediate cert >SSL_CTX_use_certificate_file(m_ctx, ClientCerti

[openssl-users] Problems on authentication during TLS handshake

Hello everyone, I’m new at OpenSSL programming and encountered a problem while build TLS connection. I’m working on a crypto chip ATECC508A. So the client private key is stored in the chip and no way to get it out. However during standard TLS handshake, I need to provide client private key by “

Re: [openssl-users] Problems with deriving EC public key from private

On Dec 17, 2018, at 11:42 PM, Billy Brumley wrote: > > But 0.4% is suspiciously close to 1/256, so I'm willing to bet your > problem surrounds your size assumptions in various functions. Check > the manpage of e.g. EC_POINT_point2oct and grep for usage in the > library, but the idea is to pass NU

Re: [openssl-users] Problems with deriving EC public key from private

On Tue, Dec 18, 2018 at 12:07 AM Mike Blaguszewski wrote: > > Some code of mine reads a NIST P256 private key from bytes and derives the > public key from it, and this derived public key is incorrect about 0.4% of > the time. I’ve attached a sample program that does the following. > > 1. Generat

[openssl-users] Problems with deriving EC public key from private

Some code of mine reads a NIST P256 private key from bytes and derives the public key from it, and this derived public key is incorrect about 0.4% of the time. I’ve attached a sample program that does the following. 1. Generate a key-pair of type NID_X9_62_prime256v1 2. Write the public and priv

Re: [openssl-users] Problems with man page code example at EVP_EncryptInit

Never mind. Easy google search away: https://github.com/openssl/openssl On Wed, Sep 5, 2018 at 10:49 AM Sam Habiel wrote: > > Todd, > > What is the correct repo on Github? > > --Sam > On Wed, Sep 5, 2018 at 10:46 AM Short, Todd via openssl-users > wrote: > > > > PRs on GitHub to fix documentation

Re: [openssl-users] Problems with man page code example at EVP_EncryptInit

Todd, What is the correct repo on Github? --Sam On Wed, Sep 5, 2018 at 10:46 AM Short, Todd via openssl-users wrote: > > PRs on GitHub to fix documentation are always welcome. > -- > -Todd Short > // tsh...@akamai.com > // "One if by land, two if by sea, three if by the Internet." > > On Sep 5,

Re: [openssl-users] Problems with man page code example at EVP_EncryptInit

PRs on GitHub to fix documentation are always welcome. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Sep 5, 2018, at 10:18 AM, Sam Habiel mailto:sam.hab...@gmail.com>> wrote: I had to double check something--I was w

Re: [openssl-users] Problems with man page code example at EVP_EncryptInit

I had to double check something--I was wrong about something--&outlen is not incremented inside of openssl--so you have to keep another variable to which you add outlen and use that to set the read/write pointer in outbuf. --Sam On Wed, Sep 5, 2018 at 10:04 AM Sam Habiel wrote: > > First time pos

[openssl-users] Problems with man page code example at EVP_EncryptInit

First time poster. I hope I am writing to the right place. Example for "General encryption and decryption function example using FILE I/O and AES128 with a 128-bit key" has two errors. I spent a lot of time trying to figure out what I did wrong for a while... 1. ctx is already a pointer; it does

Re: [openssl-users] openssl problems

On 07/06/18 21:40, wazzu62 wrote: > read from 0x55f11344dea0 [0x55f113455ee3] (5 bytes => 5 (0x5)) > - 48 54 54 50 2fHTTP/ Here is your problem. s_client sends a TLS ClientHello to the server. And the server responds with HTTP!!! The server is not using

Re: [openssl-users] openssl problems

I will look into the wireshark trace Here is the output with the debug option CONNECTED(0003) write to 0x55f11344dea0 [0x55f11345f100] (176 bytes => 176 (0xB0)) - 16 03 01 00 ab 01 00 00-a7 03 03 8c 1a 33 4f 8e .3O. 0010 - fb e3 3f 51 82 36 ae 38-5e 86 3c af d2 82 0f d9 ..

Re: [openssl-users] openssl problems

On 07/06/18 17:57, wazzu62 wrote: > When I run the following command on the server the reverse proxy is pointing > to I get a similar error > *openssl s_client -connect localhost:443* > CONNECTED(0003) > 140508314333632:error:1408F10B:SSL routines:ssl3_get_record:wrong version > number:../ss

Re: [openssl-users] openssl problems

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of wazzu62 > Sent: Thursday, June 07, 2018 10:57 > Attempts to connect to the reverse proxy endpoint via a browser generate > the following error in the apache log file By "the apache log file", you mean the log for the

[openssl-users] openssl problems

I will preface this with the fact I am not an ssl expert. I am trying to resolve an issue I am having with apache and a reverse proxy that I think is ssl related. Attempts to connect to the reverse proxy endpoint via a browser generate the following error in the apache log file [Tue May 29 09:14:

Re: [openssl-users] Problems with se...rver mode of openssl ocsp

On 09/07/2017 04:13 PM, Dr. Stephen Henson wrote: On Thu, Sep 07, 2017, Robert Moskowitz wrote: Good progress. A few questions: on https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html The sample server test command is: openssl ocsp -port 127.0

Re: [openssl-users] Problems with server mode of openssl ocsp

On Thu, Sep 07, 2017, Robert Moskowitz wrote: > Good progress. A few questions: > > on > https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html > > The sample server test command is: > > openssl ocsp -port 127.0.0.1:2560 -text -sha256 \ > -inde

[openssl-users] Problems with server mode of openssl ocsp

Good progress. A few questions: on https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html The sample server test command is: openssl ocsp -port 127.0.0.1:2560 -text -sha256 \ -index intermediate/index.txt \ -CA intermediate/certs/ca-chai

Re: [openssl-users] Network problems (not OpenSSL)

elivered successfully even with fragmentation, but the effective > throughput achievable on the link drops significantly. OpenSSL does not implement TCP/IP, and network throughput issues need to solved at the network layer. You may have path MTU issues, or other networking problems. If smaller

Re: [openssl-users] Build problems on Windows

In message <39de3d0c-b9f8-6576-b4ed-de4501fcb...@wisemo.com> on Tue, 10 Jan 2017 20:20:30 +0100, Jakob Bohm said: jb-openssl> On 10/01/2017 19:43, Matt Caswell wrote: jb-openssl> > Notes on Perl on Windows jb-openssl> > jb-openssl> > jb-openssl> > There are a numbe

Re: [openssl-users] Build problems on Windows

of Jeffrey Walton Sent: Tuesday, January 10, 2017 11:52 AM To: OpenSSL Users Subject: Re: [openssl-users] Build problems on Windows IF EXIST libcrypto-1_1-x64.dll.manifest DEL /F /Q libcrypto-1_1-x64.dll.manifest link /nologo /debug /dll /implib:libcrypto.lib /out:libcrypto-1

Re: [openssl-users] Build problems on Windows

> IF EXIST libcrypto-1_1-x64.dll.manifest DEL /F /Q > libcrypto-1_1-x64.dll.manifest > link /nologo /debug /dll /implib:libcrypto.lib > /out:libcrypto-1_1-x64.dll /def:libcrypto-1_1-x64.def > @C:\Users\jesaremi\AppData\Local\Temp\nm8557.tmp || (DEL /Q libcrypto.* > libcrypto-1_1-x6

Re: [openssl-users] Build problems on Windows

27; NMAKE : fatal error U1077: 'link' : return code '0x1' Stop. From: openssl-users on behalf of Jakob Bohm Sent: Tuesday, January 10, 2017 11:20 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Build problems on Windows On 10/01

Re: [openssl-users] Build problems on Windows

enssl-users] Build problems on Windows On 10/01/2017 19:43, Matt Caswell wrote: >   Notes on Perl on Windows >   > >   There are a number of build targets that can be viewed as "Windows". >   Indeed, there are VC-* configs targeting VisualStudio C, a

Re: [openssl-users] Build problems on Windows

On 10/01/2017 19:43, Matt Caswell wrote: Notes on Perl on Windows There are a number of build targets that can be viewed as "Windows". Indeed, there are VC-* configs targeting VisualStudio C, as well as MinGW and Cygwin. The key recommendation is to use "matchi

Re: [openssl-users] Build problems on Windows

i was not aware of that. thanks so much. I'll go back and install a proper Perl From: openssl-users on behalf of Matt Caswell Sent: Tuesday, January 10, 2017 10:43 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Build problems on Windows

Re: [openssl-users] Build problems on Windows

www.activestate.com/ActivePerl. Matt > > > > > *From:* openssl-users on behalf of > Jakob Bohm > *Sent:* Monday, January 9, 2017 9:46 PM > *To:* openssl-users@openssl.org > *Subject:* Re: [openssl-users] Build problems on

Re: [openssl-users] Build problems on Windows

ssl-users@openssl.org Subject: Re: [openssl-users] Build problems on Windows On 10/01/2017 05:04, jeff saremi wrote: > > Hello > > I downloaded openssl-1.1.0c and i'm trying to build this on Windows 10 > using Visual Studio 2015. I'm following the INSTALL and NOTES.WIN > ins

Re: [openssl-users] Build problems on Windows

On 10/01/2017 05:04, jeff saremi wrote: Hello I downloaded openssl-1.1.0c and i'm trying to build this on Windows 10 using Visual Studio 2015. I'm following the INSTALL and NOTES.WIN instructions however I get stopped rather quickly with file not found issues.. I have also installed nasm.

[openssl-users] Build problems on Windows

Hello I downloaded openssl-1.1.0c and i'm trying to build this on Windows 10 using Visual Studio 2015. I'm following the INSTALL and NOTES.WIN instructions however I get stopped rather quickly with file not found issues.. I have also installed nasm. The build fails for 32 or 64 with slightly d

Re: [openssl-users] [openssl-dev] Still problems with openssl 1.0.2 snapshot

How do you configure? > test_dtls1_not_bleeding failed: expected return value -1, received 0 > ** test_dtls1_not_bleeding failed ** ... > 4 tests failed > *** Error code 1 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Still problems with openssl 1.0.2 snapshot

ALL OCSP TESTS SUCCESSFUL Test X509v3_check_* ../util/shlib_wrap.sh ./v3nametest ../util/shlib_wrap.sh ./heartbeat_test test_dtls1_not_bleeding failed: expected return value -1, received 0 ** test_dtls1_not_bleeding failed ** test_dtls1_not_bleeding_empty_payload failed: expected return va

Re: [openssl-users] Problems with cert authentication under Turkish locale

On Tue, Nov 01, 2016 at 06:15:01PM +0100, Jakob Bohm wrote: > >>The issue is triggered in libcurl but it seems to come out of libssl. It > >>seems to be > > Note that the Turkish UNICODE locales have the unusual property > that the uppercase/lowercase routines do not match ASCII "I" to > ASCII "i"

  1   2   3   4   5   6   7   8   9   10   >