De: openssl-users em nome de Michael Wojcik
Enviado: quarta-feira, 5 de fevereiro de 2020 23:15
Para: openssl-users@openssl.org
Assunto: RE: OpenSSL-1.1.1d fail with msvc 2019 (32 bits)
>I suspect the source file is corrupt. Have you looked at it? Did you check the
>signature on the OpenSSL ta
On Fri, Feb 7, 2020 at 8:54 AM Michael Leone wrote:
> Thanks, tho, I did learn a thing or two. I see from this example
>
> openssl req -config $cfgdir/openssl-root.cnf $passin \
> -set_serial 0x$(openssl rand -hex $sn)\
> -keyform $format -outform $format\
> -key $rootca/private/ca.
On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni
wrote:
>
> On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
>
> > Oh, I can add extensions by signing and using the -extfile option, and
> > specifying a file with the specific options I want to give the
> > certificate. But I don't want
This is the basics of OpenSSL!
You would like to add extensions to a CSR or the problem arises when signing it?
You create a CSR (without extension file) and then you can check/inspect
whether or not it shows the extension(s) you need/want. After that, you can
sign the CSR.
> Ok. I'm not rea
On Fri, Feb 7, 2020 at 10:30 AM Michael Richardson wrote:
>
>
> Michael Leone wrote:
> > On Fri, Feb 7, 2020 at 8:54 AM Michael Leone
> wrote:
> >> Thanks, tho, I did learn a thing or two. I see from this example
> >>
> >> openssl req -config $cfgdir/openssl-root.cnf $passin \
>
On Fri, Feb 7, 2020 at 11:02 AM Sergio NNX wrote:
>
> This is the basics of OpenSSL!
>
> You would like to add extensions to a CSR or the problem arises when signing
> it?
Yes, when I sign, I get no extensions that are requested in the CSR.
Nor are any added, when I sign (requested or not).
> >
I think the mismatch is that CSR extensions are not carried over; they have to
be added at signing time.
See https://github.com/openssl/openssl/issues/10458
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Salz, Rich via openssl-users
> Sent: Friday, February 07, 2020 09:17
>
> I think the mismatch is that CSR extensions are not carried over; they have
> to be added at signing time.
> See https://github.com/openssl/openss
Hello,
I'm assigning the RSA key as EVP_PKEY_RSA_PSS:
RSA* key;
EVP_PKEY_assign(*outKey, EVP_PKEY_RSA_PSS, key);
As is known EVP_PKEY_get0_RSA was recently updated to also accepts
EVP_PKEY_RSA_PSS and return the rsa value.
I'd like to know if there is any workaround to get the RSA key (RSA-PSS)
Hello, OpenSSL experts !
We need your help in better understanding a below behavior -
We are experiencing issue during the initial TLS handshake :
We have the customer-issued TLS certificate that we deploy on our TLS client
system
The certs have been generated with a CSR that was generated on c
On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik
wrote:
> Or copied using the copy_extensions option, as noted in the discussion of
> that issue.
>
> In the OpenSSL configuration file used by "openssl ca", in the CA section
> (that is, the section named by the default_ca option, or in the section
On Fri, Feb 7, 2020 at 1:46 PM Michael Leone wrote:
>
> On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik
> wrote:
> > Or copied using the copy_extensions option, as noted in the discussion of
> > that issue.
> >
> > In the OpenSSL configuration file used by "openssl ca", in the CA section
> > (th
> From: Michael Leone [mailto:tur...@mike-leone.com]
> Sent: Friday, February 07, 2020 11:55
>
> How is that this works for everyone else, and not me? :-)
It doesn't.
I just reviewed this whole note stream, and realized you're using "openssl req"
to create the certificate, rather than "openssl c
Hello Vladimir,
It's worth trying to reproduce the situation using openssl
s_client/s_server command-line apps.
On Fri, Feb 7, 2020 at 9:25 PM Bashin, Vladimir wrote:
> Hello, OpenSSL experts !
>
>
>
> We need your help in better understanding a below behavior -
>
>
>
> We are experiencing issu
On Fri, Feb 7, 2020 at 3:08 PM Michael Wojcik
wrote:
>
> > From: Michael Leone [mailto:tur...@mike-leone.com]
> > Sent: Friday, February 07, 2020 11:55
> >
> > How is that this works for everyone else, and not me? :-)
>
> It doesn't.
>
> I just reviewed this whole note stream, and realized you're
If you have the server's key and certificate, the command will be smth like
openssl s_server -key key -cert cert -CAfile
file_with_ca -verify_return_error
file_with_ca should contain a concatenation of the certs of the CAs that
should issue the client's certificate.
if you don't have the server
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Bashin, Vladimir
> Sent: Friday, February 07, 2020 11:25
> ... during that handshake the TLS server requests the client Certificate
> but our TLS client responds with the Certificates Length 0 that causes
> the TLS se
> From: Michael Leone [mailto:tur...@mike-leone.com]
> Sent: Friday, February 07, 2020 13:13
>
> I've got it almost all figured out, except how to get a subjectAltName
> automatically populated by the CN of the requestor. My requests aren't
> asking for a SAN, but Chrome isn't happy without one, so
> From: Venkata Ramaraju Vana [mailto:venkataramaraju.v...@broadcom.com]
> Sent: Thursday, February 06, 2020 03:01
> Error 209 error C2143: syntax error : missing ';' before '{'
>
> Error in "opensslconf.h" points to 'extern "C"' statement the following code:
> #ifdef __cplusplus
> extern "C" {
>
Thank you very much, Michael - let us digest the information and present it to
the customer. I may probably come back with the follow up questions in case
they say something worth passing to you...
Regards,
Vladimir Bashin
-Original Message-
From: openssl-users On Behalf Of Michael
I implemented some custom engines and RSA_meth_set_priv_enc seems to map
to other libraries' RSA decrypt operation (NCryptDecrypt on Windows
CNG, Cipher class with Cipher.DECRYPT_MODE on Android). They can do a
TLS connection just fine with a self-signed cert.
I looked at another custom e
22 matches
Mail list logo
