you and the root CA need to be
checked?
I guess another way of asking is this, does the rogue intermediate CA have the
ability to sign another intermediate CA cert which uses SHA1?
Jason.
__
OpenSSL Project
troubleshoot this?
regards,
Jason
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL
aha! so this is what I was suspecting actually. Please tell me where I can
RTFM about setting up
the root certs in my CA root certs dir?
and how to do the hash thing? if theres a howto, please point me to it.
thanks/regards,
Jason
> But you must add your new root certs to the CA ce
and of course libcrypto.so.0.9.7 and libssl.so.0.9.7 are in /local/stuff/lib
and im trying to use
LDFLAGS='-L/local/stuff/lib -R/local/stuff/lib';export LDFLAGS
in my configure script, but openssl wont use it
this is
[EMAIL PROTECTED] dump -Lv apps/openssl | grep -i RP
[EMAIL PROTECTED]
[EMAIL PROTECTED] file apps/openssl
apps/openssl: ELF 32-bit MSB executable SPARC32PLUS Version 1, V8+ Required,
UltraSPARC1
Extensions Required, dynamically linked, not stripped
[EMAIL PROTECTED
yall were right.. it was me..
didnt realize LD_OPTIONS was a make time variable.. not a configure time one.
problem solved. thanks.
Jason
__
OpenSSL Project http://www.openssl.org
User Support
getting set to write a PHP (perhaps perl as well) form mail
processor that sends SMIME messages from either nix or win boxes that can be
decrypted in Outlook. I'm sorry to bore you all with my petty project,
however, if anyone has any links or info that would be useful, please feel
free to
y much for the info. I'll update my walkthrough in case
someone stumbles by. Though, I generally only write them for my own
reference/memory aid.
-jason
__
OpenSSL Project http://www.openssl.org
U
/openssl.cnf
file? If so what is the syntax that I have to use? TIA..
-Jason
Sorry to bother you guys, had a taken a couple more
seconds I would have noticed that all the info is in the archives. Again, my
apologies..
-Jason
- Original Message -
From:
Jason
To: [EMAIL PROTECTED]
Sent: Saturday, June 17, 2000 10:42
AM
Subject
You can look at http://www.apache-ssl.org under the FAQ and it has step by
step instructions if you find you need more information...Helps even if you
aren't using apache-ssl...
HTH,
Jason
- Original Message -
From: Arun Venkataraman <[EMAIL PROTECTED]>
To: <[EMAIL PR
I have implemented a server using OpenSSL 0.9.8r. If I use s_client to open a
connection to a listenening SSL port on the server, and use the R commend to
initiate a rehandshake, the rehandshake completes successfully(as expected). I
have verified this using both SSL 3.0 and TLS 1.0.
Anothe
I have implemented a server using OpenSSL 0.9.8r. If I use s_client to open a
connection to a listenening SSL port on the server, and use the R commend to
initiate a rehandshake, the rehandshake completes successfully(as expected). I
have verified this using both SSL 3.0 and TLS 1.0.
Anothe
I have implemented a server using OpenSSL 0.9.8r. If I use s_client to open a
connection to a listenening SSL port on the server, and use the R commend to
initiate a rehandshake, the rehandshake completes successfully(as expected). I
have verified this using both SSL 3.0 and TLS 1.0.
Anothe
My apologies for accidently spamming the list with this message, my web based
email was having issues.
I am still unable to successfully rehandshake in the scenario below, and was
wondering if anyone might have some ideas. Is this the proper list for this
email?
Thanks.
From: jetso...
My apologies again, my posts were somehow got attached to an earlier
conversation. Posting one more time to place the message at the top of the
list:
I have implemented a server using OpenSSL 0.9.8r. If I use s_client to open a
connection to a listenening SSL port on the server, and use the
ite/read at the
same time in blocking mode is easily overcome, for example by preventing
re-negotiation (my application is on both ends of the pipe here), or by
replacing the read/write BIOs, or by supplying some magical mutex callback
function or something.
Thanks for any tips,
Jaso
l
SSL_write again (with the same args of course).
It'd be awesome if there was a 'canonical' example for this... I've read
through several different applications using OpenSSL (stunnel, Ice, curl) but
they're so heavily hacked up to overcome various system limitations /
the same SSL* at the
same time, or that two different threads be able to read the same SSL* at the
same time, which clearly doesn't make sense for a stream-based protocol. We
weren't suggesting that.
We were suggesting that it would be really, really
nd without disabling
TCP_NODELAY, it kills your throughput (assuming you're passing smallish
messages).
--jason
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
I am trying to have a java 1.5 client connect to a OpenSSL TLS server. I
can connect fine from other OpenSSL implementations.
I keep getting a version number error. Digging into the source, I see
that the SSL version>>8 was 98 when it expected 3. I'm looking at static
int s3_pkt.c: ssl3_get_recor
One point of confusion for me, I read this email to say the OpenSSL FIPS Object
Module v1.2 will(may?) not be usable beyond 2010. But in the first discussion
link, I read that to say that the v1.2 Module will not be suitable for "private
label" validations(which require changes to FIPS module
I'm just curious, what was the offending library? I have seen similar memory
issues in the past that I never had a chance to get to the bottom of, actually
openssl behaved differently between 0.9.8i and 0.9.8j. But I'm wondering what
library you had to work around.
Thanks.
> From: psu
I think it does, but don't know for sure. Can you just try it on your system?
openssl dgst -sha256 filename
> Subject: RE: OpenSSL server problems
> Date: Tue, 9 Mar 2010 12:28:28 -0500
> From: chr...@motorola.com
> To: openssl-users@openssl.org
> CC: openssl-...@openssl.org
>
> Hi A
to access https://server/ssl_secure/ - you are asked
for your client cert.
We have another section of the site that has "SSLVerifyClient optional"
and that also triggers the same fault in MSIE - and FF/Chrome work fine :-(
Help?
Thanks!
--
Cheers
Jason Haar
Information Secur
maybe the key.
> disable it and check if MSIE likes it.
>
Nope - didn't make a difference
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A
never tested
the client cert case too well - I certainly don't understand why only
MSIE is having a problem.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 84
On 04/02/2010 08:13 AM, Jason Haar wrote:
> On 04/02/2010 02:21 AM, Chris Clark wrote:
>
>> You need to upgrade Apache to httpd-2.2.15 (released March 6, 2010)
>> Your version is years old.
>>
>>
>>
>
OK, this is getting weird... I just created t
osoft, you never cease to
disappoint me
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_
see a way to
pass in the checksum value of the original object when computing the
checksum of the new appended object.
Can someone tell me how I can achive the above?
Thanks,
Jason
Stephen,
Thanks for your solution.
>Well I'd add the BIG disclaimer that will NOT work in future when OpenSSL
>structures are made opaque and almost certainly will fail if you have an
>ENGINE.
Understood. I am new to openssl and I am reading up about 'ENGINE's in
openssl. When you say it will fa
In the HOWTO on making certificates, it suggests we should
check out the file called "ca.txt" to learn more about making
a CA:
4. Creating a self-signed test certificate
If you don't want to deal with another certificate
authority, or just want to create a test certificate for
Kyle Hamilton <[EMAIL PROTECTED]> wrote:
> The best way to create a CA using only openssl tools is to use the
> CA.pl or CA.sh shell scripts.
Okay. The misdirection in the documentation should still be fixed.
> The best way to create and manage a CA is to use other tools.
Which tools?
--
_
It would be nice if we could easily specify the epoch for
certificate expiration.
--
_jsn
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@op
Liao <[EMAIL PROTECTED]> wrote:
> As far as I know, in order to have the mod_ssl working, have
> to have the library openssl, right? Well, I dont know if my
> apache has, so I want to check.
This really isn't an OpenSSL question -- it has to do with
your platform. If you were on Linux, I'd tel
sl to hang?
Thanks.
Jason
Disclaimer: This message is intended only for the personal and confidential use
of the designated recipient(s) named above. If you are not the intended
recipient of this message you are hereby notified that any review,
dissemination, distribution or copying of this me
Greetings.
I have recently done some testing with OpenSSL versions 0.9.8i and 0.9.8j.
Basically, the application is opening 10,000 connections between a client and
server on the same Linux machine. I've noticed quite a difference in memory
utilization when monitered with the Linux top comma
Forgot to include a subject line, my apoligies.
> From: jetso...@hotmail.com
> To: openssl-users@openssl.org
> Subject:
> Date: Tue, 24 Feb 2009 14:48:01 +
>
>
> Greetings.
>
> I have recently done some testing with OpenSSL versions 0.9.8i and 0.9.8j
Greetings.
I have recently done some testing with OpenSSL versions 0.9.8i and 0.9.8j.
Basically, the application is opening 10,000 connections between a client and
server on the same Linux machine. I've noticed quite a difference in memory
utilization when monitered with the top command.
0
ions that AD's
"smartcard" control looks for.
Any ideas what they are (or am I totally off-track?)
Thanks!
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407
com/kb/281245
http://support.microsoft.com/kb/295663/
http://support.microsoft.com/kb/291010/
Jason
Jason Haar wrote:
> Hi there
>
> I'm evaluating eTokens for secure cert storage and along with other
> aspects was looking at the ability for Windows domains to use smartcards
>
oing. So why does
the protocol never see the ClientHello? Any help is appreciated, because I
think I'm doing what OpenSSL is telling me to do.
> Date: Tue, 7 Feb 2012 19:47:59 +0100
> From: st...@openssl.org
> To: jetso...@hotmail.com
> Subject: Re: Renegotiation
>
> On T
I have a question on how this situation happens, exactly, when using TLS 1.1 or
1.2. From ticket 2771, I see that the length of the ClientHello is what causes
the problem. But what needs to happen in order to make a ClientHello get too
big? My OpenSSL application only supports around 25 ciph
I'm building and running an application that uses OpenSSL on SUSE Linux. I
don't know a lot about linking in general, just very basic stuff, so my
question might be better posed to a Linux forum, but it might be specific to
OpenSSL. Let me describe the scenario.
I have built installed Op
: OpenSSL linking question; handling 1.0.0 vs 0.9.8
>
> Hi Jason,
>
> some general things about linking:
>
> - The symbolic link(s) libcrypto.so pointing to libcrypto.so.0.9.8
> are only needed during BUILD time. On a host where no compiling
> happens the symbolic links a
Phone
That will build you Mach-format libs containing i386, armv6 and armv7 object
code which you can link to. Then just add libssl and libcrypt to your project
and include the OpenSSL headers directory.
Jason
On Jul 26, 2012, at 11:19 PM, Bibhudatta Biswal
mailto:bbi...@kodiaknetwork
Copy the PEM key from your buffer into a BIO instance (using BIO_write for
example), and then use PEM_read_bio_RSAPrivateKey.
Jason
On Jul 29, 2012, at 5:52 AM, Jonas Schnelli
wrote:
> Hi
>
> I can read in a RSA private key from file without problems (with
> PEM_read_RSAPrivat
There are Javascript libraries which range from generating key pairs to
creating x509 certificates. So you could generate a keypair in the browser,
then generate a certificate signing request, send the CSR to a remote API along
with a challenge response, and then get back a signed x509 certific
use these primitives to get the public and private keys:
EC_KEY_get0_private_key
EC_KEY_get0_public_key
Jason
On Aug 14, 2012, at 5:49 PM, Tom Leavy
mailto:tombu...@gmail.com>>
wrote:
I have been trying to figure out how to generate an elliptic curve public
private key pair and
You can actually skip the step of using the BN functions and write your keypair
directly to PEM format:
PEM_write_bio_ECPrivateKey
You can then use the BIO functions to either read a string from memory, write
it to file, etc. See: http://www.openssl.org/docs/crypto/bio.html#
Jason
On Aug 15
I understand that its not validated. But if I understand correctly, I can
claim "vendor affirmed" if I can build it with no modifications (and at
least the canister builds with no modifications). Is this correct?
. "
I was assuming that this somehow magically made me the vendor as well. But
I can assert "user affirmation" for OSX?
On Thu, Aug 30, 2012 at 4:02 PM, Steve Marquess <
marqu...@opensslfoundation.com> wrote:
> On 08/30/2012 02:02 PM, Jason Todd wrote:
> > I und
k.
On Thu, Aug 30, 2012 at 4:20 PM, Jason Todd wrote:
> I'm sorry, I misread one of your earlier messages on the subject:
>
> "Normally recompilation would only be done by the
> vendor of record (OSF for this validation), but for the OpenSSL FIPS
> Object Module series o
I just would like to verify this is correct. I've been digging through the
manuals but it would nice to just have a verification.
1) I plan to build a build environment (for Linux and Windows) that matches
what is specified in the 140sp1747.pdf and build the fipscanister
2) Then build openssl-fip
Found my own answer on an earlier thread. You need the option "-Wl,-Bsymbolic"
to link a shared libary (that has static linked ssl-fips) correctly
On Mon, Sep 10, 2012 at 5:43 PM, Jason Todd wrote:
> So I can build a fips compliant executable and turn fips on/off (this is
> on
For Android, check out this project as an example:
https://github.com/eighthave/openssl-android
They have the Android-specific Makefile configs for doing an NDK build. You
could patch it with your changes and generate the .so libraries you need.
On Sep 12, 2012, at 12:05 PM, Indtiny s
mailto:
I have been scouring the web to find information on the proper use (or
using the correct functions available) of the BIO_* family of functions.
What I am attempting to do is to simply return a public key as a string.
Currently I am performing a series of operations to accomplish this like so:
y the
same, I don't think I ever got a failure, but the ClientHello was never read by
the server and renegotaion wouldn't take place until after Peer B was done
sending data. Just curious if this is something that has been resolved. Thanks.
Jason
From: rezaul.ha...@nsn.com
To: openssl-us
This really isn't something that is OpenSSL specific. But you can always
look into the 'read' (ie. man read) command, example:
read -sp "Enter path to key: " key
read -sp "Enter IV: " iv
openssl enc -e -aes256 -K $key -iv $iv -in ... -out ...
On 04/03/2013 02:59 PM, grajdean wrote:
openssl enc
On 04/04/2013 05:41 AM, Salz, Rich wrote:
read -sp "Enter path to key: " key
read -sp "Enter IV: " iv
openssl enc -e -aes256 -K $key -iv $iv -in ... -out ...
That doesn't help; the key is STILL in the argv list and can be seen by doing a
ps.
/r$
Your right, my apologies. Doesn't look l
Back in November a question(and response) were posted regarding thread safety
in the 1.0.1 branch of OpenSSL:
http://www.mail-archive.com/openssl-users@openssl.org/msg69322.html
In the response to the questions, the user states he removed the thread ID
callback function and the call to CRYPTO
I have a server that implements secure communication using OpenSSL. The server
does a listen() on a port and keeps track of what listens are secure/SSL
listens. When a peer opens to that IP addr/port, the server sees that it's for
a secure connection and then makes the calls to set up SSL info
Hello-
I am updating my Linux application from using OpenSSL 1.0.2 to 1.1.1 in
preparation for OpenSSL 3.0 (and of course the EOL of 1.0.2). I'm confused
about the function in the subject line as well as other, related sk_X509_*
functions.
My code has always used these functions, and currently
That makes sense. Thanks to everyone for the responses.
Jason
From: Dave Coombs
Sent: Wednesday, November 13, 2019 5:30 PM
To: Jason Schultz
Cc: openssl-users@openssl.org
Subject: Re: sk_X509_OBJECT_num()
Hi,
They're macros, defined in SKM_DEFINE_STA
I’m somewhat confused as to what I need to do to use ECDHE ciphers
(ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, etc). I’m hoping
this list can help, or at least point me to a good tutorial somewhere. A lot of
the information I’ve looked at is from the following links:
https://wi
Anyone have any advice on Elliptic Curve?
Thanks in advance.
From: openssl-users on behalf of Jason
Schultz
Sent: Friday, February 7, 2020 2:58 AM
To: openssl-users@openssl.org
Subject: Questions about using Elliptic Curve ciphers in OpenSSL
I’m somewhat
nd when do I use them? Or do I need them in
a separate file?
From: Salz, Rich
Sent: Tuesday, February 11, 2020 4:37 PM
To: Jason Schultz ; openssl-users@openssl.org
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
The first thing I would suggest is to separate ECDH, t
Thank you for your response Thulasi, this helped. I'm posting this back to the
OpenSSL users list in case it helps anyone else, and in case anyone can help
with my additional questions. While waiting for responses, I've been able to
find out how my certificate and keys were generated. I'd like
Yes, absolutely. As I said in my first post, these are throwaway key pairs, not
for production use, just a short time for testing to get things working.
Thanks,
Jason
On Feb 16, 2020, at 4:49 PM, Kyle Hamilton wrote:
Be aware that you just posted your certificate's private key, and
/dsaparams/, which is
readable. Should that file also reside in /etc/ssl/private/ so it's protected?
Thanks.
From: Kyle Hamilton
Sent: Sunday, February 16, 2020 10:49 PM
To: Jason Schultz
Cc: Thulasi Goriparthi ; openssl-users
Subject: Re: Questions about
d of the intermediate ecparams file? Or is there
something else I'm missing on the generation of certificate/private key pairs?
Thanks,
Jason
____
From: Nicola Tuveri
Sent: Tuesday, February 18, 2020 2:50 PM
To: Jason Schultz
Cc: Kyle Hamilton ; openssl
way to test before
they have their own certificate, signed by a CA).
Thanks again.
From: Nicola Tuveri
Sent: Wednesday, February 19, 2020 9:42 PM
To: Jason Schultz
Cc: Kyle Hamilton ; openssl-users
Subject: Re: Questions about using Elliptic Curve ciphers in
Nicola...my apologies for the typo...
From: openssl-users on behalf of Jason
Schultz
Sent: Friday, February 21, 2020 1:05 PM
To: Nicola Tuveri
Cc: openssl-users
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
Nicole-
This was very
Greetings. It has been several months since this blog post on OpenSSL 3.0:
https://www.openssl.org/blog/blog/2019/11/07/3.0-update/
“We are now not expecting code completion to occur until the end of Q2 2020
with a final release in early Q4 2020.”
Is OpenSSL 3.0 still expected to reach co
Thanks for all of the responses. This question has led to other related topics,
so I have another one. According to this blog:
https://keypair.us/2019/12/rip-fips-186-2/
The OpenSSL FIPS Object Module will be moved to the CMVP historical list as of
9/1/2020. Since there is no OpenSSL 3.0 until
For option 2, we have a support contract in place. But does this actually help
us as far as the FIPS Object Module?
From: openssl-users on behalf of Neptune
Sent: Thursday, February 27, 2020 8:56 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 3.0
You
That's fair. So the only option is to use another module? Extended 1.0.2
support does not resolve this either, correct?
From: Salz, Rich
Sent: Thursday, February 27, 2020 8:49 PM
To: Jason Schultz ; openssl-users@openssl.org
Subject: Re: OpenSS
I have some questions about my application’s verify_callback() function and how
I handle some of the OpenSSL errors.
For example, if my client application is presented a self-signed certificate in
the handshake, verify_callback() is called with an error, for which
X509_STORE_CTX_get_error() r
;ll paste the certificate below, but I would think this
version 1 certificate that does NOT have CA:TRUE would error in the same was
the similar RSA certificate did above. Does anyone know what could be the
result of the (seemingly) different behavior? Are there any other tests I could
try to lea
Changing the subject to be more relevant to my questions. Just wanted to ping
the list again.
From: openssl-users on behalf of Jason
Schultz
Sent: Friday, March 20, 2020 3:21 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL server sending certificate
Just wanted to bring this up again as I didn't get any responses initially. Has
anyone dealt with this or similar issues with OpenSSL 1.1.1?
From: openssl-users on behalf of Jason
Schultz
Sent: Thursday, March 5, 2020 2:04 PM
To: openssl-users@openss
a.
Thanks.
From: openssl-users on behalf of Viktor
Dukhovni
Sent: Monday, March 30, 2020 6:17 PM
To: openssl-users@openssl.org
Subject: Re: Peer certificate verification in verify_callback
On Thu, Mar 05, 2020 at 02:04:27PM +, Jason Schultz wrote:
>
usted store, so the trusted certificates will always be in PEM files in
/etc/ssl/certs/.
It sounds like that's not going to hold me back from accomplishing what I need
to do though, but I'll pursue this and let the list know if I run into any
other issues.
Thank
these days it seems that the RSA
structure is opaque, and so I can't do that either. (I mean fair
enough, it's a hack.)
Question -- is there a supported way of importing SPKI encoded public
keys into the OpenSSL world?
thanks so much for any help with this,
Jason@Spatial
EAY/OpenSSL user since 1995
On Mon, Apr 6, 2020 at 9:44 PM William Roberts wrote:
>
>
> There's setter functions now. See:
> https://www.openssl.org/docs/man1.1.0/man3/RSA_set0_key.html
Thanks, yes it does look like that replaces direct access to "n" and
"e". It's a hack, but it might work for the moment.
Ideally though I
On Mon, Apr 6, 2020 at 11:03 PM Viktor Dukhovni
wrote:
>
> > Question -- is there a supported way of importing SPKI encoded public
> > keys into the OpenSSL world?
>
> Yes. That'd be d2i_PUBKEY(3):
>
> https://www.openssl.org/docs/man1.1.1/man3/d2i_PUBKEY.html
>
Perfect! Thanks so much.
On Mon, Apr 6, 2020 at 10:03 PM William Roberts
wrote:
>
>
>
> I don't think I would consider it a hack necessarily. I work on the TPM stack
> and have to convert TPM structures to RSA public key structures for ooenssl
> to utilize, and we use this routine along the way. I would imagine theirs a
Is this correct? Anything I'm missing, here?
thanks for any clarity here
Jason@Spatial
56, yes?
>
> tbs is the digest value you calculated, tbslen is the size in bytes of
> the digest.
>
> -Kyle H
>
> On Tue, Apr 7, 2020 at 1:07 PM Jason Proctor wrote:
> >
> > Esteemed cryptologists,
> >
> > Question regarding the "tbslen"
I read the most recent (10/20) update to the OpenSSL 3.0 release page here:
https://www.openssl.org/blog/blog/2020/10/20/OpenSSL3.0Alpha7/
As well as the release strategy:
https://wiki.openssl.org/index.php?title=OpenSSL_3.0_Release_Schedule&oldid=3099
I have not done anything with the Alpha re
associated with these connections/sessions, I see the remove callback function
get called again for client-side sessions that I already called
SSL_SESSION_free() on. Is this normal behavior? Is there something else I’m
missing?
Thanks in advance.
Jason
ected, and OpenSSL is doing the actual free of the SSL_SESSION when the
SSL_CTX is freed.
Is that accurate?
Thanks,
Jason
e SSL_CTX’s I
create are “FIPS”. I realize there are probably several ways to do this, but
I’m looking to isolate my application only this way, and not affect any other
applications on the system.
Thanks in advance.
Jason
fips, base, default,
etc?
Regards,
Jason
From: openssl-users on behalf of Dr Paul
Dale
Sent: Sunday, October 24, 2021 12:28 AM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
Oops, the second time this occurs "defp = OSSL_PROVIDER
ems like I should be doing
it if I use the first method as well.
Regards,
Jason
From: openssl-users on behalf of Dr Paul
Dale
Sent: Sunday, October 24, 2021 11:12 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
The configuration
tion, creating an SSL_CTX with the
non_fips_libctx is successful, but later calling X509_get_pubkey() returns
NULL, implying maybe something is wrong with the non_fips_libctx as well.
I've tried other combinations, but at this point I'm just guessing. Is there
anything obvious I could be mis
ules/.
Are you saying I still needed to do "openssl fipsinstall" after the 4 steps I
already did?
Thanks,
Jason
From: Kory Hamzeh
Sent: Tuesday, October 26, 2021 8:13 PM
To: Jason Schultz
Cc: Dr Paul Dale ; openssl-users@openssl.org
Subject: Re: Op
Ah, OK. Yes, I am running on the same machine. Thanks for clarifying.
From: Kory Hamzeh
Sent: Tuesday, October 26, 2021 9:15 PM
To: Jason Schultz
Cc: Dr Paul Dale ; openssl-users@openssl.org
Subject: Re: OpenSSL 3.0 FIPS questions
Actually, if you are
. I'm wondering if that's needed since I
don't have any environment variables set up? I'm not sure what the default
search path is.
Jason
From: Matt Caswell
Sent: Wednesday, October 27, 2021 10:34 AM
To: Jason Schultz ; Dr Paul Dale ;
opens
need to. Would anyone reading this agree?
I'm running into another issue that I need to troubleshoot a bit more before I
add too much information and too many questions to a single message.
Thanks to everyone for their help with this, things are starting to make more
sense now.
___
1 - 100 of 296 matches
Mail list logo
