Hi Viktor,
>Do you then add chain certificates one by one?
Yes, and SSL_CTX_use_certificate() also works in multiple certificate types on
1.0.2. Many thanks, Jane
在 2018-11-22 01:24:06,"Viktor Dukhovni" 写道:
>> On Nov 21, 2018, at 3:11 AM, 毛 wrote:
>>
>> We are using
Hi,
Does Openssl has speed command for AESGCM ?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Tue, Nov 06, 2018 at 04:19:36PM -0600, Misaki Miyashita wrote:
> Hi,
>
> According to the vulnerabilities website[1], OpenSSL 1.1.i and earlier and
> 1.1.1 are affected by CVE-2018-0735.
> Is it safe to assume that OpenSSL 1.0.2 is not affected by the CVE?
My understanding is that the code
Hi Viktor,
It looks like FreeRDP was not setting a purpose when checking the
certificate, causing this issue. I added:
X509_STORE_CTX_set_default(csc, "ssl_server");
before the call to
if (X509_verify_cert(csc) == 1)
and this seems to make it work. I don't know if this is a "good" way to
On 22/11/2018 15:58, Pfluegl, Andreas wrote:
>
> I expect server_parse_cb() returning 0 to cause the interruption of the
> connection.
>
> Can you confirm this?
Yes. According to the docs:
"If the B considers the extension data acceptable it must return 1. If
it returns 0 or a negative
Hi,
We have a C++ client application and a C++ server application using OpenSSL
1.1.0f to encrypt the TCP/IP communication.
We enforce mutual authentication (also the server requests certificates from
the clients and verifies if they are issued by a CA it trusts).
We are able to update
On 22/11/2018 11:15, Filipe Fernandes wrote:
>> You seem to be confused, and have not explained your requirements
>> clearly. What is your *goal*?
>
> My goal is to have the Openssl to "perform the TLS Resumption (initiated by
> the
> Hello Request message from the server or
> the Client
> I thought you wanted renegotiation, not resumption, servers can't
> do "resumption", because resumption is what you do to avoid a full
> handshake on a *new* connection, and only the client can reconnect.
Ok. Agreed.
> You seem to be confused, and have not explained your requirements
>