[openssl-users] troubleshooting ssl errors

2017-10-10 Thread Paul Greene
Hello All, I'm trying to establish a connection between two servers for the purpose of data sharing. On my end, these are the version numbers of everything I'm using RHEL 7.4 wget 1.14 openssl 1.0.2k-fips Not sure what's on the other end, other than it is a Linux server When I run the connectiv

Re: [openssl-users] [ANN] M2Crypto 0.27.0

2017-10-10 Thread Blumenthal, Uri - 0553 - MITLL
I have to report that this M2Crypto release is broken, as it cannot find OpenSSL installed in /opt/local (apologies for spamming multiple lists and people): /usr/bin/clang -fno-strict-aliasing -fno-common -dynamic -pipe -Os -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/opt/local/Library

[openssl-users] Enable FIPS mode using OPENSSL_config()

2017-10-10 Thread security veteran
Hi All: My understand is by using OPENSSL_config(), we will be able to enable the FIPS mode globally on the system, is that correct? My question is, if we enable FIPS mode through configuration and using OPENSSL_config(), does it means for all the applications which link to OpenSSL library, the F

[openssl-users] openssl.cnf asking Subject Alternative Names certificates.

2017-10-10 Thread Jorge Novo
Hi everyone, As most of us know, the Google Chrome Navigator ask about Subject Alternative Name instead the Common Name. I want to distribute a little *openssl.cnf* file for creation the CSR files with my specific values and establish the Subject Alternative Name = Common Name. I want yo ask ab

Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-10 Thread murugesh pitchaiah
Hi, That Redhat/Fedora patch is based on openssl library alone. But I am using the fips canister approach where i use both openssl and openssl-fips-ecp libraries. Though the redhat/fedora patch is OK, it is not straight forward portable to the canister model. Any idea of patches available for th

Re: [openssl-users] Openssl FIPS 186-4 Patch

2017-10-10 Thread Marcus Meissner
Hi, On Mon, Oct 09, 2017 at 05:24:17PM +0530, murugesh pitchaiah wrote: > Hi, > > Thanks for the comment. > > I know that openSSL is not 186-4 compliant. That is why I am looking > for anybody have the patch for the same. > > I see there are some works in Fedora: > http://pkgs.fedoraproject.org