Re: [openssl-dev] Creating requests and certificates with Subject Alternative Names
> I'm creating X509 certificate requests and certificates in code, > trying to add X509v3 Subject Alternative Name, with 1.1.0f. > > But if I add a list of four domains, ie: > The certificate seems to ignore some and repeat others: To answer my own question, I was using ASN1_STRING_set0 instead of ASN1_STRING_set and the original ANSI string was a temporary variable, so got lost as a new string was added since it was not copied. But there must be an easier way of adding SANs to certificates than using undocumented GENERAL_NAME APIs. Angus -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Openssl FIPS ecp 2.0.16: KDF test for TLS and SSH : Segmentation fault
Hi All, I am working on doing the KDF testing. Done with the HMAC and SHA. But when it comes to do the same for TLS and SSH, evidenced that openssl does not support it. As suggested by old threads, added the patch from Cisco: https://github.com/openssl/openssl/pull/368/files Did build. Now i see the 'fips_kdf_ssh' and 'fips_kdf_tls' executables are available in the 'test' directory. But when i try to run the below script, I see segmentation fault: ./openssl-fips-ecp-2.0.16/util/shlib_wrap.sh ./openssl-fips-ecp-2.0.16/test/fips_kdf_ssh < "./KDF135/req/ssh.req" > "./KDF135/rsp/ssh.rsp" Same is the case with TLS. Issue seen while running the test in CentOS. Any help is appreciated. Thanks, Murugesh P. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
