Re: [openssl-users] OpenSSL on side

The only thing I can think of is making sure that inside the setup.py CFLAGS are set properly, including appropriate -I/opt/local/include and whatever else... Regards, Uri Sent from my iPhone > On Oct 11, 2017, at 12:03, Matěj Cepl wrote: > >> On 2017-10-11, 12:11 GMT,

[openssl-users] OCSP Response Signed using RSASSA-PSS

First, I know the caveat about ONLY use the OpenSSL OCSP Server for test purposes. With that out of the way. Is there any known plan on the horizon, when using the ocsp server, to allow the OCSP response to be signed using the RSASSA-PSS signature algorithm? Thanks for any and all

Re: [openssl-users] OpenSSL on side

On 2017-10-11, 12:11 GMT, Blumenthal, Uri - 0553 - MITLL wrote: > Unfortunately, not quite. Being pip-installable means to the > majority of users that the package in question can be > installed via, e.g., > >pip install M2Crypto I understand that, my question was whether you know how to

Re: [openssl-users] troubleshooting ssl errors

Thanks for the response Matt. The SSL 3 switch was one of many that were tried just for the sake of testing. I tried a few other switches, but am getting the same results. I did a tcpdump of the attempted connection, and you can see that the initial connection is established, but the connection

Re: [openssl-users] OpenSSL on side

Unfortunately, not quite. Being pip-installable means to the majority of users that the package in question can be installed via, e.g., pip install M2Crypto Regards, Uri Sent from my iPhone > On Oct 11, 2017, at 08:01, Matěj Cepl wrote: > >> On 2017-10-11, 11:35 GMT,

Re: [openssl-users] OpenSSL on side

On 2017-10-11, 11:35 GMT, Blumenthal, Uri - 0553 - MITLL wrote: > And it is not installable via PIP, though to me being placed > on pypi site suggested that it should be (that's how I tried > to install it). What’s needed for package to be pip installable? I would think that if python

Re: [openssl-users] RSA PSS Sigalgs for 1.1.0

On Wed, Oct 11, 2017, Wallboy wrote: > > Browsers in the last year or so have added support for the the new TLS 1.3 > RSA-PSS Signature Algorithms (0x0804, 0x0805,...). > > I see them added in 1.1.1 dev and they even work without TLS 1.3 enabled in > the build. Is there any plan to add support

Re: [openssl-users] OpenSSL on side

And it is not installable via PIP, though to me being placed on pypi site suggested that it should be (that's how I tried to install it). Regards, Uri Sent from my iPhone > On Oct 11, 2017, at 06:55, Richard Levitte wrote: > > I got curious and decided to take a look,

Re: [openssl-users] OpenSSL on side

I got curious and decided to take a look, and well, it appears setup.py has issues. I posted an issue in gitlab about it: https://gitlab.com/m2crypto/m2crypto/issues/184 In message on Wed, 11 Oct 2017 08:12:38 +0200, Matěj Cepl said:

Re: [openssl-users] troubleshooting ssl errors

On 11/10/17 03:57, Paul Greene wrote: > [root@hostname ~]# wget https://domain.name.com:8443 > --secure-protocol=SSLv3 --debug > DEBUG output created by Wget 1.14 on linux-gnu. The "--secure-protocol=SSLv3" bit looks suspect. According to the wget man page this forces only SSLv3 to be

[openssl-users] RSA PSS Sigalgs for 1.1.0

Hi, Browsers in the last year or so have added support for the the new TLS 1.3 RSA-PSS Signature Algorithms (0x0804, 0x0805,...). I see them added in 1.1.1 dev and they even work without TLS 1.3 enabled in the build. Is there any plan to add support for them to 1.1.0? Thanks, Adam -- Sent

Re: [openssl-users] Graceful shutdown of TLS connection for blocking sockets

On 08-10-17 22:55, Thomas J. Hruska wrote: > On 10/8/2017 7:28 AM, Michel wrote: >> While I understand that using non-blocking descriptors is a better >> practice, >> I still do not see why select() should NEVER be used for blocking sockets >> (except when combined/interfered with the internal

[openssl-users] OpenSSL on side [Was: Re: [ANN] M2Crypto 0.27.0]

On 2017-10-10, 21:17 GMT, Blumenthal, Uri - 0553 - MITLL wrote: > I have to report that this M2Crypto release is broken, as it > cannot find OpenSSL installed in /opt/local (apologies for > spamming multiple lists and people): Feel free to file a ticket on