[openssl-users] SSL Handshake with TPM using TPM Engine

2017-12-04 Thread Devang Kubavat
Hi All, *SSL handshake with TPM using TPM Engine: *I am generating the RSA keys in TPM and private key will never come out from TPM I want to do SSL handshake with this scenario. Can you please point out me in SSL handshake which functions are using the RSA private key? So that, I can register

[openssl-users] Forthcoming OpenSSL release

2017-12-04 Thread Matt Caswell
Forthcoming OpenSSL release === The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2n. There will be no OpenSSL 1.1.0 release at this time. This release will be made available on 7th December 2017 between approximately 1300-1700

Re: [openssl-users] FIPS certification for openssl

2017-12-04 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Salz, Rich via openssl-users > Sent: Saturday, December 02, 2017 11:42 > > >My personal priority list for OpenSSL is bug fixes and code cleanup > > (static > > and dynamic analysis of the 1.1.x codebase would be

Re: [openssl-users] SSL alert number 48

2017-12-04 Thread wizard2010
On Mon, Dec 4, 2017 at 10:27 AM, Kyle Hamilton wrote: > SSL alert number 48 is specified in the documents that define SSL/TLS. > It is the code for "unknown_ca", which means that verification failed > because it didn't get set up with the correct CA to verify against. > You

Re: [openssl-users] SSL alert number 48

2017-12-04 Thread Kyle Hamilton
SSL alert number 48 is specified in the documents that define SSL/TLS. It is the code for "unknown_ca", which means that verification failed because it didn't get set up with the correct CA to verify against. You might wish to look up SSL_CTX_load_verify_locations(3). There may also be other API

Re: [openssl-users] ASN1 & Recursive Structures definition

2017-12-04 Thread Richard Levitte
Ah, sorry then, I may have been wrong. The forward declaration that's actually needed seems to be this (one for each applicable type): DECLARE_ASN1_ITEM(TEST) (I'm digging through the ASN.1 stuff myself, slowly learning) Cheers, Richard In message

Re: [openssl-users] SSL alert number 48

2017-12-04 Thread wizard2010
Hi , Please see in attach the files that I'm using. I generate the certificates with the following commands: 1. ## Create CA 2. openssl genrsa -out ca.key 4096 3. openssl req -new -x509 -days 365 -key ca.key -out ca.crt 4. openssl x509 -in ca.crt -out ca.pem -outform PEM 5.