Re: [openssl-users] How to respond to TLS heartbeat in openssl

Hi Jeff, I checked in the git repo (tags/OpenSSL_1_0_2g), opnesslconf.h does not have OPENSSL_NO_HEARTBEATS the above definition in 1.0.2g. So I think its enabled. Regards, Keshava. On Fri, Dec 22, 2017 at 12:20 PM, Jeffrey Walton wrote: > On Fri, Dec 22, 2017 at 1:32 AM,

Re: [openssl-users] How to respond to TLS heartbeat in openssl

On Fri, Dec 22, 2017 at 1:32 AM, Keshava Krishna Bhat K wrote: > Ok, I got to know that > openssl version -a gives out the flags used while building openssl. > so the output of this was > > OpenSSL 1.0.2g 1 Mar 2016 > built on: reproducible build, date unspecified >

Re: [openssl-users] How to respond to TLS heartbeat in openssl

Ok, I got to know that openssl version -a gives out the flags used while building openssl. so the output of this was OpenSSL 1.0.2g 1 Mar 2016 built on: reproducible build, date unspecified platform: debian-amd64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: cc

Re: [openssl-users] [EXTERNAL] Certificate gets verified OK over SSL-CLI, but not when using SSL-API

I'm a fellow SSL-USER and not an expert, but my verification flow goes as follows: X509_STORE_CTX_new() X509_STORE_CTX_init(ctx,NULL,cert,NULL) <-- The certificate to verify X509_STORE_CTX_trusted_stack(ctx,CACertificateStack) <-- Perhaps this is the difference? X509_verify_cert(ctx) On Thu,

[openssl-users] Fwd: Padding for RSA signatures

Hi all, I am playing around with RSA signatures with different padding options and I have some questions. I am trying to define different padding options and so am defining and using a EVP_PKEY_CTX . However I am not sure if this padding is getting used in the signature since my Verify outputs

[openssl-users] Follow up

Hi all, Marry Christmas! Please take a look at my previous question, appreciate every bit of help I'm stuck. FYI the guy named ananthaneni saiteja chowdary and myself are same. This email had a problem subscribing to the mailing list earlier hence the other name. Thanks Saiteja. --

Re: [openssl-users] Testing ports through firewall

Hi, You can test ports with OpenSSL. But you gotta need a certificate for your s_server. You can generate a self signed certificate with openssl. Try this https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl And place that file in the dir were you are

Re: [openssl-users] Testing ports through firewall

On 21/12/2017 14:36, warron.french wrote: Hello Community, and Merry Christmas/Happy Seasons Greetings,    anyway, I need some help with understanding an openssl feature - *s_server*. I executed the following command: openssl s_server -accept 21937 -www & And immediately got the following

[openssl-users] Testing ports through firewall

Hello Community, and Merry Christmas/Happy Seasons Greetings, anyway, I need some help with understanding an openssl feature - *s_server*. I executed the following command: openssl s_server -accept 21937 -www & And immediately got the following output: [1] 3286 [sysadm@wfrench-rhel6c-cit ~]$

Re: [openssl-users] Certificate gets verified OK over SSL-CLI, but not when using SSL-API

Dear all, I forgot to mention that I'm using OpenSSL 1.0.2k. Regards Manuel -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Certificate gets verified OK over SSL-CLI, but not when using SSL-API

Dear all, I'm struggling with programatically verifying a certificate which is solely stored in memory, i. e. not on the file system. The certificate and the CA seem to be fine though, because when I extract them from memory and store them as a file, and use the `openssl verify`, verification