On 23/10/2018 17:22, Selva Nair wrote:
On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
wrote:
Hi!
I'm trying to get a handle on the CAPI engine, because I need to have a
secure Keystore on Windows. Furthermore I need it to work with Qt's
QSslKey, which fortunately can be
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Tuesday, October 23, 2018 10:02
>
> On Tue, Oct 23, 2018 at 01:29:27PM +0100, Matt Caswell wrote:
>
> > > So, I think client have set TLS_FALLBACK_SCSV in cipher suite list in
> > > client
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Richard Oehlinger via openssl-users
> Sent: Tuesday, October 23, 2018 10:38
>
> I'm trying to get a handle on the CAPI engine, because I need to have a
> secure Keystore on Windows. Furthermore I need it to work with
On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
wrote:
>
> Hi!
>
> I'm trying to get a handle on the CAPI engine, because I need to have a
> secure Keystore on Windows. Furthermore I need it to work with Qt's
> QSslKey, which fortunately can be constructed by EVP_PKEY *.
>
>
Hi!
I'm trying to get a handle on the CAPI engine, because I need to have a
secure Keystore on Windows. Furthermore I need it to work with Qt's
QSslKey, which fortunately can be constructed by EVP_PKEY *.
So far so good. The key is found, but when I try to use it in a SSL
connection i get
On Tue, Oct 23, 2018 at 01:29:27PM +0100, Matt Caswell wrote:
> > So, I think client have set TLS_FALLBACK_SCSV in cipher suite list in
> > client hello.
>
> This suggests there is a bug in the client application. This can only
> happen if the client application calls SSL_CTX_set_mode() or
>
On 23/10/2018 12:32, ramakrushna mishra wrote:
> Hi Matt,
>
> Thanks for your response.
> My client is built with openssl 1.0.0e
1.0.0e is very old and out of support. It should be considered insecure.
You should upgrade this to a more recent version.
> and server with openssl 1.1.1.
> I
Hi Matt,
Thanks for your response.
My client is built with openssl 1.0.0e and server with openssl 1.1.1.
I have tried to collect information with wireshark, but I think as my
server and client are running on same machine , it is not capturing
anything. I have also tried with tshark on linux
I discovered that very same issue earlier today. Fix is in:
commit 28361a0b821d36e3b19271b0a7909d5355b0990c (HEAD -> OpenSSL_1_1_1-stable,
origin/OpenSSL_1_1_1-stable)
Author: Richard Levitte
Date: Tue Oct 23 10:15:12 2018 +0200
RAND: ensure INT32_MAX is defined
This value is
Richard, Moving Glob.pm into the main directory of the latest stable
snapshot openssl-1.1.1-stable-SNAP-20181022 allowed it to bypass the
missing Glob.pm message, but then it failed with the same set of
"error C2065: 'INT32_MAX' : undeclared identifier" messages as the
older
Next I tried an older stable snapshot
openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but
I got a different compile result:
cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090
/nologo /O2 /I "." /I "crypto\include" /I "include" -D"L_ENDIAN"
-D"OPENSSL_PIC"
Thanks Richard. I downloaded the latest stable snapshot in order to
bypass the UINT16_MAX definition bug, but this version fails to
configure:
C:\openssl-1.1.1-stable-SNAP-20181022>perl Configure VC-WIN64A
--prefix=c:/openssl no-makedepend
Can't locate OpenSSL/Glob.pm in @INC (you may need to
Silly me, I forgot we already fixed that bug:
commit 6258e244bf702dc981c8ad63ab61133b8bbf2ba3
Author: Richard Levitte
Date: Wed Sep 12 02:06:26 2018 +0200
crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
Fixes #7186
That indicates we do things in the wrong order (foo.obj depends on
foo.d, meaning foo.d gets "built" first), but that's a side issue.
You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing
to write up a Github issue for it?
In message
on Tue, 23 Oct 2018 01:22:34 -0700, Chris
Thank you Richard. Adding the "no-makedepend" avoided the fatal error
U1077, but now it fails due to an undeclared identifier:
cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I
"." /I "crypto\include" /I "include" -D"L_ENDIAN" -D"OPENSSL_PIC"
-D"OPENSSL_CPUID_OBJ"
Sorry, I meant to say I'm upgrading from 1.1.0h.
On Tue, Oct 23, 2018 at 12:20 AM Dr. Matthias St. Pierre
wrote:
>
> Oh, I should have read your mail until the end:
>
> Are you upgrading from 1.0.0h or 1.1.0h? Your post mentions both versions.
>
> > -Ursprüngliche Nachricht-
> > Von:
Oh, I should have read your mail until the end:
Are you upgrading from 1.0.0h or 1.1.0h? Your post mentions both versions.
> -Ursprüngliche Nachricht-
> Von: openssl-users Im Auftrag von Dr.
> Matthias St. Pierre
> Gesendet: Dienstag, 23. Oktober 2018 09:17
> An:
I suspect you'll find some kind of error message in
crypto\sm2\sm2_sign.d. I suspect that /showIncludes isn't supported
in VS 2008.
There is a workaround for this problem, and it's to use the
'no-makedepend' option:
perl Configure VC-WIN64A --prefix=c:/openssl no-makedepend
For a single
Hi,
a lot of structures where made opaque going from 1.0.2 to 1.1.0.
This means, you will have to make changes to your program source code
to compile it against 1.1.0 or 1.1.1.
For details, see https://www.openssl.org/docs/faq.html#PROG2
HTH,
Matthias
> -Ursprüngliche Nachricht-
>
I suppose Facebook reports 50% because their mobile apps uses their SSL
library Fizz with Tls 1.3
https://thehackernews.com/2018/08/fizz-tls-ssl-library.html
I'm curious seeing your telemetry info now. Chrome 70 was released last
week, and FireFox 63 today, with TLS 1.3 support
regards
Le mer.
I am attempting to upgrade a project using OpenSSL 1.0.0h to version
1.1.1 under Visual Studio 2008-SP1, but when I try to compile version
1.1.1 for VC-WIN64A I get the following compile error:
cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo
/O2 /I "." /I "crypto\include"
21 matches
Mail list logo
