Re: [openssl-users] SSL_sendfile

2019-01-10 Thread vishwas k.n.
Thanks for the quick and detailed response Matt. Much appreciated. -vishwas. On Thu, Jan 10, 2019 at 8:21 PM Matt Caswell wrote: > > > On 10/01/2019 11:49, vishwas k.n. wrote: > > Hello All, > > > > I had a question regarding supporting sendfile with OpenSSL. Is there a > branch > > which suppor

[openssl-users] Close TCP socket after SSL_clear()?

2019-01-10 Thread Charles Mills
On Windows, for a new session, I am issuing a Windows accept() followed by SSL_new(), SSL_set_fd() and so forth. When the session sees some sort of an abnormal receive condition, I am doing int retCode = SSL_get_shutdown(sessionSSL); if ( retCode & SSL_RECEIVED_SHUTDOWN )

Re: [openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

2019-01-10 Thread Jakob Bohm via openssl-users
On 10/01/2019 19:55, Corey Minyard wrote: On 1/10/19 11:00 AM, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jordan Brown Sent: Thursday, January 10, 2019 11:15 On 1/9/2019 6:54 PM, Corey Minyard wrote: 2. Set the userid in the certificate an

Re: [openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

2019-01-10 Thread Corey Minyard
On 1/10/19 11:17 AM, Viktor Dukhovni wrote: On Wed, Jan 09, 2019 at 08:54:30PM -0600, Corey Minyard wrote: What I would like to do is pull out some information from the certificate that is being verified, set/modify the verify store based upon that information (basically chose the CA based upo

Re: [openssl-users] Send SNI by default

2019-01-10 Thread Georg Höllrigl
That is the default starting from openssl 1.1.1. Kind RegardsGeorg  Ursprüngliche Nachricht Von: Tony Xie Datum: 10.01.19 19:46 (GMT+01:00) An: openssl-users@openssl.org Betreff: [openssl-users] Send SNI by default Is there a configuration inside of openssl to send SNI by def

Re: [openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

2019-01-10 Thread Corey Minyard
On 1/10/19 11:00 AM, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jordan Brown Sent: Thursday, January 10, 2019 11:15 On 1/9/2019 6:54 PM, Corey Minyard wrote: 2. Set the userid in the certificate and use client authentication to authentic

[openssl-users] Send SNI by default

2019-01-10 Thread Tony Xie
Is there a configuration inside of openssl to send SNI by default. The equivalent to executing: openssl s_client -connect host:port -servername name with the `-servername` option being omitted and implied to be the host by default. -- openssl-users mailing list To unsubscribe: https://mta.openss

Re: [openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

2019-01-10 Thread Jakob Bohm via openssl-users
On 10/01/2019 18:00, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jordan Brown Sent: Thursday, January 10, 2019 11:15 On 1/9/2019 6:54 PM, Corey Minyard wrote: 2. Set the userid in the certificate and use client authentication to authentic

Re: [openssl-users] Openssl asynchronous operation in real network

2019-01-10 Thread Ananthu Unnikrishnan
Hi Matt, Thanks a lot for the reply. After calling ASYNC_pause_job() from the engine, control will transfer to the place where we start the ASYNC_start_job right? So how can we write the code to put a trigger on fd in the same thread? If I am wrong please correct me. Also if u can

Re: [openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

2019-01-10 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Jordan Brown > Sent: Thursday, January 10, 2019 11:15 > On 1/9/2019 6:54 PM, Corey Minyard wrote: >> 2. Set the userid in the certificate and use client authentication to >> authenticate the user logging in. Set th

Re: [openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

2019-01-10 Thread Viktor Dukhovni
On Wed, Jan 09, 2019 at 08:54:30PM -0600, Corey Minyard wrote: > What I would like to do is pull out some information from the > certificate that is being verified, set/modify the verify store based > upon that information (basically chose the CA based upon something in > the certificate.  Wha

Re: [openssl-users] Openssl asynchronous operation in real network

2019-01-10 Thread Matt Caswell
On 10/01/2019 09:39, Ananthu Unnikrishnan wrote: > Hi all, > >         We are not able to access the waitctx address from the job address > using > ASYNC_get_wait_ctx(job) from a thread which starts in the bind section of the > dynamic engine. The job address is the same as that we got > using 

Re: [openssl-users] SSL_CTX_set_cert_verify_callback and certificate access

2019-01-10 Thread Jordan Brown
On 1/9/2019 6:54 PM, Corey Minyard wrote: > 2. Set the userid in the certificate and use client authentication to >    authenticate the user logging in.  Set the username in the CN field >    of the certificate so it can't be changed, extract that and set the >    CA before verification.  This is w

Re: [openssl-users] SSL_sendfile

2019-01-10 Thread Matt Caswell
On 10/01/2019 11:49, vishwas k.n. wrote: > Hello All, > > I had a question regarding supporting sendfile with OpenSSL. Is there a branch > which supports SSL version of the sendfile() ?. No, this doesn't exist. > I wasnt able to locate it in master branch. > If yes, could you please point me

[openssl-users] SSL_sendfile

2019-01-10 Thread vishwas k.n.
Hello All, I had a question regarding supporting sendfile with OpenSSL. Is there a branch which supports SSL version of the sendfile() ?. I wasnt able to locate it in master branch. If yes, could you please point me to it ?. If no, could you please let me know the reason behind not having it in Op

Re: [openssl-users] Openssl asynchronous operation in real network

2019-01-10 Thread Ananthu Unnikrishnan
Hi all, We are not able to access the waitctx address from the job address using ASYNC_get_wait_ctx(job) from a thread which starts in the bind section of the dynamic engine. The job address is the same as that we got using ASYNC_get_current_job. Can anyone help on this? On Tue, Jan 8,