Problem building Linux shared library with static FIPS capable OpenSSL

2019-11-18 Thread Pankaj Sarode
Hi, I am using following openssl versions openssl-1.0.2r.tar.gz openssl-fips-2.0.5.tar.gz Following are my files, *foo.c* : [root@data-domain-dev-vm poc]# cat foo.c #include #include #include int foo_func() { int rc, mode; mode = FIPS_mode(); if(mode == 0) { rc =

Re: ssl3_get_record:decryption failed on some machines

2019-11-18 Thread Fernando Gutierrez Mendez
The writer is my own code but I can also reproduce the problem when server is nginx and client is my app. In my code I do not use OpenSSL socket BIOs instead I do read/writes through a BIO pair: pairBase = BIO_new(BIO_s_bio()); pairInt = BIO_new(BIO_s_bio()); [...]

Re: ssl3_get_record:decryption failed on some machines

2019-11-18 Thread Viktor Dukhovni
> On Nov 18, 2019, at 1:44 PM, Fernando Gutierrez Mendez > wrote: > > I use non-blocking IO with a SSL BIO so a call to BIO_read eventually returns > -1, when this happens I call BIO_should_retry to test if this is due an error > or because of the underlying non-blocking transport. Is the

ssl3_get_record:decryption failed on some machines

2019-11-18 Thread Fernando Gutierrez Mendez
Hi, I wrote an application that uses OpenSSL (1.1.1) and for the past couple of weeks I have been unable to solve a very strange issue. I use non-blocking IO with a SSL BIO so a call to BIO_read eventually returns -1, when this happens I call BIO_should_retry to test if this is due an error

Re: Is ED25519 on DTLS supported?

2019-11-18 Thread Matt Caswell
On 18/11/2019 16:42, Matt Caswell wrote: > > > On 17/11/2019 01:43, Rafael Ferrer wrote: >> It's DTLS-OK according to IANA. >> https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 >> >> >> I tested ED25519 certificates on TLS 1.2 and it worked fine. >> >>

Re: Is ED25519 on DTLS supported?

2019-11-18 Thread Matt Caswell
On 17/11/2019 01:43, Rafael Ferrer wrote: > It's DTLS-OK according to IANA. > https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 > > > I tested ED25519 certificates on TLS 1.2 and it worked fine. > > openssl s_server -port 4321 -cert server-cert.pem -key

RE: Static linking libssl.a and libcrypto.a on Linux x64 fails

2019-11-18 Thread Floodeenjr, Thomas
If you want to link statically, when dynamic libraries are also available, you need to tell the linker that you want to use static libraries, otherwise it will always assume dynamic LINK_LIBS = -Wl,-Bstatic -lstaticlibs -lcrypto -lssl -lz -Wl,-Bdynamic -ldynamiclibs -Original Message-

RE: Can a linux service work as both TLS client and server?

2019-11-18 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Kristen Webb > Sent: Saturday, November 16, 2019 10:22 > It sounds like peeking at the port may be the simplest way to determine how > it is > being connected to. Using different ports for different types of

RE: Static linking libssl.a and libcrypto.a on Linux x64 fails

2019-11-18 Thread Michael Wojcik
> From: Aijaz Baig [mailto:aijazba...@gmail.com] > Sent: Wednesday, November 13, 2019 19:58 > However my current concern here is meeting libSSL and libCrypto's > dependencies on > host libraries on Linux platform. For instance, when I talked about 'linking' > errors > with respect to symbols