In 3.0 I see this new function in evp.h :
int EVP_PKEY_can_sign(const EVP_PKEY *pkey);
Is there an equivalent way to check if a key can verify? I'm not seeing
an obvious way to do that. Previously I used
EVP_PKEY_meth_get_verifyctx() but that call is now deprecated in 3.0.
thanks,
Norm
Hello,
TLDR: How can we pause the SSL_connect() progress and return to its
caller after the origin certificate is fetched/decrypted, but before
OpenSSL starts validating it (so that we can fetch the missing
intermediate certificates without threads or blocking I/O)?
ASYNC_pause_job() does not
Hello,
there is no way to do that. The CentOS OpenSSL build does not allow using the
upstream Fips object module.
In theory you could replace the CentOS openssl library with upstream 1.0.2
library built in way that it allows using the fipscanister.o however it would
require non-trivial patching
Hi everyone.
We are running CentOS 7.8 and the OpenSSL that comes with it, 'OpenSSL
1.0.2k-fips'. We have built the latest FOM 2.0 and now we want to incorporate
the output of the FOM build into our CentOS 7.8 system. So we have two
questions.
1. How do we install the output of the FOM
On 17/08/2020 18:55, John Baldwin wrote:
> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change
>references SSL_CTX_set_security_level and openssl(1) claims that
>'-auth_level' changes this? Is the CHANGES.md entry wrong and only
>SECLEVEL=0 for the ciphers work by
On 18/08/2020 05:10, Jakob Bohm via openssl-users wrote:
> The key thing to do is to make those client applications not request the
> ssl23-method from OpenSSL 0.9.x .
> ssl23 explicitly requests this backward-compatibility feature while
> OpenSSL 3.x.x apparently deleted the
> ability to
Hi guy,
Can somebody give me a hint for the following topic please?
I want to cross compile the latest openssl v1.1 on linux (centos 7) as target
macos 32/64 bit.
Thanks in advance
Tobi
On 17/08/2020 23:55, Roderick Klein wrote:
> New to this list. I am looking at compiling OpenSSL 1.1.1. on OS/2 with
> GCC. Would OpenSSL be willing to accept patches to re-enable OS/2 in the
> OpenSSL ?
Such patches are unlikely to be accepted into 1.1.1 since that is a
stable release.
3.0