How to load a custom OpenSSL engine automatically?

Hello, I have a custom OpenSSL engine for experiment purposes. I'm trying to load my engine automatically. I intend to use my custom engine instead of the default OpenSSL engine. I have installed *OpenSSL 1.1.1c *from the source code with, *./config --prefix=/opt/openssl -DOPENSSL_LOAD_CONF

Re: OpenSSL chain build error diagnostics - Re: Why does OpenSSL report google's certificate is "self-signed"?

Hi David, Viktor and all other people, Thanks very much for all your detailed explanation and time! Best Regards Nan Xiao On Sun, Apr 4, 2021 at 3:21 AM David von Oheimb wrote: > > Hi Nan, Viktor, et al., > > From: openssl-users On Behalf Of > Viktor Dukhovni Sent: Wednesday, 31 March, 2021

stunnel 5.59 released

Dear Users, I have released version 5.59 of stunnel. ### Version 5.59, 2021.04.05, urgency: HIGH * Security bugfixes   - OpenSSL DLLs updated to version 1.1.1k. * New features   - Client-side "protocol = ldap" support (thx to Bart     Dopheide and Seth Grover). * Bugfixes   - The test suite

Re: EVP_MAC_init() in 3.0 alpha 13

Does EVP_MAC_CTX_dup() after the MAC context has been initialised do what you want? Pauli On 5/4/21 10:51 pm, Hal Murray wrote: It used to take just a ctx. Now it also wants a key+length and a params. I have some simple/hack code to time 2 cases. The first gives it the key each time. The

Re: Porting to version 1.1.1 with old Linux kernel 3.0.8

Thank you for response. Could you suggest best approach for porting application from 1.0.2 to 1.1.1? So far I've found good manual which describes required modifications: https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide The question is whether it

Re: Porting to version 1.1.1 with old Linux kernel 3.0.8

> On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via openssl-users > wrote: > > Is there minimal requirements for Linux kernel for usage of openssl library > version 1.1.1? > > I have old application based on Linux kernel 3.0.8 which uses openssl version > 1.0.2. My question is whether it is

Self Singed certificate creating "Unknown CA issue"

Hi Openssl Users, I'm using different versions of openssl from 2014 to 2020 to create a self signed certificate. reference link for cert generation : https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309 I could see "unknown CA " from client side while exchanging key between server

How to get pub key from EC_KEY to vertify digest with ECDSA_do_verify function?

Hi, I have a question regarding OpenSSL library. The question is explained here . Thanks

Porting to version 1.1.1 with old Linux kernel 3.0.8

Hello, Is there minimal requirements for Linux kernel for usage of openssl library version 1.1.1? I have old application based on Linux kernel 3.0.8 which uses openssl version 1.0.2. My question is whether it is possible to port this application to use openssl version 1.1.1 in Linux 3.0.8

EVP_MAC_init() in 3.0 alpha 13

It used to take just a ctx. Now it also wants a key+length and a params. I have some simple/hack code to time 2 cases. The first gives it the key each time. The second preloads the key. That would require an evp per key, but I might we willing to make that space/time tradeoff. The each

RE: openssl-users Digest, Vol 77, Issue 6

> It isn't possible to do what you are wanting. RAND_METHOD replaces the RNG > everywhere. It cannot be done on a per thread process. Well, technically it *is* possible. However, I'm still in doubt whether it is really necessary and should be done. The following example assumes you are