looks like https://linux.die.net/man/3/evp_md_ctx_init initializes a
structure that's allocated already. Yes it could be on the stack, or
static...
(instead of _new)
On Wed, Jul 27, 2022 at 1:42 AM Philip Prindeville <
philipp_s...@redfish-solutions.com> wrote:
> Hi,
>
> I suspect I already
OpenSSL is looking to hire two full-time positions: Developer, and
Manager. Details of the roles can be found here:
https://www.openssl.org/blog/blog/2021/11/24/hiring-manager-and-developer/
To apply please send your cover letter and resume to j...@openssl.org
by 9th December 2021
Regards
Hi,
What is the Number of Bytes Returned by aes-256 ctr drbg ?
Thanks,
Nagarjun
nsistency test as
> > > the
> > > KAT is impossible to do for regular DSA and ECDSA due to random
> > > nonce
> > > being input of the signature algorithm and thus the signature
> > > always
> > > changes.
> > >
> > > Tomas
>
Hi,
Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says "ECDSA
KAT :PASS. But when i debuged the code it actually doing ECDSA pairwise
consistency test.
Thanks,
Nagarjun
Hi,
ECC Partial Public key validation is already supported in openssl-1.0.2l or
Openssl-2.0.16 ?
Regards
Nagarjun
Hi,
Suppose if any one submitted for FIPS 140-2 certification in Nov 2020 ,
what is the deadline to meet sp800 56 a rev3 revision requirement to avoid
certificate going into historical list. And if we meet requirement before
deadline what is the validity of certificate. And do we need to test
Hi,
I am looking to patch FOM for sp800 56 rev3 support . Does openssl-3.0
implements this requirement? Is there any patches available?
Regards
Nag
Hi,
How to be FIPS compliance with openssl-1.1.1j version , as does not have
fips object module, is they any ways?
Regards
Nagarjun
Hi,
I am building Nginx application with openssl-3.0.0, i have added below code
in main function of nginx application to load fips provider,
OSSL_PROVIDER *fips;
OSSL_PROVIDER *base;
fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
printf("Failed to
Hi,
Any one have idea when openssl-3.0.0 stable version can be expected?
-Nagarjun
Hi,
How to verify if the application is using fips provider from openssl-3.0.0
( similar to fips_mode() api in openssl-fips-2.0.16) and does fips
provider do run time check and through error if application using non fips
ciphers.
Regards,
Nagarjun
Hi ,
What is this SP800-56A REV3 new FIPS requirement, How it affects ECDH ,
how it is different from openssl-2.0.16 ECDH implication. Which all
functions that affects.
Regards
Nagarjun
Hello,
Can any one tell , how to run POST tests in openssl-3.0.0.
Regards,
N
Within the TianoCore/EDK2 project for UEFI, the prescribed assembler is NASM.
In order build the 64-bit assembly config of OpenSSL with .nasm files, it
appears that the Windows API function RtlVirtualUnwind is required. For my
current implementation I have provided a stub function to satisfy
Rich, I just want to wish you well on your future endeavors. You've got
valuable skills as a software developer. Hopefully whatever negative
experiences you've recently encountered won't dissuade you from
contributing to open source projects in the future. There are, after
all, an infinite
On Fri, Nov 29, 2019 at 10:16 AM Viktor Dukhovni
wrote:
> On Thu, Nov 28, 2019 at 04:31:38PM -0800, J Decker wrote:
>
> > from openssl/tls1.h 1.1.1b
> >
> > # define TLSEXT_TYPE_psk_kex_modes 45
>
> This was added in 1.1.1-dev.
>
> > pre_sh
I made this issue on LibreSSL's github...
https://github.com/libressl-portable/portable/issues/537
It's about ...
TLSEXT_TYPE_psk_kex_modes:
from openssl/tls1.h 1.1.1b
# define TLSEXT_TYPE_psk_kex_modes 45
from libressl/2.9.2 tls1.h
#define TLSEXT_TYPE_psk_key_exchange_modes
Hi Matt,
Thanks for your help. I am able to proceed now.
Thanks and regards,
Nagalakshmi
-Original Message-
From: Matt Caswell
Sent: Wednesday, October 30, 2019 7:55 PM
To: Nagalakshmi V J ; openssl-users@openssl.org
Subject: Re: OpenSSL compilation errors in Windows
** This mail has
Hi Matt,
Any inputs on the below query?
Thanks and regards,
Nagalakshmi
From: Nagalakshmi V J
Sent: Tuesday, October 29, 2019 5:25 PM
To: Matt Caswell ; Nagalakshmi V J
; openssl-users@openssl.org
Subject: Re: OpenSSL compilation errors in Windows
Hi Matt,
Thank you so much for your response
enssl.org/docs/man1.1.0/man3/SSL_CTX_set_generate_session_id.html
Not sure if I can use the above link.
Thanks & Regards,
Nagalakshmi V J
From: Matt Caswell
Sent: 29 October 2019 10:47
To: Nagalakshmi V J ; openssl-users@openssl.org
Subject: Re: OpenSSL
Hi All,
Appreciate the response for the below query. Anyone faced the same issue?
Thanks & Regards,
Nagalakshmi V J
From: Nagalakshmi V J
Sent: 24 October 2019 03:29
To: Nagalakshmi V J ; Matt Caswell
; openssl-users@openssl.org
Subject: Re: Ope
Hi Matt,
Kindly provide your inputs for the below mail.
Thanks & Regards,
Nagalakshmi V J
From: Nagalakshmi V J
Sent: 22 October 2019 10:41:40
To: Matt Caswell ; openssl-users@openssl.org
Cc: Nagalakshmi V J
Subject: RE: OpenSSL compilation errors in Win
, void *p2);
} /* EVP_MD */ ;
Thanks and regards,
Nagalakshmi
From: Nagalakshmi V J
Sent: Tuesday, October 22, 2019 9:39 AM
To: Matt Caswell ; Nagalakshmi V J
; openssl-users@openssl.org
Subject: Re: OpenSSL compilation errors in Windows
Hi Matt,
Yes. Exactly we followed the same and able to resolve e
Hi Matt,
Yes. Exactly we followed the same and able to resolve errors. Thank you so much
for the support and guidance. I'll get back if any further errors.
Thanks & Regards,
Nagalakshmi V J
From: Matt Caswell
Sent: 21 October 2019 21:26:32
To: Nagalakshmi
Hi Matt,
This link is having few APIS. But for getting master_key_length, I don't find
any API. Not sure if we need to use getMasterKey API for that.
I will try to use these APIs and get back.
Thanks & Regards,
Nagalakshmi V J
From: Matt Caswell
Sent
Caswell
Sent: Thursday, October 3, 2019 6:51 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL compilation errors in Windows
** This mail has been sent from an external source **
On 03/10/2019 11:10, Nagalakshmi V J wrote:
> Hi Matthias,
>
>
>
> Please find my response for your queri
Hello,
I'm trying to create a blake2b512 digest with a key. I've made an attempt to
follow the source code and I'm assuming the algorithm's name for blake2b MAC is
blake2bmac, though I have tried different values. I don't seem to be able to
create a valid checksum:
$ openssl version; echo -n
.
[Nagalakshmi]:
In our product code, we are using the structures 'ssl_st' and 'ssl_session_st'
which were defined in ssl.h file in Openssl 1.0.2.j version.
Since the structure definitions are made opaque in openssl 1.1.1c, we used
ssl_locl.h where the structure definitions are available.
Please note
Hi Salz,
I am working on that only. I will try to not use those internal files as per
the suggestions.
Thanks and regards,
Nagalakshmi
From: Salz, Rich
Sent: Tuesday, October 1, 2019 6:30 PM
To: Nagalakshmi V J ; Sergio NNX
; Dr. Matthias St. Pierre ;
Michael Mueller
Cc: openssl-users
. Pierre
Sent: Tuesday, October 1, 2019 4:43 PM
To: Nagalakshmi V J
Cc: openssl-users@openssl.org; Umamaheswari Nagarajan
Subject: AW: OpenSSL compilation errors in Windows
** This mail has been sent from an external source **
> We are using OpenSSL APIs in our product code. We are not mak
option to get the compilation
successful.
Thanks and regards,
Nagalakshmi
From: Sergio NNX
Sent: Monday, September 30, 2019 9:06 PM
To: Dr. Matthias St. Pierre ; Nagalakshmi V J
; Michael Mueller
Cc: openssl-users@openssl.org; Umamaheswari Nagarajan
Subject: Re: OpenSSL compilation errors
Mueller
Sent: Monday, September 30, 2019 4:05 PM
To: Nagalakshmi V J
Cc: openssl-users@openssl.org; Umamaheswari Nagarajan
Subject: Re: OpenSSL compilation errors in Windows
** This mail has been sent from an external source **
We compile using Visual Studio. We don't use 'warnings as errors
To: Nagalakshmi V J ; openssl-users@openssl.org
Cc: Umamaheswari Nagarajan
Subject: AW: OpenSSL compilation errors in Windows
** This mail has been sent from an external source **
> Getting the errors like below. ssl/packet_locl.h(429) : error C2440:
> '=' : cannot convert from 'void *' to 'un
Hi,
I am using openssl 1.1.c from our product code. While compiling the code, I am
getting the errors which can be suppressed as warnings using -fpermissive flag
in Linux (gcc/g++). In windows, I am getting the same compilation errors in
visual studio (2005). Would like to know the alternative
quot;e" inside rsa? Pls
suggest me corresponding API
Thanks and Regards,
SWAMY J S
*
to
* DEPEND[libssl]=libcrypto.a*
please let me know
Thanks and Regards
Shivakumar
--
J. J. Farrell
Not speaking for Oracle
Hi All,
We are currently using OpenSSL version 1.0.2j. Since OpenSSL 1.0.2 support is
going to be stopped by end of this year, we are planning to upgrade to 1.1.1c
version.
We are using Compiler GCC 3.4.3 in Linux and vc6 in Windows. Can we go ahead
with these compiler versions while
On Sun, Jun 16, 2019 at 3:17 AM Tobias Wolf wrote:
> I`d like to understand how a memory bio can be reseted with the internal
> read counter back to zero for further reusage.
>
>
>
> e.g.
>
> I want to try to read first der and then pem
>
>
>
> d2i_X509
any other way to do it.
--
J. J. Farrell
Not speaking for Oracle
Hi,
Earlier with openssl 1.0.2n version, I was using EVP_sha256 for creating
Certificate Signing Request and "TSS_HASH_OTHER" flag in
Tspi_Context_CreateObject.
Recently I upgraded openssl to 1.1.0g version and now am getting "Signature
Verify Failure" in my CSR. I have attached the
On Thu, Jun 6, 2019 at 2:34 PM Larry Jordan via openssl-users <
openssl-users@openssl.org> wrote:
> Re: openssl-1.0.2r
>
> Re: openssl-fips-2.0.16
>
> OS: Linux Mint 19.1 (Ubuntu)
>
>
>
> I have added a shared library initializer function to cryptlib.c to force
> OpenSSL into FIPS mode, without
On 31/05/2019 16:23, Jakob Bohm via openssl-users wrote:
On 30/05/2019 02:10, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
Behalf Of J. J. Farrell
On 29/05/2019 18:39, ramakrushna mishra wrote:
In Openssl 1.1.1, the file "rc4-ia64.pl"
Hi,
I recently updated openssl from 1.0.2n to 1.1.0g in linux system.
Earlier I was using
"ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long len) " function. As this function is removed in openssl 1.1.0, now i
replaced this with
"ASN1_INTEGER
2; I'm surprised that a degradation of
performance on it matters to anyone.
--
J. J. Farrell
Not speaking for Oracle
https://stackoverflow.com/questions/52327290/linking-openssl-with-webassembly
Looks very similar...
'target_link_libraries(mainTest crypto) after that it all worked without
warnings.'
On Mon, May 20, 2019 at 1:56 AM Richard Levitte wrote:
> The issue isn't with any defined or not so defined
Thank you Matt. You have been very helpful.
On Tue, May 7, 2019 at 6:40 PM Matt Caswell wrote:
>
>
> On 07/05/2019 20:47, Mirko J. Ploch wrote:
> > Thank you for your response. You answered my question. It is not
> available on my
> > target platform architecture (a
encryption algorithm.
https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-31#appendix-B
Best Regards,
Mirko
On Tue, May 7, 2019 at 11:45 AM Matt Caswell wrote:
>
>
> On 06/05/2019 16:41, Mirko J. Ploch wrote:
> > Hello,
> >
> > I'm trying to use
at the code for EVP_aes_128_cbc_hmac_sha256, it does not look like
it. I'm hoping that there is a way to get it working.
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1b/crypto/evp/e_aes_cbc_hmac_sha256.c
Thank you,
Mirko J. Ploch
added “export OPENSSL_CONF=path_to_config” in /etc/environment file. And
ran the command “openssl engine store -t -c”.
Still am getting same error as store not found when I run my application.
Thanks and Regards,
SWAMY J S
From: Dmitry Belyavsky
Sent: Thursday, April 25, 2019 1:44 PM
To: Swamy J
application the it says Store Engine not found. There is path
issue here, am i copying the library in right path? I copied my library in
/lib/x86_64-linux-gnu still am getting same error.
Please let me know the right path where i have to copy this engine?
Thanks and Regards,
SWAMY J S
dding "_it" to CertInfo unnecessarily**.
Thanks and Regards,
SWAMY J S
Hi All,
I updated openssl from 1.0.2n to 1.1.0g recently and facing some errors in
building my application because many functions and structures are opaque now in
1.1.0g. Errors am getting are as below :
error: ‘CRYPTO_LOCK_X509_STORE’ undeclared (first use in this function); did
you mean
error as /usr/include/openssl/asn1_mac.h:10:2: error: #error
"This file is obsolete; please update your software."
Thanks and Regards,
SWAMY J S
while building openssl 1.1.1 to disable TLS 1.3 or can i
get any package from ubuntu to disable TLS 1.3 ?
Thanks and Regards,
SWAMY J S
??
Thanks and Regards,
SWAMY J S
From: Nicola
Sent: Tuesday, March 19, 2019 2:22 PM
To: Swamy J-S
Cc: openssl-users@openssl.org
Subject: Re: cURL with openSSL 1.1.1 version
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize
.
Regards,
SWAMY J S
On Sun, Mar 17, 2019 at 5:17 PM Felipe Gasper
wrote:
>
>
> On Mar 17, 2019, at 7:55 PM, J Decker wrote:
>
>
> On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper
> wrote:
>
>> Buffer, not buffet. Silly autocorrect!
>>
>> -F
>>
>>
On Sun, Mar 17, 2019 at 4:46 PM Felipe Gasper
wrote:
> Buffer, not buffet. Silly autocorrect!
>
> -F
>
> > On Mar 17, 2019, at 7:21 PM, Felipe Gasper
> wrote:
> >
> > Hello,
> >
> > Is there any equivalent to SSL_CTX_use_certificate_chain_file for a PEM
> buffet that’s already in memory?
>
On 2/26/2019 10:05 PM, Dr. Matthias St. Pierre wrote:
Hi Thomas,
Unlike previous releases, this tar-gzipped file contains a 52 byte file
called 'pax_global_header'. The contents of the file contain a single
line of text:
52 comment=50eaac9f3337667259de725451f201e784599687
my extracted
On 2/26/2019 7:54 AM, OpenSSL wrote:
The distribution file name is:
o openssl-1.1.1b.tar.gz
Size: 8213737
SHA1 checksum: e9710abf5e95c48ebf47991b10cbb48c09dae102
SHA256 checksum:
5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
Unlike previous
On Mon, Feb 18, 2019 at 2:18 PM Jakob Bohm via openssl-users <
openssl-users@openssl.org> wrote:
> On 17/02/2019 14:26, Matt Caswell wrote:
> > On 16/02/2019 05:04, Sam Roberts wrote:
> >> On Fri, Feb 15, 2019 at 3:35 PM Matt Caswell wrote:
> >>> On 15/02/2019 20:32, Viktor Dukhovni wrote:
>
On 29/12/2018 17:18, C.Wehrmeyer wrote:
On 29.12.18 17:21, J. J. Farrell wrote:> So instead of correct
portable code which derives obviously and
> straightforwardly from the specification, you'd write arrays of a
> different length from the original, the first 48 bytes of which wou
ronments, and even in the cases
where those 48 bytes end up correct they have no obvious relationship to
the specification they are implementing (your obfuscation making the
code much more difficult to review). How are these changes improvements?
I'd walk you out of an interview if y
://www.openssl.org/docs/man1.1.1
redirect to https://www.openssl.org/docs/man1.1.0?
(I think that 1.1.1 ought to be generated)
--
J. J. Farrell
Not speaking for Oracle
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Just about 20 years ago we released the first OpenSSL, but that wasn't the
original name for the project.
Read more in the blog post at
https://www.openssl.org/blog/blog/2018/12/20/20years/
Regards, Mark J Cox
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman
It was my interpretation that 0 pathlen on the root self signed meant
infinite.
The pathlen only applies on the certs between root and the leaf (which
obviously can be 0, and CA true or not, but bad form to say true I'd
imagine.)
On Mon, Oct 8, 2018 at 1:57 AM Peter Magnusson <
On 9/12/2018 7:03 AM, Viktor Dukhovni wrote:
On Sep 12, 2018, at 9:53 AM, Thomas J. Hruska
wrote:
Casting to time_t appears to correct the issue and the build completes
successfully:
const time_t default_time =
(time_t)CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx
cl /Z7 /Fdapp.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /WX
/I "include" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE"
-D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE"
-D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"OPENSSL_USE_APPLINK" -D"NDEBUG"
-D_USE_32BIT_TIME_T
On Fri, Sep 7, 2018 at 11:55 PM Juan Isoza wrote:
>
> It's a good idea using openssl under windows (with new openssl 1.1.1, we
> will be able to use TLS 1.3 under Windows, from 7/2008 to 10/2016) instead
> internal windows crypto..
>
> But, by example, curl build for windows with openssl need a
You can use a BIO_new( BIO_s_mem() ) to feed the memory through
BIO_writeand PEM_read_bio_X509
something like ...
https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L780
On Tue, Sep 4, 2018 at 8:07 AM Eli Golosovsky
wrote:
> Is there an option, in *OpenSSL 1.1.1*, to load a CA
YPTO ms\version32.rc
'rc' is not recognized as an internal or external command,
operable program or batch file.
NMAKE : fatal error V1077: 'rc' : return code '0x1'
Stop.
1 dir(s) moved.
1 dir(s) moved."
I have attached screenshot too.
Thanks and Regards,
SWAMY J S
--
o
I notice the release distribution for 1.1.0i includes a preconfigured
makefile whereas 1.1.0h and earlier do not.
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
--
openssl-users mailing list
To unsubscribe:
a root cert is the self signed cert.
On Thu, May 3, 2018 at 2:50 AM, morthalan
wrote:
> But In my case, I do not have any root certificate. I have only one signed
> certificate (SignedCertificate.pem) and one certificate signing request
> (certReq.pem) . So when I
Or using the javascript interface
https://www.npmjs.com/package/sack.vfs#interface
https://github.com/d3x0r/sack.vfs/blob/master/tests/tlsTest.js#L28
if( vfs.TLS.validate( {cert:signedCert3, chain:signedCert2+cert} ) )
console.log( "Chain is valid." );
On Thu, May 3, 2018 at 1
https://github.com/d3x0r/sack.vfs/blob/master/src/tls_interface.cc#L1538
this routine does cert validation but I don't thkn that's what you want
this verified on a connection
https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L274
which boils down to
; In other words, you can only know if the client's applied policy
> > allows the connection to continue. You cannot know if the policy that
> > was applied was specifically related to the certificate chain
> > presented.
> >
> > -Kyle H
> >
> > On Mon, Feb 12,
Is there a way for a server to know if the client verified the cert chain
successfully or not?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Sun, Jan 28, 2018 at 7:05 PM, pratyush parimal <
pratyush.pari...@gmail.com> wrote:
> Hi all,
>
> I'm trying to write an application in which I create an instance of
> SSL_CTX* using SSL_CTX_new(), and set the following things in it:
>
> (1) An EVP_PKEY* :
> 1a> created with
At our face to face we took a look at the security policy and noticed
that it contained a lot of background details of why we decided on the
policy that we did (in light mostly of the issues back in 2014) as
well as a bit of repeated and redundant information. We've taken some
time to simplify
I'm not 100% sure what you're doing
I'd imagine that if SSL was managing the fd's you wouldn't have this issue.
You hvae to call accept() to get a new FD... and you'll only get that once,
so when you accept() you should attach the bio and call ssl_accept(), no?
On Fri, Jan 12, 2018 at 5:52 PM,
The certs are built into a stack... they are pushed... so element 0 is the
last thing in the list.
The chain starts with 0, and then can search the rest.
On Tue, Jan 9, 2018 at 2:55 PM, Norm Green
wrote:
> On 1/9/2018 6:03 AM, Benjamin Kaduk wrote:
>
>> Did you
( result < amount_to_send ) { /* sent less than full packet */ } so I
ended up backing up the send offset by 1 byte instead of 0 bytes... this
was then injecting 1 extra byte into the TCP layer.
On Mon, Dec 25, 2017 at 1:38 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:
> On 23/12/2
On Fri, Dec 22, 2017 at 8:40 PM, Viktor Dukhovni <openssl-us...@dukhovni.org
> wrote:
>
>
> > On Dec 22, 2017, at 11:33 PM, J Decker <d3c...@gmail.com> wrote:
> >
> > Very similar to OpenSSL 1.0.2, plus its own extensions. That's not
> exactly
> >
On Fri, Dec 22, 2017 at 7:23 PM, Viktor Dukhovni <openssl-us...@dukhovni.org
> wrote:
>
>
> > On Dec 22, 2017, at 10:21 PM, J Decker <d3c...@gmail.com> wrote:
> >
> > I would also suggest check out LibreSSL which uses the same API as
> OpenSSL
>
>
On Fri, Dec 22, 2017 at 4:44 AM, Jan Graczyk wrote:
> Hello OpenSSL-Users,
>
>
>
> I am actually evaluating OpenSSL stack software to be possibly used in my
> company next generation products. We would like to have a secure connection
> between our device TCP/IP stack and web
How can I know what/why openssl is sending control data?
I have this Node addon that uses TLS 1.2 to communicate. I'm sending a
large file transfer (100M), which is chunked into 8100 byte blocks and sent
on websocket protocol. It's additionally chunked into 4327 byte blocks
(which after encoding
I'm pretty sure you need the root also, not just the intermedia ca...
I use a custom generated chain... I encode the root cert in the
application, and then pass it when inintializing the client socket.
This bit of code takes the root cert and adds it to the SSL_CTX the client
socket is created
I've been developing this NodeJS plugin, it implements HTTPS server
and now client.
I was having an issue with HTTPS request getting ECONNRESET for no apparent
reason; so I implemented my own request, and ran into the same sort of
issue. What I was requesting was some .js files from the server,
I still only see 1.0.2l and 1.1.0f at:
https://www.openssl.org/source/
Tried multiple browsers, flushed caches, etc. The problem does not
appear to be on my end of things.
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
--
On 10/9/2017 7:49 AM, Jakob Bohm wrote:
On 09/10/2017 16:43, Thomas J. Hruska wrote:
On 10/9/2017 7:29 AM, Jakob Bohm wrote:
I suggest you find a good authoritative source for your claim
that select() should not be used with blocking sockets.
http://man7.org/linux/man-pages/man2/select.2
On 10/9/2017 7:29 AM, Jakob Bohm wrote:
I suggest you find a good authoritative source for your claim
that select() should not be used with blocking sockets.
http://man7.org/linux/man-pages/man2/select.2.html
Section BUGS:
"Under Linux, select() may report a socket file descriptor as "ready
On 10/9/2017 1:32 AM, Michel wrote:
With blocking sockets, you just loop back around and repeat the same call
if either of those messages are returned by SSL_get_error(). No select()
required.
Yes, you have to repeat the same call, but select() is still usefull,
especially with blocking
On 10/8/2017 5:58 PM, Kyle Hamilton wrote:
Do you have a reference to what should be done instead?
My understanding of what happens with blocking sockets is that
SSL_read() will return SSL_ERROR_WANT_READ if it needs additional data
read from a socket that doesn't have it available (and will
On 10/8/2017 7:28 AM, Michel wrote:
While I understand that using non-blocking descriptors is a better practice,
I still do not see why select() should NEVER be used for blocking sockets
(except when combined/interfered with the internal OpenSSL state machine or
equivalent mechanism).
Could you
On 10/8/2017 4:17 AM, Kyle Hamilton wrote:
The way to handle this situation is simply to never enter SSL_read() if
there isn't anything to read on the socket. select() or pselect() are your
friends, here, because they'll tell you if there's data to read from the
underlying file descriptor.
I
g
from version 1.2 and all the cipher suites". Perhaps he's found his
first bug, since the client isn't offering all the TLS 1.2 cipher suites ...
--
J. J. Farrell
Not speaking for Oracle
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 7/25/2017 4:15 AM, Seniha S. ÖZTEMİZ TULGAR wrote:
Hello,
I installed the new version of freeradius and trying to configure it. My
windows10 clients gets authenticated but windows7 clients gets the
following errors. It seems that it is about openssl. Can you help me
regarding this problem.
ll pointer was not all-bits-zero, but it's decades since I
heard of such a machine at large in the real world.
--
J. J. Farrell
Not speaking for Oracle
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 12/14/2016 3:28 AM, Dr. Stephen Henson wrote:
On Wed, Dec 14, 2016, Salz, Rich wrote:
Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?
Look at the apps/pkcs7.c file as a starting point. Get the command line doing
what you want, and then work through the
1 - 100 of 553 matches
Mail list logo