s you need and open an issue on github? Yes, this
would be a bug-fix because "going opaque" made some things not possible.
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 10/01/2019 19:55, Corey Minyard wrote:
On 1/10/19 11:00 AM, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
Behalf Of Jordan Brown
Sent: Thursday, January 10, 2019 11:15
On 1/9/2019 6:54 PM, Corey Minyard wrote:
2. Set the userid in the certificate
On 10/01/2019 18:00, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jordan Brown
Sent: Thursday, January 10, 2019 11:15
On 1/9/2019 6:54 PM, Corey Minyard wrote:
2. Set the userid in the certificate and use client authentication to
I would expect that smartphone clients might want to prioritize CHACHA over
AES, but I don't think Node cares about that environment.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 07/01/2019 22:26, Jordan Brown wrote:
[ Off topic for OpenSSL... ]
On 1/7/2019 8:06 AM, Jakob Bohm via openssl-users wrote:
A chroot with no other reason to open /dev/null should not contain that
file name, even on unix-like platforms (least privilege chroot design).
There's alw
On 07/01/2019 22:31, Steffen Nurpmeso wrote:
> Good evening.
>
> Jakob Bohm via openssl-users wrote in <95bceb59-b299-015a-f9c2-e2487a699\
> 8...@wisemo.com>:
> |Small corrections below:
> | ...
Note that I do not represent the project at all, I am just another user
Small corrections below:
On 07/01/2019 19:31, Steffen Nurpmeso wrote:
...
|> That is really bad. Of course you had to do it like this, and you
|> surely have looked around to see what servers and other software
|> which use OpenSSL do with
>
> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users
> wrote:
>
> I perused the list archives for all of 2018 and did not see anything current
> relating to this problem, so if this is a question that has been asked &
> answered, please feel free to
On 04/01/2019 22:04, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jordan Brown
Sent: Friday, January 04, 2019 13:16
If you want to, what you want is something like:
int fd;
do {
fd = open("/dev/null&quo
familiar with Windows & compiling Open Source projects, but I am
having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio
2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and
OpenSSL 1.0.2q (NO FIPS) without issue.
When I try to compile OpenSSL with the
16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Jakob - you’re a star! Thanks so much, your suggestion works. So I added
https://mta.openssl.org/mailman/listinfo/openssl-users
.
Cheers
Neil Craig
Lead Technical Architect | Online Technology Group
Broadcast Centre, London W12 7TQ | BC4 A3
Twitter: https://twitter.com/tdp_org
On 03/01/2019, 11:02, "openssl-users on behalf of Matt Caswell"
wrote:
On 03/01/2019 10:31, Neil Craig wrote:
Hi all
Does anyon
Two of the more common causes of cron failure are
- Environment variable missing or has different value (PATH etc)
- File permissions are different if running under root vs normal
interactive user.
Hope that helps.
--
openssl-users mailing list
To unsubscribe: https
On 02/01/2019 11:18, Dennis Clarke wrote:
On 1/2/19 5:14 AM, Jakob Bohm via openssl-users wrote:
On 02/01/2019 10:41, Matt Caswell wrote:
On 27/12/2018 08:37, Dmitry Belyavsky wrote:
Hello,
Am I right supposing that local variables tmp1, tmp2, iv1, and iv2
are unused in
this function
piled code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-use
Meh...
It still inserts NUL bytes at the end of each array, changing
sizeof(array) as well as cache access patterns (and thus side
channel effects).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> I didn't bother looking up what freeing entails - it's obvious to
> anyone at this point that OpenSSL is a severe victim of feature creep,
> that its memory allocation scheme is a mess, and long story short: I
> will NOT free a perfectly fine object just
* But I only get early data for get method.
* When using post method, the server terminate connection. Is it related
with openssl? If so, how can I do to allow post method?
Early data can be replayed. It is only safe to use early data when the request
is idempotent, like GET. You
On 29/12/2018 14:19, C.Wehrmeyer wrote:
I don't have access to the actual testing environments until Wednesday
next year, so I've had to create a private account.
> Which version of OpenSSL is this? (I don't remember if you said this
> already).
I'm not entirely sure
tion now.
PKCS#7 also known as CMS or (in OpenSSL) SMIME, doesn't just pad. It
generates a random key and encrypts it with the recipients key (usually
a public key from a certificate, but there may be a symmetric variant).
Thus to do PKCS#7 with OpenSSL, you need to use the "op
On 29/12/2018 07:42, carabiankyi wrote:
Thanks for your advice.
I get early data when I configure nginx ssl_early_data on.
But I only get early data for get method.
When using post method, the server terminate connection. Is it related
with openssl? If so, how can I do to allow post method
Great idea; https://github.com/openssl/web/issues/101
On 12/28/18, 12:39 AM, "Jakob Bohm via openssl-users"
wrote:
Consider at least including the one-line manpage summaries on the index
pages (the ones displayed by the apropos command on POSIX systems).
--
openssl-use
WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ruby on rails
[
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
* Please let me know if we have any update on this.
This is a volunteer effort. :)
My *GUESS* is that the CRL data isn’t sorted, and it’s doing a linear search.
You should profile the code to find out where, exactly, all the time is being
spent.
--
openssl-users mailing list
To
* Please find the above previous mail.
I am not sure what this means. I guess you are referring to earlier email in
the thread. I gave you my suggestion, good luck.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
e to STDERR if the
command line makes no sense (no output file, wrong argument
count, auto with unrecognized file extension). Ideally this
would be in the common perl module(s), not in individual
assembler files.
Remember that keeping every patch easily audited by the wider
community is essential to
s
> the same.
>
> Please let us know if this is an expected behavior or something should be
> done to improve the above observation.
>
> With Regards,
> Prateep
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
etend to be either side.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If all you need is RSA then you will probably find it easier to write a
makefile of your own. You will have to do multiple builds to get all the
missing pieces, such as the BN facility, the memory allocation, the error
stack, etc.
--
openssl-users mailing list
To unsubscribe: https
| Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
From: Alibek Jorajev via openssl-users [mailto:openssl-users@openssl.org]
Sent: Tuesday, 18 December 2018 8:10 PM
To: openssl-users@openssl.org
Subject: [openssl-users] FIPS module v3
Hi everyone,
I have been following Ope
> >. New certificates should only use the subjectAltName extension.
>Are any CAs actually doing that? I thought they all still included
> subject.CN.
Yes, I think commercial CA's still do it. But that doesn't make my statement
wrong :)
--
openssl
Putting the DNS name in the CN part of the subjectDN has been deprecated for a
very long time (more than 10 years), although it is still supported by many
existing browsers. New certificates should only use the subjectAltName
extension.
--
openssl-users mailing list
To unsubscribe: https
Hi everyone,
I have been following OpenSSL blog and know that work on new OpenSSL FIPS
module has started. Current FIPS module (v.2) has end of life (December 2019)
and I assume that new FIPS module will be by that time. but can someone tell
me - is there are approximate dates - will it be
MIME/CMS
(specifically
the PKCS#7 formats) allow almost unlimited file size, and any 2GiB limit is
probably an artifact of either the openssl command line tool or some of the
underlying OpenSSL libraries.
It would be interesting to hear from someone familiar with that part of the
OpenSSL API which
want
Cordialement,
Erwann Abalea
De : prithiraj das
Date : lundi 17 décembre 2018 à 08:23
À : Erwann Abalea , "openssl-users@openssl.org"
Objet : Re: [openssl-users] RSA Public Key error
Hi Erwann/All,
Thank you for your earlier response. I have done a couple of tests on the
, bmeeke...@buckeye-express.com
>>> <mailto:bmeeke...@buckeye-express.com> wrote:
>>>
>>> I simply wanted a clear statement so I can make an informed decision
>>> whether or not I should use OpenSSL in future projects. I now have my
>>> answer. Thank
* [root@puoasvorsr07 ~]# openssl version
* OpenSSL 1.1.1 FIPS 11 Sep 2018
Is that a version you built yourself, or from RedHat? I believe it is RedHat’s
version, which did their own FIPS work.
The OpenSSL FIPS module is starting development.
--
openssl-users mailing list
To
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
using an
OpenSSL "engine" plugin, if instead you are inserting code in NGINX
to hand over the complete SSL/TLS record processing to the hardware,
then a different approach is needed.
OpenSSL Crypto Engines are not limited to SSL/TLS but can be used
for other tasks using the OpenSSL libcrypto
unused bits) for a 2048bits RSA
key with 16 custom bytes.
That’s perfectly normal for OpenSSL to refuse to load that beast, and for
asn1parse to return errors (the first bytes do not represent a correct DER
encoding of anything).
Think of it as « I took a Jpeg file, replaced some bytes at the
On 10/12/2018 14:41, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Michael Ströder
Sent: Saturday, December 08, 2018 06:59
On 12/7/18 11:44 PM, Michael Wojcik wrote:
Homograph attacks combined with phishing would be much cheaper and
easier
On 10/12/2018 11:30, Hemant Ranvir wrote:
Dear all,
After extracting openssl-1.1.1.tar.gz, openssl can be configured
without asm by passing no-asm flag during config command.
The expanded key can be obtained like follows:
//Getting expanded key from inside openssl
//Copied from crypto
www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 06/12/2018 11:48, Michael Ströder wrote:
On 12/6/18 10:03 AM, Jakob Bohm via openssl-users wrote:
On 05/12/2018 17:59, Viktor Dukhovni wrote:
IIRC Apple's Safari is ending support for EV, and some say that EV
has failed, and are not sorry to see it go.
This is very bad for security
On 05/12/2018 00:50, Viktor Dukhovni wrote:
On Tue, Dec 04, 2018 at 04:15:11PM +0100, Jakob Bohm via openssl-users wrote:
Care to create a PR against the "master" branch? Something
along the lines of:
"Provided chain ends with untrusted self-signed certificate&quo
tained by experts.
[ Also, FWIW, Firefox uses the "nss" library, not OpenSSL. ]
However Firefox code also contains lots of idiotic usability bugs,
even in the code that talks to the TLS stack. It is quite possible
that the "OCSP must be on" rule is another bad usability h
Hi Wim,Thank you for your quick response.1. Yes. I called EVP_PKEY_new()
before calling EVP_PKEY_assign_RSA(pEvpkey, rsa);
2. For your second quetion: no. I have not checked there is anything in the
openssl error stack.
I will check the openssl error stack.
3. (1). If it works, is
Hello,I am working on a small homework which requires convert pvk private key
to PKCS#8 format. The code is based on OpenSSL 1.0.2. I can get pvk private key
components (Public exponent, modulus, prime1, prime2, exponent1, exponent2,
coefficient, private exponent) properly, and convert to a
Thanks again Rich. If anyone else has any ideas please share.
From: "Salz, Rich"
Date: Tuesday, December 4, 2018 at 12:56 PM
To: "anipa...@cisco.com" , "openssl-users@openssl.org"
Subject: Re: [openssl-users] OCSP response signed by self-signed trusted
respond
Perhaps you can build a trust store to handle your needs. I am not sure.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
f time. Are you
saying option 2 from the RFC is not supported within OpenSSL and would require
changes? Or am I misinterpreting option 2 above.
Lastly, I assuming my understanding is correct, I was thinking
X509_check_trust() allows for communicating this ‘out of band’ trust to OpenSSL
for validat
source to support it,
however.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
explicit trust so that it is allowed via the call to X509_check_trust() or
is there something else I’m missing here?
Thanks,
Animesh
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
releases
if any to change the text, since the change may cause issues
for some users.
Sure, this is always a concern. Maybe the change could be considered for
OpenSSL 3.0, since that's a major release.
Care to create a PR against the "master" branch? Something
along the lines of:
> >
> > > I agree the text could be better, but not sure in what releases
> > > if any to change the text, since the change may cause issues
> > > for some users.
> >
> > Sure, this is always a concern. Maybe the change could be
> > considered for O
gt; That would suggest to the user that the problem might be an issue
> with the trust store.
>
My .02: The message "Self-signed certificate in certificate chain"
does make it sound like OpenSSL rejected the certificate precisely
because it's self signed, and not because it
:
...
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 28/11/2018 23:42, Jonathan Larmour wrote:
On 28/11/18 21:41, Daniel Kahn Gillmor wrote:
On Wed 2018-11-28 19:54:34 +, Jonathan Larmour wrote:
On 28/11/18 17:02, Matt Caswell wrote:
Please see the following blog post about OpenSSL Versioning and License:
https://www.openssl.org/blog
This was discussed around when OpenSSL first talked about the project. You
might find it worth reading the various blog entries (and comment/responses)
https://www.openssl.org/blog/blog/categories/license/ One thing to note is that
cryptography can be a patent minefield, and the patent
On Wed, Nov 28, 2018 at 08:48:10PM +, Jeremy Harris wrote:
> OpenSSL 1.1.1 FIPS 11 Sep 2018
> RHEL 8.0 beta
>
> Using SSL_CTX_set_tlsext_servername_callback()
> when the called routine returns SSL_TLSEXT_ERR_NOACK
> I was expecting the handshake to fail. It carrie
If GSCheck is just a tool to check if you remembered to build
code with the buffer overflow checks that Microsoft C can
insert, then you should just treat this as a warning that the
tool doesn't know how to check code from other compilers (in
this case the manual work of the OpenSSL team).
Hi All,
The 32bit OpenSSL 1.1.0i library 'libeay32.dll' fails for binscope GSCheck on
Windows.
E:\libeay32.dll: error BA2022: libeay32.dll was compiled with the following
modules for which a language could not be identified. Ensure these were
compiled with debug information and ru
unique
numbers for fast lookup during application load.
There is a source file in OpenSSL giving the assigned numbers.
You will need to add numbers for you additional exports, and
deal with the risk that a future OpenSSL release uses that
number for something else.
Enjoy
Jakob
--
Jakob Bohm, CIO
On 26/11/2018 20:04, Viktor Dukhovni wrote:
On Nov 26, 2018, at 11:33 AM, Jakob Bohm via openssl-users
wrote:
In TLS 1.2 and older it was an extension "Trusted CA Indication" (3),
defined in RFC6066 Chapter 6.
So I would suggest that any OpenSSL API to control that feature in
TL
Hi,
The ability of a TLS client to optionally send a list of trusted
CAs to the TLS server is not new in TLS 1.3.
In TLS 1.2 and older it was an extension "Trusted CA Indication" (3),
defined in RFC6066 Chapter 6.
So I would suggest that any OpenSSL API to control that feature in
TL
On 25/11/2018 22:30, Viktor Dukhovni wrote:
On Nov 25, 2018, at 4:23 PM, Jeremy Harris wrote:
That isn't the package name, it is text defined in openssl/opensslv.h
That happens when "OPENSSL_FIPS" is defined:
# define OPENSSL_VERSION_NUMBER 0x101000b0L
# ifd
* I am unable to get the API to access bn->top value or any bn members in
openssl 1.1.1 .
Can you help me with the pointers to those APIs ?
They do not exist. This is the first time someone has asked for them. You
will need to open an issue on GitHub, and explain *why* you need acc
* BIGNUM structure also has been made opaque. How to refer the members of
BIGNUM structure like bn->top ?
You cannot. That is the definition of “opaque structure.” :) Why do you need
to access “top” ?
* And I don't see this API implementation ""lh_OPENSSL_CSTRIN
>For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an
error with that value, not just the "too many alerts" description.
You're correct, it's not done.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
128 in CBC mode.
On 20/11/2018 10:54, ASHIQUE CK wrote:
Hi,
Any replys ?
On Mon, Nov 19, 2018 at 11:39 AM ASHIQUE CK <mailto:ckashique...@gmail.com>> wrote:
Also I use OpenSSL 1.1.0h.
On Mon, Nov 19, 2018 at 11:36 AM ASHIQUE CK
mailto:ckashique...@gmail.com>> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1a released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1a of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.0j released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.0j of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.0.2q released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2q of our open
>My question: How can I make LibOpenSSL-1.0.2g to send a ServerHello to the
>Client on demand? The socket should not close, nor perform a renegotiation.
You have to shutdown and restart the TLS layer. You cannot send arbitrary
ServerHello messages, it’s a protocol violation.
--
o
Apologies for my mistake. I think I was profiling the whole CPU instead
of just my process. Please disregard.
Paulo Matos
On 16/11/2018 09:08, Paulo Matos via openssl-users wrote:
> Hi,
>
> I have a program where I am doing millions of calculations of SHA1 per
> second. This is
e
how seeding is related to SHA1. At the same time, I can't break into it
in gdb and I can't understand where it's being called.
Could you please shed some light on why this function is called and if
there's something I can do about it?
Kind regards,
--
Paulo Matos
--
open
kernel handles TLS, and how the keys are extracted from OpenSSL:
https://github.com/torvalds/linux/blob/master/Documentation/networking/tls.txt
https://github.com/openssl/openssl/pull/5253
--
-Todd Short
// tsh...@akamai.com<mailto:tsh...@akamai.com>
// "One if by land, two if by sea, thre
You can do this by writing your own BIO (probably based on memory) that then
dribbles data out to its own internal socket.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
It was great to see you last week.
You and the entire “Russian crypto cohort” :)
From: Dmitry Belyavsky
Reply-To: openssl-users
Date: Sunday, November 11, 2018 at 6:34 AM
To: openssl-users
Subject: Re: [openssl-users] x509 manual
Hello,
https://github.com/openssl/openssl/pull/7614<ht
Hi - I created a question on Super User about questions on file permissions and
what the file permissions should be on created files. See link here:
https://superuser.com/questions/1368747/file-permissions-for-openssl-created-files-for-https-web-server-lighttpd
Could someone comment on what
On Debian systems, the standard procedure on Debian is to build your
private/different versions of openssl (or anything else) in /usr/local,
while leaving the Debain modified OpenSSL in /usr .
This should keep your own code and Debian code out of each others way.
Any programs you need to use
On 03/11/2018 10:11, Hanno Böck wrote:
On Sat, 3 Nov 2018 12:28:02 +0500
Марк Коренберг wrote:
Try openssl cms ( as newer alternative to s/mime)
cms is not newer than s/mime, it's the underlying message format of
s/mime.
According to this
https://www.openssl.org/docs/man1.0.2
:1408E0F4:SSL
routines:SSL3_GET_MESSAGE:unexpected message
but
https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at
says its ok ...
is the problem on my side or on their side?
You'll need to give us more information. I can connect to that server
using OpenSSL 1.0.2 s_client.
What versi
On 05/11/2018 15:56, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of lu zhihong
Sent: Thursday, November 01, 2018 05:58
when complie openssl 1.1.1 on linux 32bit platform, i met some compile
warning,like:
crypto/ec/curve448
test assumes the other test does it.
On Fri, 2 Nov 2018 at 16:53, Jakob Bohm via openssl-users
wrote:
On 02/11/2018 08:50, Thulasi Goriparthi wrote:
Hi,
I am going through the checks done by EC_KEY_check_key method. I see
the following checks in order.
1. Is point at infinity? - reject.
2. Is
Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscr
On 26/10/2018 23:08, Ken Goldman wrote:
I've been happily using the Shining Light 32-bit binaries with both
openssl 1.0 and 1.1 and mingw.
On a new machine, I tried the 64-bit binaries. However, they're
missing the openssl/lib/mingw directory where the .a files resided.
It look
means that there was no cipher overlap between the client and server.
For some clients, SSL_accept() succeeds and the rest of the application
runs properly. I have not been able to sort out what the difference
is.
First, note the OpenSSL FAQ about how to turn on readable error messages.
Lack
On 10/23/2018 05:22 PM, Selva Nair wrote:
> On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
> wrote:
>> Hi!
>>
>> I'm trying to get a handle on the CAPI engine, because I need to have a
>> secure Keystore on Windows. Furthermore I need it
On 23/10/2018 17:22, Selva Nair wrote:
On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
wrote:
Hi!
I'm trying to get a handle on the CAPI engine, because I need to have a
secure Keystore on Windows. Furthermore I need it to work with Qt's
QSslKey, which fortunat
_cast(key));
Trace Output is:
Setting debug file to C:\Users\user\AppData\Local\Temp\engine.txt
Opening certificate store MY
capi_get_key, contname={4EBA52A8-AB4B-47DB-B777-2B26351F324C},
provname=Microsoft Enhanced Cryptographic Provider v1.0, type=1
Called CAPI_rsa_sign()
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Ah, I guess it wanted you to also compile OpenSSL for i386 and putting
that (different!) opensslconf.h in the i386-specific directory.
That also means you should have moved opensslconf.h to the subdir, not
copied it.
On 22/10/2018 20:42, Skip Carter wrote:
Found the problem!
Thanks to Selva
>Yes the macro is there, its just not being expanded by the pre-
compiler.
That makes no sense.
Please look at your compiler manpages and figure out how to turn on verbose
compiler output. Something is strange in your environment.
--
openssl-users mailing list
To unsubscr
On 20/10/2018 15:59, Kaushal Shriyan wrote:
On Wed, Oct 17, 2018 at 7:00 PM murugesh pitchaiah
mailto:murugesh.pitcha...@gmail.com>>
wrote:
Hi,
You may list down what ciphers configured : "openssl ciphers"
Choose CBC ciphers and add them to the list of &#
>DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group,
That is "proof" that the pre-processor doesn’t have the right -I flags. Try
running with the -v option or something.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/lis
>And I still have the problem with those macros.
The problem is almost definitely this: the files that you are compiling (not
openssl) are picking up the wrong header files from openssl.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
You probably do not have the headers installed into the right include path.
You should do "make install" and not cp things by hand, as you'll need the
headers and the libraries, etc.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
your real handler
and not to one added by a buffer overflow attack on your process.
For C/C++ code, the compiler uses only handlers in the C runtime,
each of which already include those directives. But for Assembler
source code (such as the optimized assembler modules in OpenSSL),
there is no way to
801 - 900 of 1707 matches
Mail list logo
