Can you post the stack trace of the segv here?
On Tue, Jul 16, 2024 at 12:43 PM Victor Wagner wrote:
> Hi!
>
> I'm using osslsigncode application on Debian 12 system (amd64) to sign
> stuff with RSA key stored on hardware token with PKCS11 interface.
>
> osslsigncode
Server supports 1.3
If I do 127.0.1.1 in Firefox, I'm getting response. It's TLS 1.3
Regards.
Lokesh.
On Mon, Jul 15, 2024, 18:23 Alexandr Nedvedicky wrote:
> Hello,
>
> I just took a look at the packet dump. The client hello
> in packet dump is TLS 1.3
>
> the alert sent by server is Alert
Hello,
I just took a look at the packet dump. The client hello
in packet dump is TLS 1.3
the alert sent by server is Alert Message TLS 1.2
could it be that server does not support TLS 1.3?
better chance to better understand what's going on is to get
hands on the server and get some logs.
may
Howdy,
I notice that OpenSSL has the 'asn1parse' utility for reading PEM and
DER formatted keys. Is there an analogue that allows to write back a new
value for the secret integers in private keys? Or can I encode data
with 'asn1parse' and then output it in PEM format to build a key?
asn1parse
n analogue that allows to write back a new
> value for the secret integers in private keys? Or can I encode data
> with 'asn1parse' and then output it in PEM format to build a key?
>
> Trying to de-serialize and reconstruct keys outside of OpenSSL is a pain
> and might hinder portability
On Fri, Jul 12, 2024 at 9:03 AM BENTLEY Thom via openssl-users <
openssl-users@openssl.org> wrote:
> Hi All,
>
>
>
> I had to change the names of the .lib files to:
>"dcmtkcrypto_d.lib" - debug version
>
>"dcmtkcrypto_o.lib" - release version (optimized)
>
>
They are generated, using providers/common/der/oids_to_c.pm, and
template files like providers/common/der/der_ec_gen.c.in, where you can
see the .asn1 files that are used as sources.
Cheers,
Richard
Damodhar Boddukuri via openssl-users writes:
> Hi OpenSSL,
>
>
>
> I am compiling OpenSSL
Thanks for the confirmation.
Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes
company<http://www.mdsol.com/>
From: Neil Horman
Sent: Wednesday, July 10, 2024 1:56 PM
To: BENTLEY Thom
Cc: openssl-users@openssl.org
Subject: Re: Can we provide --debug and --r
- release version (optimized)
>
>
>
> It seems they expect those file names and use them when generating a build
> system with CMake.
>
>
>
>
>
> *Thom Bentley *| Senior Software Engineer | Medidata, a Dassault Systèmes
> company <http://www.mdsol.com/>
>
l.com/>
From: Neil Horman
Sent: Wednesday, July 10, 2024 1:32 PM
To: BENTLEY Thom
Subject: Re: Can we provide --debug and --release on a single build?
you can supply both, but they don't create separate libraries. The --debug and
--release just set different optimization flags on the co
rts(TS_VERIFY_CTX *ctx, STACK_OF(X509)
*certs);
Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes
company<http://www.mdsol.com/>
From: Tomas Mraz
Sent: Monday, July 1, 2024 4:12 AM
To: BENTLEY Thom ; Matt Caswell ;
openssl-users@openssl.org
Subject: Re: Missing he
You should use some Key Derivation Function (KDF) to derive a key from
this shared secret. For example TLS-1.3 uses HKDF for that.
The best way would be to use TLS-1.3 (or some other standardized secure
protocol) directly instead of inventing and implementing your own
protocol though.
Tomas
That answers my questions.
Thanks Viktor.
General
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Friday, July 5, 2024 08:01 AM
To: openssl-users@openssl.org
Subject: Re: Maximum encryption key length supported by AES-128 CBC
[External email: Use caution
On Thu, Jul 04, 2024 at 06:20:25PM +, Vishal Kevat via openssl-users wrote:
> I want to know what length of encryption key does AES-128 CBC supports?
Exactly 128 bits, no more, no less.
> I believe that it supports key length max upto 128 bits that is 16 bytes.
It makes little sense to
ssl-users
> wrote:
>
> From: James <mailto:openssl-us...@natsuki.co.uk>
> To: mailto:openssl-users@openssl.org
> Subject: Re: Certificate verification with cross signed CAs
> Message-ID: <mailto:c457519e-e386-4df8-84ec-9efb7a0f9...@natsuki.co.uk>
> Cont
From: James <mailto:openssl-us...@natsuki.co.uk>
To: mailto:openssl-users@openssl.org
Subject: Re: Certificate verification with cross signed CAs
Message-ID: <mailto:c457519e-e386-4df8-84ec-9efb7a0f9...@natsuki.co.uk>
Content-Type: text/plain; charset="utf-8"
> The certif
The certificates are attached below.The use case is client A only has ta_primary_cert.pem and client B only has ta_secondary_cert.pemI’m trying to build a chain that the server can use (in the server hello) so that both client A and client B can successfully connect.Since openssl verify -trusted
On Mon, Jul 01, 2024 at 03:54:46PM +0100, James Chapman wrote:
> I’ve been using openssl verify to check some certificate chains:
>
> server -> ca -> roota
> server -> alt_ca-> rootb
>
> Certificates ca and alt_ca have the same subject and public key and different
> issuers.
>
> openssl
ntially cause issues if DCMTK 3.6.8 is not properly
> configured to handle this change in OpenSSL 3.0.8.
>
>
>
>
>
>
> Thom Bentley| Senior Software Engineer |
> Medidata, a Dassault Systèmes company
>
>
>
> From: Matt Caswell
> Sent: Friday, June
m Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes
company<http://www.mdsol.com/>
From: Matt Caswell
Sent: Friday, June 28, 2024 11:54 AM
To: BENTLEY Thom ; Tomas Mraz ;
openssl-users@openssl.org
Subject: Re: Missing header file ts_local.h in install location.
On 28/06/2024 16
Engineer |Medidata, a Dassault Systèmes company
thom.bent...@3ds.com
From: Matt Caswell
Date: Friday, June 28, 2024 at 11:53 AM
To: BENTLEY Thom , Tomas Mraz ,
"openssl-users@openssl.org"
Subject: Re: Missing header file ts_local.h in install location.
On 28/06/2024 16: 29, BENTLE
cmtk\dcmtls\tlslayer.h(37,8):
16:35:16:392 26>see declaration of 'ssl_ctx_st'
**
**
*Thom Bentley *| Senior Software Engineer |Medidata, a Dassault Systèmes
company <http://www.mdsol.com/>
*From:*Tomas Mraz
*Sent:* Friday, June 28, 2024 10:15 AM
*To:* BENTLEY Thom ; openssl-user
see declaration of 'ssl_ctx_st'
Thom Bentley | Senior Software Engineer | Medidata, a Dassault Systèmes
company<http://www.mdsol.com/>
From: Tomas Mraz
Sent: Friday, June 28, 2024 10:15 AM
To: BENTLEY Thom ; openssl-users@openssl.org
Subject: Re: Missing header file ts_local.h
y<http://www.mdsol.com/>
From: Matt Caswell
Sent: Friday, June 28, 2024 10:18 AM
To: BENTLEY Thom ; openssl-users@openssl.org
Subject: Re: Missing header file ts_local.h in install location.
On 28/06/2024 15: 09, BENTLEY Thom via openssl-users wrote: > Hi All, > > I
build and ins
On 28/06/2024 15:09, BENTLEY Thom via openssl-users wrote:
Hi All,
I build and installed version 3.0.8 on Windows with Visual Studio using
the instructions provided.
I copied the bin, include, and lib directories to a location that would
be found by the CMake for the
DCMTK toolkit
TS_VERIFY_CTX is an opaque structure since version 1.1.0. You may not
access its members directly. To set them you need to use the various
TS_VERIFY_CTX_set* functions.
If there are any particular accessors missing, please report that as a
bug to https://github.com/openssl/openssl
Tomas Mraz,
, "openssl-users@openssl.org"
Subject: Re: Issue with install after using `perl Configure` to set --prefix
and --openssldir
You seem to have space instead of = between --openssldir and the path. And
yeah, try to experiment with the doublequotes if that does not help. I do not
know the e
ult
> Systèmes company
> thom.bent...@3ds.com
>
>
>
>
> From:Tomas Mraz
> Date: Thursday, June 27, 2024 at 1:29 PM
> To: BENTLEY Thom , "openssl-users@openssl.org"
>
> Subject: Re: Issue with install after using `perl Configure` to set -
> -prefix and --openssldir
>
at 1:29 PM
To: BENTLEY Thom , "openssl-users@openssl.org"
Subject: Re: Issue with install after using `perl Configure` to set --prefix
and --openssldir
Hello, you have to use "--openssldir=C: \OpenSSLInstallDir\CommonFiles\SSL"
Regards, Tomas Mraz, OpenSSL On Thu, 2024-0
Hello,
you have to use "--openssldir=C:\OpenSSLInstallDir\CommonFiles\SSL"
Regards,
Tomas Mraz, OpenSSL
On Thu, 2024-06-27 at 16:50 +, BENTLEY Thom via openssl-users
wrote:
>
>
>
> Hi All,
>
> I get an error running `perl Configure --openssldir
>
I believe the oid_file key in the config is used by the ca and req applets
and is meant to be a value rather than a section (i.e. oid_file =
/path/to/oid/file/name)
To do what I believe you are trying to do above, you need to follow the
directions here:
:29 PM
To: BENTLEY Thom
Cc: openssl-users@openssl.org
Subject: Re: Issue building after configuring for VC-WIN64A (version 3.0.8)
You will almost certainly need to preform an nmake distclean (or just run git
clean on your tree) prior to reconfiguring. nmake is really bad about getting
bug @C:\Users\tbentley\AppData\Local\Temp\1\nm96.tmp
> /implib:libcrypto.lib || (DEL /Q libcrypto-3-x64.* libcrypto.lib & EXIT
> 1)"' : return code '0x1'
>
> Stop.
>
> NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual
> Studio\2022\Professional\VC\
Did you do an "nmake clean" after switching to the correct compiler? You need
to get rid of those 32-bit objects, or you'll continue to have a machine-type
mismatch.
--
Michael Wojcik
Rocket Software
Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue,
Is there a way to have all those man pages installed in my system.
I'm using Ubuntu 24.
On Wed, Jun 19, 2024, 17:49 Matt Caswell wrote:
>
>
> On 19/06/2024 12:14, Lokesh Chakka wrote:
> > Now I need to explore C APIs for getting those keys as hex array.
> > Could you please suggest any good
The Doctor via openssl-users writes:
> On Wed, Jun 19, 2024 at 09:53:19AM +0200, Tomas Mraz wrote:
>> They are there. Maybe you've looked too soon before the CDN caches were
>> synchronized.
>>
>>
>> On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote:
>> > Where are they?
>>
On 19/06/2024 12:14, Lokesh Chakka wrote:
Now I need to explore C APIs for getting those keys as hex array.
Could you please suggest any good references for beginners.
You would need to first load the key from the file to create an EVP_PKEY
object. For example you could use the
On Wed, Jun 19, 2024 at 09:53:19AM +0200, Tomas Mraz wrote:
> They are there. Maybe you've looked too soon before the CDN caches were
> synchronized.
>
>
> On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote:
> > Where are they?
>
> --
> Tom Mr??z, OpenSSL
>
I use lynx
Hi Matt,
I'm trying to craft a client hello packet using a C program. I'm learning
about these keys, openssl, TLS etc.
So
openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
openssl ec -in pvtkey.pem -pubout -out pubkey.pem
openssl pkey -in pubkey.pem -pubin -noout -text
will give me the
On 19/06/2024 09:15, Lokesh Chakka wrote:
hello,
I'm trying to generate public/private keys with following commands:
openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
openssl ec -in pvtkey.pem -pubout
I'm seeing the sizeof private key as 164 bytes and public key as 124 bytes.
In a
Understood. Thanks alot.
But I'm still Not able to understand why it is 65 bytes in the key value.
Thanks & Regards
--
Lokesh Chakka.
On Wed, Jun 19, 2024 at 3:03 PM Tomas Mraz wrote:
> You need to do base64 decoding to find out the real size of the ASN.1
> encoded data.
>
> Tomas Mraz,
You need to do base64 decoding to find out the real size of the ASN.1
encoded data.
Tomas Mraz, OpenSSL
On Wed, 2024-06-19 at 14:58 +0530, Lokesh Chakka wrote:
> hi,
>
> please check the following :
>
> =
>
hi,
please check the following :
==
$ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
using curve name prime256v1 instead of secp256r1
$ cat pvtkey.pem
-BEGIN EC PARAMETERS-
BggqhkjOPQMBBw==
Hi Lokesh,
I am not sure how do you count the sizes of 164 bytes and 124 bytes for
the pem files.
If I use -outform DER (and use -noout with the ecparam to avoid
outputting the params because the private key already contains info
about the params used) I see the following sizes for the DER
They are there. Maybe you've looked too soon before the CDN caches were
synchronized.
On Tue, 2024-06-18 at 21:12 -0600, The Doctor via openssl-users wrote:
> Where are they?
--
Tomáš Mráz, OpenSSL
On Wednesday, April 17th, 2024 at 6:57 AM, Michael Wojcik via openssl-users
wrote:
> > From: Turritopsis Dohrnii Teo En Ming teo.en.m...@protonmail.com
> > Sent: Monday, 15 April, 2024 07:36
> >
> > > > From: openssl-users openssl-users-boun...@openssl.org On Behalf Of
> > > > Turritopsis
On 09/06/2024 19:59, Dennis Clarke via openssl-users wrote:
On 5/30/24 11:15, Michael Wojcik via openssl-users wrote:
From: openssl-users On Behalf Of
Dennis
Clarke via openssl-users
Sent: Thursday, 30 May, 2024 07:29
OKay, thank you. I guess today is a good day to test on a few oddball
Hi Thomas,
Thank you very much, Understood.
I created a new branch with the change I created two versions:
1. one more c++ style (
https://github.com/christiangda/LicenseValidator/blob/c988c226e3e998aebe840386525a364273f41807/src/License.cpp#L80
)
2. with the change you proposed (
|if (EVP_PKEY_verify(ctx, licenseSignature, sizeof(licenseSignature),
licenseContent, sizeof(licenseContent)) <= 0)|
The sizeof operator is not doing what you think it's doing. It's
computing the sizes of the pointers (typically 4 or 8 bytes depending on
your architecture) and not the sizes
On Sat, Jun 08, 2024 at 08:12:57AM -0400, Neil Horman wrote:
> > I see someone at
> > https://github.com/openssl/openssl/issues/13382#issuecomment-1181577183
> > with a similar concern suggested -macopt keyfile:file
The requested feature (explicit keyfile option) makes sense to me. Is
there a
On 5/30/24 11:15, Michael Wojcik via openssl-users wrote:
From: openssl-users On Behalf Of Dennis
Clarke via openssl-users
Sent: Thursday, 30 May, 2024 07:29
OKay, thank you. I guess today is a good day to test on a few oddball
system architectures. I suspect there are very very few people out
On 6/8/2024 5:12 AM, Neil Horman wrote:
printf '%s' "hello" | LD_LIBRARY_PATH=$PWD ./apps/openssl dgst -sha1
-hmac $(cat key.txt)
SHA1(stdin)= c3b424548c3dbd02161a9541d89287e689f076d7
That will expose the key in the process args, so is NOT secure.
--
Carson
the openssl-mac utility already contains such a option (though it doesn't
circumvent the issue as the option for the key is also passed on the
command line)
It seems some bash magic solves this problem though. By putting your key
in a file, you can use command substitution to solve this:
2024-06-08 08:43:26 +0100, Stephane Chazelas:
[...]
> Would it be possible to have a: -macopt keyenv:varname and
> -macopt keyexenv:varname for instance to be able to pass the
> secret via environment variables instead (which on most systems
> are a lot less public than command arguments)?
[...]
2022-08-07 18:20:56 +0200, Francois:
[...]
> I am reading some doc instructing me to run
>
> printf '%s' "${challenge}" | openssl dgst -sha1 -hmac ${APP_TOKEN}
>
> Doing so would leak the APP_TOKEN on the command line arguments (so a
> user running a "ps" at the right time would see the
General
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Friday, May 31, 2024 06:14 PM
To: openssl-users@openssl.org
Subject: Re: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0
[External email: Use caution with links and attachments
- Original Message -
> From: "Wiebe Cazemier"
> To: openssl-users@openssl.org
> Sent: Thursday, 23 May, 2024 12:22:31
> Subject: Blocking on a non-blocking socket?
>
> Hi List,
>
> I have a very obscure problem with an application using O_NONBLOCK still
> blocking. Over the course of a
On Fri, May 31, 2024 at 07:47:40AM +, Vishal Kevat via openssl-users wrote:
> Hi OpenSSL users,
>
> I am using OpenSSL source version 3.3.0 and facing an issue in key generation
> part of Diffie Hellman (DH) Algorithm. Below are the APIs I am using for
> generating Public and Private Keys:
On Fri, May 31, 2024 at 12:39:12PM +, Vishal Kevat via openssl-users wrote:
> Is there any way to make this prime number work by doing some
> modifications in the openssl source code.
It ISN'T a *prime* number.
> Like bypassing the OpenSSL DH prime check?
Why do you want to use a broken DH
PM
To: openssl-users@openssl.org
Subject: Re: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0
[External email: Use caution with links and attachments]
On Fri, May 31, 2024 at 07:47:40AM +, Vishal Kevat via openssl-users wrote:
> I am using Open
On Fri, May 31, 2024 at 07:47:40AM +, Vishal Kevat via openssl-users wrote:
> I am using OpenSSL source version 3.3.0 and facing an issue in key
> generation part of Diffie Hellman (DH) Algorithm. Below are the APIs I
> am using for generating Public and Private Keys:
>
> static unsigned
On 24/05/2024 16:57, murugesh pitchaiah wrote:
Thanks Matt for looking into this.
Here is the output:
# openssl list --providers -provider fips -provider base
Providers:
base
name: OpenSSL Base Provider
version: 3.0.9
status: active
Hi OpenSSL users,
I am using OpenSSL source version 3.3.0 and facing an issue in key generation
part of Diffie Hellman (DH) Algorithm. Below are the APIs I am using for
generating Public and Private Keys:
static unsigned char DH_PRIME_128[] = { /* 128 bit prime */
0xff, 0xff, 0xff, 0xff,
Hi Matt,
Could you please share any insights on why these errors seen on
programmatically loading fips provider :
*80D1CD65667F:error:1C8000D4:Provider routines:SELF_TEST_post:invalid
state:../openssl-3.0.9/providers/fips/self_test.c:262:*
*80D1CD65667F:error:1C8000D8:Provider
> From: openssl-users On Behalf Of Dennis
> Clarke via openssl-users
> Sent: Thursday, 30 May, 2024 07:29
>
> OKay, thank you. I guess today is a good day to test on a few oddball
> system architectures. I suspect there are very very few people out there
> running actual HPE Itanium hardware or
On 5/30/24 03:03, Tomas Mraz wrote:
You can just test the HEAD commits in the respective branches (openssl-
3.0, openssl-3.1, openssl-3.2 and openssl-3.3) in git. The repository
will be frozen today afternoon so there should be no further changes
apart from eventual regression fixes and the
You can just test the HEAD commits in the respective branches (openssl-
3.0, openssl-3.1, openssl-3.2 and openssl-3.3) in git. The repository
will be frozen today afternoon so there should be no further changes
apart from eventual regression fixes and the release commits.
Regards,
Tomas Mraz,
On 5/28/24 08:51, Tomas Mraz wrote:
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.3.1, 3.2.2, 3.1.6 and 3.0.14.
Will there be any release candidate tarballs for testing on various
systems? Perhaps there already exists some commit or "tag" (
Thanks Matt for looking into this.
Here is the output:
# openssl list --providers -provider fips -provider base
Providers:
base
name: OpenSSL Base Provider
version: 3.0.9
status: active
fips
name: OpenSSL FIPS Provider
version: 3.0.9
status: active
Also
What do you get by loading the provider via the "openssl list" command,
i.e. what is the output from:
$ openssl list --providers -provider fips -provider base
Matt
On 24/05/2024 15:48, murugesh pitchaiah wrote:
Thanks Neil for your response. Please find more details below.
Yes we run
Thanks Neil for your response. Please find more details below.
Yes we run fipsinstall and then edit the fipsmodule.conf file to remove the
'activate=1' line. Then try to programmatically load FIPS provider. Here
are the details steps.
Once the device boots up , The device has fipsmoudle.cnf
I assume that, after building the openssl library you ran openssl
fipsinstall? i.e. you're not just using a previously generated
fipsmodule.cnf file? The above errors initially seem like self tests
failed on the fips provider load, suggesting that the module-mac or
install-mac is incorrect in
On 24/05/2024 02:30, Wiebe Cazemier wrote:
Can you show me in the code where that is?
It's here:
https://github.com/openssl/openssl/blob/b9e084f139c53ce133e66aba2f523c680141c0e6/ssl/record/rec_layer_s3.c#L1038-L1054
The "retry" codepath occurs where we hit the "goto start".
My main
Hi Detlef,
- Original Message -
> From: "Detlef Vollmann"
> To: openssl-users@openssl.org
> Sent: Friday, 24 May, 2024 12:02:37
> Subject: Re: Blocking on a non-blocking socket?
>
> That's correct, but if I understand Matt correctly, thi
On 5/24/24 03:30, Wiebe Cazemier via openssl-users wrote:
Hi Matt,
- Original Message -
From: "Matt Caswell"
To: openssl-users@openssl.org
Sent: Friday, 24 May, 2024 00:26:28
Subject: Re: Blocking on a non-blocking socket?
Not quite.
When you call SSL_read() it is b
Hi Matt,
- Original Message -
> From: "Matt Caswell"
> To: openssl-users@openssl.org
> Sent: Friday, 24 May, 2024 00:26:28
> Subject: Re: Blocking on a non-blocking socket?
> Not quite.
>
> When you call SSL_read() it is because you are hoping to read
&
g/docs/man1.0.2/man3/SSL_CTX_set_mode.html |
>>>> https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_mode.html ]
>>>
>>>> SSL_MODE_AUTO_RETRY in non-blocking mode should cause
>>>> SSL_reaa/SSL_write to return -1 with an error code of
>>>>
_mode.html ]
SSL_MODE_AUTO_RETRY in non-blocking mode should cause
SSL_reaa/SSL_write to return -1 with an error code of
WANT_READ/WANT_WRITE until such time as the re-negotiation has
completed. I need to confirm thats the case in the code, but it seems
to be. If the underlying socket is in non-blocking mode, th
UTO_RETRY in non-blocking mode should cause
>> SSL_reaa/SSL_write to return -1 with an error code of
>> WANT_READ/WANT_WRITE until such time as the re-negotiation has
>> completed. I need to confirm thats the case in the code, but it seems
>> to be. If the underlying socket is
Hi Neil,
- Original Message -
> From: "Neil Horman"
> To: "Wiebe Cazemier"
> Cc: "udhayakumar" , openssl-users@openssl.org
> Sent: Thursday, 23 May, 2024 23:42:18
> Subject: Re: Blocking on a non-blocking socket?
> from
from:
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_mode.html
SSL_MODE_AUTO_RETRY in non-blocking mode should cause SSL_reaa/SSL_write to
return -1 with an error code of WANT_READ/WANT_WRITE until such time as the
re-negotiation has completed. I need to confirm thats the case
- Original Message -
> From: "Neil Horman"
> To: "udhayakumar"
> Cc: "Wiebe Cazemier" , openssl-users@openssl.org
> Sent: Thursday, 23 May, 2024 22:05:22
> Subject: Re: Blocking on a non-blocking socket?
> do you have a stack trace of t
he handshake and successful completion. if cable is unplugged
> connection got broken until re-authentication it's holding read/write
> operations i think.
>
>
> / udhay!.
>
> On 5/23/24 7:52 AM, Wiebe Cazemier via openssl-users wrote:
> > e only SSL modes I change from the default is that I
>
hi Wiebe Cazemier,
The flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return
after the handshake and successful completion. if cable is unplugged connection
got broken until re-authentication it's holding read/write operations i think.
/ udhay!.
On 5/23/24 7:52 AM, Wiebe
Hi!
Sorry, when I try to click the links, I am offered to download something.
Is it intentional?
On Tue, 21 May 2024, 19:48 Kajal Sapkota, wrote:
> *Hi All,*
>
>
>
>
>
>
>
>
> * We are pleased to announce our upcoming webinar, Getting Started with
> QUIC and OpenSSL. In this brief yet
On 5/16/24 08:28, Neil Horman wrote:
Glad its working a bit better for you. If you are inclined, please feel
free to open a PR with your changes for review.
Well, the changes are *really* trivial. Necessary and trivial.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
Glad its working a bit better for you. If you are inclined, please feel
free to open a PR with your changes for review.
Best
Neil
On Thu, May 16, 2024 at 7:40 AM Dennis Clarke wrote:
> On 5/15/24 18:34, Neil Horman wrote:
> > You are correct, the files you reference (most of them in fact)
On 5/15/24 18:34, Neil Horman wrote:
You are correct, the files you reference (most of them in fact) get built
into separate objects in the event the build flags are different for shared
and static libraries, and should be unrelated to the issue you are seeing
I was somewhat puzzled by
You are correct, the files you reference (most of them in fact) get built
into separate objects in the event the build flags are different for shared
and static libraries, and should be unrelated to the issue you are seeing
As for the undefined symbols, thats definitely a mystery. most notably,
On 5/13/24 03:34, Matt Caswell wrote:
On 13/05/2024 02:42, Neil Horman wrote:
We added support for RCU locks in 3.3 which required the use of
atomics (or emulated atomic where they couldn't be supported), but
those were in libcrypro not liberal
Right - its supposed to fallback to
On 13/05/2024 02:42, Neil Horman wrote:
We added support for RCU locks in 3.3 which required the use of atomics
(or emulated atomic where they couldn't be supported), but those were in
libcrypro not liberal
Right - its supposed to fallback to emulated atomic calls where atomics
aren't
On 5/12/24 21:42, Neil Horman wrote:
We added support for RCU locks in 3.3 which required the use of atomics (or
emulated atomic where they couldn't be supported), but those were in
libcrypro not liberal
I see. I am having great difficulty with 3.3 on an old Sun SPARC64
server where there
We added support for RCU locks in 3.3 which required the use of atomics (or
emulated atomic where they couldn't be supported), but those were in
libcrypro not liberal
On Sun, May 12, 2024, 7:26 PM Dennis Clarke via openssl-users <
openssl-users@openssl.org> wrote:
>
> On 4/9/24 08:56, OpenSSL
On 4/9/24 08:56, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 3.3.0 released
==
Trying to compile this on an old Solaris 10 machine and over and over
and over I see these strange things as Undefined symbols :
On 08/05/2024 18:15, Rahul Shukla wrote:
The issue I'm encountering here occurs after the first SSL_read() call
in myread(). Despite encountering SSL_ERROR_WANT_READ, upon checking for
available data using isReadable(),there appears to be no activity or
pending data. This inconsistency
Thank you for the heads up. There was already a fix in
https://github.com/openssl/openssl/pull/24337 which is now merged to
the 3.3 branch.
Tomas Mraz, OpenSSL
On Mon, 2024-05-06 at 23:51 -0600, The Doctor via openssl-users wrote:
> On Mon, May 06, 2024 at 11:34:59PM -0600, The Doctor via
On Mon, May 06, 2024 at 11:34:59PM -0600, The Doctor via openssl-users wrote:
> Using clang versino 18
>
> and it is spewing at goto out
>
Line 417 and 434 of test/threadstest.c
in openssl-3.3 daily
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King &
On 5/6/24 11:48, Michael Richardson wrote:
> Now I treat the flush as 'OpenSSL isn't interested in the result
> of the last write anymore'. I'm not sure this assumption is correct,
> but it seems to work... (Well, it could cause duplicate messages
It does not sound correct.
I
> Now I treat the flush as 'OpenSSL isn't interested in the result
> of the last write anymore'. I'm not sure this assumption is correct,
> but it seems to work... (Well, it could cause duplicate messages
It does not sound correct.
Might be true for a read.
But, for a write, I'd
On 02/05/2024 11:52, Rahul Shukla wrote:
Thank you for the quick reply, Matt !!
Is my understanding correct thatif the buffer is empty and SSL_peek() is
invoked while trying to process more records, only application data gets
placed into that buffer?
Technically, the internal buffer is
1 - 100 of 48828 matches
Mail list logo