LibreSSL is a version of the TLS/SSL protocol forked from OpenSSL.
LibreSSL is a version of the tls/ssl/crypto stack forked from openssl in 2014.
External Links:
Questions tagged [libressl]
61 questions
0
votes
0 answers
TLS implementation: (Using LibreSSL library) Failing handshake on client side when server certificate has wildcard SAN of type: *test.example.com
Problem:
Server:
Subject Alternative Name(SAN) in server certificate: *test.example.com
Client:
Server Name Indicator(SNI) given from client side: mytest.example.com
Result: handshake fail!
Although for similar scenario,
Subject Alternative…
s-ghansiala
- 67
- 5
0
votes
1 answer
LibreSSL provide authentication tag for aes-256-gcm
I'm currently running my command as so:
/usr/local/Cellar/libressl/3.0.2/bin/openssl enc -aes-256-gcm -d -in enc.token -out dec.token -iv {IV} -K {KEY}
and the output of that command is bad decrypt. My output file also looks like it's only half…
user3613290
- 461
- 6
- 18
0
votes
0 answers
Unable to verify smime signature
I've signed a file like this, using LibreSSL 2.8.3 on macOS:
openssl smime -binary -sign -certfile WWDR.pem -signer passcertificate.pem \
-inkey passkey.pem -in manifest.json -out signature \
-outform DER -passin…
Gargoyle
- 9,590
- 16
- 80
- 145
0
votes
1 answer
If intermediate certificate has expiry date after root certificate, does it throw any error with openssl?
If intermediate certificate has expiry date after root certificate, does it throw any error with openssl?
I recently encountered openssl error 7 : X509_V_ERR_CERT_SIGNATURE_FAILURE with cert chain . I wonder if above question could cause this issue…
Emad mohd
- 33
- 5
0
votes
2 answers
FacebookAds\Exception\Exception, Code: 35: LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to graph.facebook.com:443
Seemingly out of the blue (i.e. I haven't edited code recently), I've started receiving a lot of these error messages in my cron jobs in the past couple days:
FacebookAds\Exception\Exception, Code: 35: LibreSSL SSL_connect: SSL_ERROR_SYSCALL in…
Ryan
- 22,332
- 31
- 176
- 357
0
votes
1 answer
Does Apple accept iOS apps with statically linked OpenSSL in the app store?
This question is not really technical in nature but it is clearly answerable with yes/no and so I hope its fine if I ask it here on StackOverflow.
My scenario is as follows: In order to share code between iOS and Android I'm using C++ for much of…
ackh
- 1,648
- 2
- 18
- 36
0
votes
1 answer
How to suppress stdout and stderr output for openssl command?
Is it possible to disable the stdout and stderr output for the following command?
req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout ./private.key -out ./mycert.crt -subj "/C=DE/ST=BW/L=Karlsruhe/O=foobar/OU=foobar/CN=foobar"
The command…
OCram85
- 841
- 1
- 9
- 25
0
votes
0 answers
Problem compiling AES-NI instructions on OSX 10.6 Snow Leopard
On my OSX 10.6.8 (Snow Leopard) Mac mini 2.53Ghz (Late 2009 Intel P8700) I have tried to compile libressl-2.8. Configuration finished smoothly but during the compilation of ./crypto/aes/aesni-macosx-x86_64.S it failed with
"no such instruction:…
Terry
- 1,206
- 1
- 10
- 26
0
votes
1 answer
openssl / libressl ocsp responder missing response for expired/revoked certificates
For some reason, an OpenSSL OCSP responder doesn't seem to deliver any responses for expired or revoked certificates. For valid certificates, everything is fine.
Tested this on LibreSSL 2.2.7 (on MacOS). For reference, I also tested this on the very…
itchee
- 820
- 5
- 20
0
votes
0 answers
Issue loading certificate using libcrypto (libressl)
I'm trying to load a certificate using libcrypto. The certificate was generated using keytool and openssl.
This is my code
#include
#include
int main(int argc, char **argv)
{
SSL* ssl;
SSL_CTX* ctx;
…
Abhijith
- 2,592
- 5
- 18
- 30
0
votes
2 answers
ssh_exchange_identification: Connection closed by remote host Mac
I'm trying to ssh to a mac PC from a Ubuntu 16.04 machine. I'm using this command
ssh username@192.168.17.74 -p 9900
The open port is 9900 but I get this error
ssh_exchange_identification: Connection closed by remote host
But if I try ssh…
Harsh Wardhan
- 2,110
- 10
- 36
- 51
0
votes
0 answers
Bad decrypt error whenever I open a shell
I am using macOS version 10.13.5 and whenever I open a new shell I get this error printed to shell:
bad decrypt
140735978677192:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad…
Saeed Mohtasham
- 1,693
- 16
- 27
0
votes
1 answer
Build php 7 using libressl
In Alpine 3.5 the default is LibreSSL. How can I compile php 7.0.xx using libressl instead of openssl?
P.S. I know that you can install OpenSSL, but I still need curl-dev and postgresql-dev where LibreSSL is required, and a shared installation is…
Nabari
- 11
- 4
0
votes
1 answer
libtls: select() and tls_read() working together
I want to add an ssl support to an old chat application I wrote years ago. I did a lot of reading on OpenSSL and LibreSSL and I decided to try a new libtls API. I think developers did a really great job on this one.
I found it to be very easy to use…
Piotr K
- 1
0
votes
1 answer
Testing for LibreSSL in a Perl build script
I released Net::NSCAng::Client a while ago and am getting a lot of test failures on OpenBSD. The reason for that is that the NSCAng protocol uses OpenSSL in preshared-key mode (RFC4279), something the folks at LibreSSL (default on OpenBSD now) have…
mbethke
- 935
- 8
- 19