Re: Configuring to fail when a provider doesn't load

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you very much! We might send a patch to add it sometime depending on if we end up actually needing to make it.

From: Neil Horman <nhorman@xxxxxxxxxxx>
Sent: Wednesday, March 5, 2025 10:10:32 AM
To: Ladd, Watson
Cc: openssl-users@xxxxxxxxxxx
Subject: Re: Configuring to fail when a provider doesn't load
 
I'm not aware of any explicitly failure capability if a provider fails to load from the configuration file. I think the expected process here would be to call OPENSSL_init_crypto from your application, to drive the configuration parsing
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
 
ZjQcmQRYFpfptBannerEnd
I'm not aware of any explicitly failure capability if a provider fails to load from the configuration file.   I think the expected process here would be to call OPENSSL_init_crypto from your application, to drive the configuration parsing and loading of any referenced providers, followed by a call to OSSL_PROVIDER_available().  failure on the latter call would mean that  the named provider in the available call wasn't loaded, despite being referenced in your config.

Neil


On Wed, Mar 5, 2025 at 12:54 PM 'Ladd, Watson' via openssl-users <openssl-users@xxxxxxxxxxx> wrote:

Dear OpenSSL users,


Is there a configuration option that will stop OpenSSL continuing to work if a provider fails to load? We'd like to do this to ensure that the FIPS module is used when possible across applications.


Sincerely,

Watson

--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/e26300799ded48b8a786eb060460b13f%40akamai.com.

--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/08b31426316e4c58bc4431a6adfc04ee%40akamai.com.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux