Dmitry Belyavskiy
Dmitry Belyavskiy
``` 9/15 Test #9: TLS-with-engine ..................Subprocess aborted***Exception: 0.73 sec 262 40070A504C7F0000:error:0A000119:SSL routines:tls_get_more_records:decryption failed or bad record mac:ssl/record/methods/tls_common.c:766: 263 40070A504C7F0000:error:0A000139:SSL routines::record layer failure:ssl/record/rec_layer_s3.c:1197: 264 /home/runner/work/openssl/openssl/gost-engine/test_tls.c:222: OpenSSL internal error: SSL_accept ```
Good news it's C code...
Try this from the engine build dir: ``` LD_LIBRARY_PATH=../openssl OPENSSL_CONF=./engine.conf ./bin/test_tls ``` engine.conf: ``` openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] gost = gost_section [gost_section] engine_id = gost dynamic_path...
Feel free to ping me directly, I'm able to have a google meet if necessary
Matt, I don't think converting OS specific errors is a good idea. When you have os specific error, you can google the possible reasons more effectively.
Please, please, leave a plain option to get a system errno/LastError. Otherwise debugging becomes much more difficult.
I had an implementation of smth like that (inspired by Cloudflare Keyless SSL) using engines, and I think it's doable via providers.
Do we have an authoritative source for new values?
> **OTC: Should we ignore limits from RFC 5280's appendix A.1?** No until there is any other authority established new widely used limits.
Test failures seem relevant