Re: [openssl.org #2746] Bugfix for ASN.1 parser in OpenSSL 0.9.8 and 1.0

Am 5. März 2012 15:14 schrieb Stephen Henson via RT r...@openssl.org: [steve - Fri Mar 02 03:57:59 2012]: [to...@tutus.se - Thu Mar 01 15:44:36 2012]: Hi, In at least OpenSSL 0.9.8s and 1.0.1-beta1 there is a bug in the ASN.1 parser that if one has length data such as 84 00 00 00

Re: [openssl.org #2746] Bugfix for ASN.1 parser in OpenSSL 0.9.8 and 1.0

84 00 00 00 (three zero octets) would be a valid encoding (context-specific tag 0, zero length followed by and END OF CONTENTS), Sorry, this has to read context-specific tag 4 of course. Best regards, Martin Bosslet __

Re: [openssl.org #2746] Bugfix for ASN.1 parser in OpenSSL 0.9.8 and 1.0

Am 5. März 2012 16:45 schrieb Martin Boßlet martin.boss...@googlemail.com: I'm sorry, but I disagree - this is not a legal encoding, even not at the end of a constructed indefinite length encoding. The first 0x00 cannot belong to a multiple length encoding because section 8.1.3.5 of X.690

SSL/TLS: Revealing information about the trusted authorities

Hello, if we do SSL/TSL client authentication, the current OpenSSL 1.0.0d verifies the client certificate upon reception of the Client Certificate message. Let's consider I want to find out whether the server trusts a certain CA I as an attacker am planning to compromise. I would send some

[openssl.org #2417] [Enhancement] X509 verification with OCSP support

in advance for any comments and corrections! Best regards, Martin Boßlet Index: crypto/ossl_typ.h === RCS file: /v/openssl/cvs/openssl/crypto/ossl_typ.h,v retrieving revision 1.24 diff -u -r1.24 ossl_typ.h --- crypto/ossl_typ.h 13

Re: [openssl.org #2408] [OpenSSL = 1.0.0 Enhancement] Additions to timestamp support

I updated the patch (now in unified form) to keep backwards compatibility. Best regards, Martin 2010/12/29 Stephen Henson via RT r...@openssl.org: [martin.boss...@googlemail.com - Mon Dec 27 14:59:59 2010]: The attached patch contains: -  an additional method for creating a timestamp

Re: [openssl.org #2408] [OpenSSL = 1.0.0 Enhancement] Additions to timestamp support

I updated the patch (now in unified form) to keep backwards compatibility. Best regards, Martin 2010/12/29 Stephen Henson via RT r...@openssl.org: [martin.boss...@googlemail.com - Mon Dec 27 14:59:59 2010]: The attached patch contains: -  an additional method for creating a timestamp

[openssl.org #2408] [OpenSSL = 1.0.0 Enhancement] Additions to timestamp support

certificates) are always needed. When skipping validation, it's possible to validate a timestamp without any external resources if the timestamp authority certificate is included (which it must be if explicitly requested). Certificate validation can then be performed separately. Best regards, Martin Boßlet

Timestamping support

the pointer to my template directly, so that the template i2d functions are used when encoding the attribute? Best regards, Martin Boßlet

Re: Timestamping support

Yes, I was looking at 0.9.8o. Still, I quite enjoyed the experience and would be glad to be able to contribute. I looked into the ts app, it does not yet support HTTP transport. Could this be a useful addition? -Martin 2010/10/17 Dr. Stephen Henson st...@openssl.org On Sun, Oct 17, 2010,