Re: [openssl-dev] openssl.org #4615 Cache utility behaving strange with X509_LOOKUP_add_dir

2016-07-19 Thread Mischa Salle
is > placed under the CRL directory (with an incremented sequence number .rN) > openssl is not looking at the newer CRL file but only considering the ones > in the cache. > > > > Let me know if the manual page description meant something different. > > > > Thanks. &g

Re: [openssl-dev] openssl.org #4615 Cache utility behaving strange with X509_LOOKUP_add_dir

2016-07-19 Thread Mischa Salle
Hi Anirudh, this is as far as I know a very old issue (at least since 2002 or so). Basically a server needs to restart periodically in order to pick up changed CRLs. There are some workarounds, like forcibly reloading all the CRLs periodically, even those already in the store. Mischa Salle

[openssl-dev] SSL_set_bio(ssl, bio, bio) and BIO_up_ref(bio)

2017-01-30 Thread Mischa Salle
in e.g. the SSL_set_bio(ssl, bio, bio) ? Best wishes, Mischa Salle -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] SSL_set_bio(ssl, bio, bio) and BIO_up_ref(bio)

2017-01-30 Thread Mischa Salle
be that the code (which I inherited) is calling a SSL_shutdown() beforehand which does something I have missed...? Best wishes, Mischa On Mon, Jan 30, 2017 at 12:13 PM, Matt Caswell <m...@openssl.org> wrote: > > > > On 30/01/17 10:13, Mischa Salle wrote: > > Hi all, > > &

Re: [openssl-dev] SSL_set_bio(ssl, bio, bio) and BIO_up_ref(bio)

2017-01-30 Thread Mischa Salle
rbio == wbio, SSL_set_bio() would be the preferred function... In any case, thanks again for the clarifications! Best wishes, Mischa On Mon, Jan 30, 2017 at 8:51 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 30/01/17 17:19, Mischa Salle wrote: >> Hi Matt, >&

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

2017-09-12 Thread Mischa Salle
Hi, On Tue, Sep 12, 2017 at 2:46 AM, Winter Mute wrote: > Hello, > The RFC states that: > >> OCSP signing delegation SHALL be designated by the inclusion of >> id-kp-OCSPSigning in an extended key usage certificate

Re: [openssl-dev] Is X509_free(NULL) ok?

2017-12-22 Thread Mischa Salle
Hi, I think it should be documented, but currently the two supported branches are ok with NULL: - following from IMPLEMENT_ASN1_FUNCTIONS(X509), for both openssl-1.0.2n and 1.1.0g: - 1.0.2n ends up in asn1_item_combine_free() - 1.1.0g ends up in asn1_item_embed_free() - in both cases an explicit