subjectAltName removed from CSR when signing

Hi, I have some firewalls that puts an subjectAltName X509v3 attribute into the CSR, but when I sign them with my openssl CA, it just throws that attribute away. VPN clients later requires the subjectAltName to match the host it connects to, hence it must be present. I've found many articles how

Re: subjectAltName removed from CSR when signing

On Wednesday 04 Jan 2012 12:33:06 you wrote: Hi, I have some firewalls that puts an subjectAltName X509v3 attribute into the CSR, but when I sign them with my openssl CA, it just throws that attribute away. VPN clients later requires the subjectAltName to match the host it connects to,

Re: subjectAltName removed from CSR when signing

On Wed, Jan 04, 2012, Mick wrote: On Wednesday 04 Jan 2012 12:33:06 you wrote: I've found many articles how I can add that attribute by using a custom config file and the -extfile file and -extensions section parameters. I've used that as a work around to get subjectAltName into

Re: subjectAltName removed from CSR when signing

On Wed, Jan 4, 2012 at 1:57 PM, Mick michaelkintz...@gmail.com wrote: On Wednesday 04 Jan 2012 12:33:06 you wrote: Hi, I have some firewalls that puts an subjectAltName X509v3 attribute into the CSR, but when I sign them with my openssl CA, it just throws that attribute away. VPN clients

That mean old Electric Fence

Hi all, I'm a newbie, so please be kind :) I just did a make on the new 1.0 beta and configured for shared libraries. I noticed that during a make test there are several debug messages coming from Electric Fence. I also see this just doing a openssl version... I'm wondering how to compile

Re: subjectAltName removed from CSR when signing

On Wednesday 04 Jan 2012 13:40:12 you wrote: On Wed, Jan 4, 2012 at 1:57 PM, Mick michaelkintz...@gmail.com wrote: On Wednesday 04 Jan 2012 12:33:06 you wrote: Hi, I have some firewalls that puts an subjectAltName X509v3 attribute into the CSR, but when I sign them with my openssl CA,

Re: subjectAltName removed from CSR when signing

Den 4 jan 2012 17:44 skrev Mick michaelkintz...@gmail.com: On Wednesday 04 Jan 2012 13:40:12 you wrote: On Wed, Jan 4, 2012 at 1:57 PM, Mick michaelkintz...@gmail.com wrote: On Wednesday 04 Jan 2012 12:33:06 you wrote: Hi, I have some firewalls that puts an subjectAltName X509v3

OpenSSL Security Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [04 Jan 2012] === Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s. DTLS Plaintext Recovery Attack (CVE-2011-4108) == Nadhem

openssl FIPS and linux kernel crypto

Hello, has anyone ever tried to incorporate the FIPS crypto module(sepcifically the crypto algorithms) into a kernel module? Or the feasibility of such an effort? The idea is that you then have FIPS capable crypto in the kernel. The kernel crypto api, as far as I can tell, is designed to allow

openssl FIPS and linux kernel crypto

Hello, has anyone ever tried to incorporate the FIPS crypto module(sepcifically the crypto algorithms) into a kernel module? Or the feasibility of such an effort? The idea is that you then have FIPS capable crypto in the kernel. The kernel crypto api, as far as I can tell, is designed to allow

RE: openssl FIPS and linux kernel crypto

Looks like there is a relevant discussion here http://groups.google.com/group/mailing.openssl.users/msg/fa55b6bac4f91d8f _ _ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of David Weidenkopf [dweidenk...@cococorp.com] Sent: