On 11/13/2015 5:10 PM, Emilia Käsper wrote:
Hi all,
We are considering removing from OpenSSL 1.1 known broken or outdated cryptographic primitives. As you may know the forks have already done this but I'd like to seek careful feedback for OpenSSL
first to ensure we won't be breaking any major
Hi All,
In earlier version of OpenSSL (i.e OpenSSL 1.0.1c) X509_verify_cert had a
check * if (params->trust >0)* before invoking check_trust function.
This has been removed in OpenSSL 1.0.2d. Does it mean applications are
expected to set the X509_VERIFY_PARAM properly?
Our application works
On Sun, Nov 15, 2015 at 07:00:06PM +0530, Jayalakshmi bhat wrote:
> In earlier version of OpenSSL (i.e OpenSSL 1.0.1c) X509_verify_cert had a
> check * if (params->trust >0)* before invoking check_trust function.
The OpenSSL source code is available via git:
Hi Viktor,
Thank you for the response.
This is the code snippet from OpenSSL 1.0.2d.
int X509_verify_cert(X509_STORE_CTX *ctx) {
/* we now have our chain, lets check it... */
i =
> On Nov 16, 2015, at 12:14 AM, Jayalakshmi bhat
> wrote:
>
> This is code snippet from OpenSSL 1.0.1c
>
> int X509_verify_cert(X509_STORE_CTX *ctx) {
>
>
>
>
> /* The chain
Hi Victor,
Thanks a lot for details explanation.
Our device acts as TLS/SSL client. The device receives chain of
certificates as part of SSL handshake, when it is trying to get connected
to TLS/SSL server like sharepoint 365.
While validating the certificate chain from server, "*check_trust"
On Mon, Nov 16, 2015 at 01:10:19AM -0500, Viktor Dukhovni wrote:
> > You should probably explain what you're doing, and in what way OpenSSL 1.0.2
> > (all upstream versions) is not working the way you expect.
On Mon, Nov 16, 2015 at 12:22:48PM +0530, Jayalakshmi bhat wrote:
> Our device acts as
Hi Victor,
First thing kindly note that I am talking about *OpenSSL-1.0.1c* not about
OpenSSL 1.0.2c.
So far we were using *OpenSSL-1.0.1c* and server validation was working
fine. Recently we upgraded the OpenSSL library to *OpenSSL-1.0.2d. *
Also we have not done any modification to the SSL