Le 03/10/2018 à 12:52, Emmanuel Hocdet a écrit :
Hi,
For generate-certificates, X509V3_EXT_conf is used but it's an (very) old API
call: X509V3_EXT_nconf must be preferred. Openssl compatibility is ok
because it's inside #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME, introduce 5
years after X509V3_EXT_nconf.
(BoringSSL only have X509V3_EXT_nconf)
Christopher, if you have time to check this little patch :)
Hi Manu,
Sorry for the lag. So, I tested your patches, and it works for me. I
have only tested it with openssl 1.1.0. But it seems to be safe enough.
--
Christopher
