Dr Stephen Henson wrote:
>
> Ben Laurie wrote:
> >
> > Dr Stephen Henson wrote:
> > >
> > > Christian Buysschaert wrote:
> > > >
> > > > Hello Bertie,
> > > >
> > > > Thanks for providing this patch!
> > > >
> > > > I've been testing it but have been unsuccessful in getting it
> > > > to work. I'll provide my setup here perhaps somebody could
> > > > point out some things I've been doing wrong?
> > > >
> > >
> > > The actual error you receive:
> > >
> > > >[01/Jan/2000 15:30:02 00267] [error] OpenSSL: error:14089106:SSL
> > > >routines:SSL3_GET_CLIENT_CERTIFICATE:wrong message type
> > >
> > > Shows that everything is otherwise OK and MSIE considers the certificate
> > > acceptable for SGC.
> > >
> > > I've now checked in a fix to OpenSSL 0.9.5. It shouldn't be too hard to
> > > produce a patch for earlier versions of OpenSSL. Not much in that area
> > > has changed.
> >
> > Since it is a protocol violation, shouldn't this behaviour be enabled by
> > a BUG flag?
> >
>
> Hmmm maybe. Its harmless when always enabled but if the application
> software doesn't provide some means of enabling the bug flags then you
> are SOL.
Hmm. Well, perhaps we should have a flag for strict conformance that
disables this kind of stuff?
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
