On Wednesday 07 September 2011 22:06:55 Raphael Geissert wrote:
On Wednesday 07 September 2011 10:57:51 Raphael Geissert wrote:
On Monday 05 September 2011 14:55:50 Kurt Roeckx wrote:
So you're basicly saying that X509_verify_cert() should give an
error in case it finds DigiNotar
On Wed, Sep 07, 2011 at 10:06:55PM -0500, Raphael Geissert wrote:
On Wednesday 07 September 2011 10:57:51 Raphael Geissert wrote:
On Monday 05 September 2011 14:55:50 Kurt Roeckx wrote:
So you're basicly saying that X509_verify_cert() should give an
error in case it finds DigiNotar
On Thursday 08 September 2011 16:57:56 Kurt Roeckx wrote:
On Wed, Sep 07, 2011 at 10:06:55PM -0500, Raphael Geissert wrote:
The patch for 0.9.8 is also attached, but I haven't tested it yet. It was
made based on squeeze's openssl and it seems to apply fine to lenny's
openssl (just a few
[Kurt, please CC me on your replies. The BTS' -subscribe functionality doesn't
seem to be working]
[CC'ing ubuntu sec, in case Kees or Jamie or whoever is taking care of the
issue is also working on something to completely block DigiNotar]
On Monday 05 September 2011 14:55:50 Kurt Roeckx wrote:
On Wed, Sep 07, 2011 at 10:57:51AM -0500, Raphael Geissert wrote:
[Kurt, please CC me on your replies. The BTS' -subscribe functionality
doesn't
seem to be working]
[CC'ing ubuntu sec, in case Kees or Jamie or whoever is taking care of the
issue is also working on something to completely
On Wed, Sep 07, 2011 at 06:23:18PM +0200, Kurt Roeckx wrote:
On Wed, Sep 07, 2011 at 10:57:51AM -0500, Raphael Geissert wrote:
[Kurt, please CC me on your replies. The BTS' -subscribe functionality
doesn't
seem to be working]
[CC'ing ubuntu sec, in case Kees or Jamie or whoever is
On Wednesday 07 September 2011 11:23:18 Kurt Roeckx wrote:
On Monday 05 September 2011 14:55:50 Kurt Roeckx wrote:
On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
The only currently supported methods are OCSP and CRL, but none would
do the trick in this case.
[...]
On mar., 2011-09-06 at 07:33 +0200, Mike Hommey wrote:
On Mon, Sep 05, 2011 at 09:55:50PM +0200, Kurt Roeckx wrote:
On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt
On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
Their is also openssl-blacklist, but it doesn't seem to have
much users.
However, opensl-blacklist only includes a program that checks wether a
certificate is weak, nothing
On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
Their is also openssl-blacklist, but it doesn't seem to have
much users.
However, opensl-blacklist only
On Mon, Sep 05, 2011 at 09:55:50PM +0200, Kurt Roeckx wrote:
On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
Their is also openssl-blacklist, but it
On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote:
Seems like it would be better if we also handled the issue at the libssl
level. OpenSSL maintainers: does that sound doable?
I'm not sure what you mean. We don't provide any certificates,
you need to tell openssl which certs
On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
On Sun, Sep 04, 2011 at 01:37:19AM -0500, Raphael Geissert wrote:
Seems like it would be better if we also handled the issue at the libssl
level. OpenSSL maintainers: does that sound doable?
I'm not sure what you mean. We
13 matches
Mail list logo