Hi mod_ssl devs,
I have a small patch for mod_ssl that uses new OpenSSL (=1.0.2) methods
when available to automatically rebuild misconfigured certificate chains.
Github pull request: https://github.com/apache/httpd/pull/7
Some of the common server chain misconfigurations are a) including the
On 26/03/2014 11:11, Emilia Kasper wrote:
Hi mod_ssl devs,
I have a small patch for mod_ssl that uses new OpenSSL (=1.0.2) methods when
available to automatically rebuild misconfigured certificate chains.
Github pull request: https://github.com/apache/httpd/pull/7
Some of the common
On Wed, Mar 26, 2014 at 1:11 PM, Dr Stephen Henson
shen...@opensslfoundation.com wrote:
On 26/03/2014 11:11, Emilia Kasper wrote:
Hi mod_ssl devs,
I have a small patch for mod_ssl that uses new OpenSSL (=1.0.2) methods
when
available to automatically rebuild misconfigured certificate
On 03/26/2014 07:11 AM, Emilia Kasper wrote:
The patch fixes a) by sanity-checking the chain and chopping self-signed
roots. I believe it's harmless to turn on by default as the rebuild step
will either yield a valid chain or preserve the original configuration.
I like this suggestion. with a
Wow, thanks for all the great feedback!
On Wed, Mar 26, 2014 at 2:47 PM, Daniel Kahn Gillmor
d...@fifthhorseman.netwrote:
On 03/26/2014 07:11 AM, Emilia Kasper wrote:
The patch fixes a) by sanity-checking the chain and chopping self-signed
roots. I believe it's harmless to turn on by
On 26/03/2014 13:38, Emilia Kasper wrote:
On Wed, Mar 26, 2014 at 1:11 PM, Dr Stephen Henson
shen...@opensslfoundation.com mailto:shen...@opensslfoundation.com wrote:
If the server is correctly configured to exclude the root then the chain
build
will fail. The root is needed
Hi,
That is the first approach we used (in fact, that was how we also
named it, mod_proxy_handler :)). The problem is that we support a lot
of different scenarios, sometimes we bundle our own apache, and
sometimes we use the native one from the system. In the former case,
we are ok with patching
On 03/26/2014 11:29 AM, Emilia Kasper wrote:
Cross-signing happens all the time but afaik the other way around, i.e., an
intermediate Y' corresponding to a _newer_ root cert Y is cross-signed by
some _older_ root cert Z. So an old client would usually know only Z and a
newer client would know
On 2014-03-13 21:55, William A. Rowe Jr. wrote:
The pre-release candidate Apache httpd 2.2.27 can be found in;
http://httpd.apache.org/dev/dist/
+/-1
[ ] Release 2.2.27 (apr 1.5.0, apr-util 1.5.3)
Please take note of APR minor version bump from 1.4.8 to 1.5.0.
Votes
On Mon, 17 Mar 2014 05:40:19 -0500
William A. Rowe Jr. wmr...@gmail.com wrote:
I've been running behind too... But expect to have all my platforms
checked out Monday. Since there are no negative votes we'll keep
this open a bit longer.
Apologies for the delay, this has been pushed to the
Apache HTTP Server 2.2.27 Released
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release of version 2.2.27 of the Apache HTTP
Server (Apache). This version of Apache is principally a security
and bug fix
What is the specific issue Bill- afaict everything looks fine to me.
On Wednesday, March 26, 2014 6:17 PM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
On Mon, 17 Mar 2014 05:40:19 -0500
William A. Rowe Jr. wmr...@gmail.com wrote:
I've been running behind too... But expect to have
Yes... it appears to have been intermediary caches that threw me... the 2.4
and 2.2 new vulnerabilities are now in sync on the site.
Thanks for confirming, Joe.
On Mar 26, 2014 5:25 PM, Joe Schaefer joe_schae...@yahoo.com wrote:
What is the specific issue Bill- afaict everything looks fine to
13 matches
Mail list logo