Hi mod_ssl devs,
I have a small patch for mod_ssl that uses new OpenSSL (=1.0.2) methods
when available to automatically rebuild misconfigured certificate chains.
Github pull request: https://github.com/apache/httpd/pull/7
Some of the common server chain misconfigurations are a) including the
On Wed, Mar 26, 2014 at 1:11 PM, Dr Stephen Henson
shen...@opensslfoundation.com wrote:
On 26/03/2014 11:11, Emilia Kasper wrote:
Hi mod_ssl devs,
I have a small patch for mod_ssl that uses new OpenSSL (=1.0.2) methods
when
available to automatically rebuild misconfigured certificate
Wow, thanks for all the great feedback!
On Wed, Mar 26, 2014 at 2:47 PM, Daniel Kahn Gillmor
d...@fifthhorseman.netwrote:
On 03/26/2014 07:11 AM, Emilia Kasper wrote:
The patch fixes a) by sanity-checking the chain and chopping self-signed
roots. I believe it's harmless to turn
On Wed, Mar 26, 2014 at 4:56 PM, Dr Stephen Henson
shen...@opensslfoundation.com wrote:
On 26/03/2014 13:38, Emilia Kasper wrote:
On Wed, Mar 26, 2014 at 1:11 PM, Dr Stephen Henson
shen...@opensslfoundation.com mailto:shen...@opensslfoundation.com
wrote:
If the server
On Wed, Mar 26, 2014 at 5:46 PM, Daniel Kahn Gillmor
d...@fifthhorseman.netwrote:
On 03/26/2014 11:29 AM, Emilia Kasper wrote:
Cross-signing happens all the time but afaik the other way around, i.e.,
an
intermediate Y' corresponding to a _newer_ root cert Y is cross-signed by
some _older_
Hi Rob!
On Thu, Mar 27, 2014 at 5:29 PM, Rob Stradling rob.stradl...@comodo.comwrote:
On 26/03/14 15:29, Emilia Kasper wrote:
Wow, thanks for all the great feedback!
On Wed, Mar 26, 2014 at 2:47 PM, Daniel Kahn Gillmor wrote:
snip
This is a pretty perverse situation, though