Re: [PATCH] BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
> Le 23 janv. 2020 à 11:19, William Lallemand a écrit : > > On Wed, Jan 22, 2020 at 05:22:51PM +0100, Emmanuel Hocdet wrote: >> >>> Le 22 janv. 2020 à 15:56, William Lallemand a >>> écrit : >>> >> Indeed, and the case of ckch->ocsp_issuer is also problematic. >> > > Right. > > I fixed this, thanks. > See, i think it would be cleaner to use ssl_sock_free_cert_ket_and_chain_contents. My concern for ckch->ocsp_issuer is also to set it correctly (patch is coming). Manu
Re: [PATCH] BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
On Wed, Jan 22, 2020 at 05:22:51PM +0100, Emmanuel Hocdet wrote: > > > Le 22 janv. 2020 à 15:56, William Lallemand a > > écrit : > > > Indeed, and the case of ckch->ocsp_issuer is also problematic. > Right. I fixed this, thanks. -- William Lallemand
Re: [PATCH] BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
> Le 22 janv. 2020 à 15:56, William Lallemand a écrit : > > On Mon, Jan 20, 2020 at 05:13:13PM +0100, Emmanuel Hocdet wrote: >> >> Hi, >> >> Proposal to fix the issue. >> > > The purpose at the beginning was to be able to keep a .dh / .ocsp etc. But > that > probably does not make sense once you changed the private key, we should > probably remove everything in a ckch once we load a new private key. > Indeed, and the case of ckch->ocsp_issuer is also problematic. > Thanks, merged! > Thanks Manu
Re: [PATCH] BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
On Mon, Jan 20, 2020 at 05:13:13PM +0100, Emmanuel Hocdet wrote: > > Hi, > > Proposal to fix the issue. > The purpose at the beginning was to be able to keep a .dh / .ocsp etc. But that probably does not make sense once you changed the private key, we should probably remove everything in a ckch once we load a new private key. Thanks, merged! -- William Lallemand
[PATCH] BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
Hi, Proposal to fix the issue. ++ Manu 0001-BUG-MINOR-ssl-ssl_sock_load_pem_into_ckch-is-not-con.patch Description: Binary data