Re: [openssl.org #1574] Session Ticket in OpenSSL 0.9.9 and EAP-FAST

On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote: OK, we'd need the generic extension part of the patch modified to only override the session ticket extension. I replaced SSL_set_hello_extension() function with SSL_set_session_ticket_ext() and renamed the related

Re: [openssl.org #1574] Session Ticket in OpenSSL 0.9.9 and EAP-FAST

On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote: OK, we'd need the generic extension part of the patch modified to only override the session ticket extension. I replaced SSL_set_hello_extension() function with SSL_set_session_ticket_ext() and renamed the related

[openssl.org #1784] PATCH: trivial error in RFC 3779 i2r code

i2r_address() doesn't handle the all-zeros IPv6 address correctly (prints : when should print ::). Trivial fix, to be applied to both 0.9.8 branch and HEAD, please. --- crypto/x509v3/v3_addr.c.~1~ 2008-10-14 16:00:15.0 -0400 +++ crypto/x509v3/v3_addr.c 2008-11-11 18:26:02.0

[openssl.org #1574] Session Ticket in OpenSSL 0.9.9 and EAP-FAST

[EMAIL PROTECTED] - Wed Nov 12 14:46:47 2008]: On Tue, Nov 11, 2008 at 12:09:55PM +0100, Stephen Henson via RT wrote: OK, we'd need the generic extension part of the patch modified to only override the session ticket extension. I replaced SSL_set_hello_extension() function with

Re: [openssl.org #1780] OSCP_REQUEST name collision between ossl_typ.h and Wincrypt.h using Windows Platform SDK 6.0a in openssl-0.9.8h and openssl-0.9.8i

Duplicate, see lists for solutions. Roumen __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #1785] 0.9.9 HEAD: possible coredump in DSA; fix included

When the malloc() fails, the original code would still try to access the (invalid) pointer. --- \\Debbie\ger\prj\1original\openssl\openssl\crypto\dsa\dsa_asn1.c 2008-11-12 20:36:01.0 +-0100 +++ \\Debbie\ger\prj\3actual\openssl\crypto\dsa\dsa_asn1.c 2008-11-12 21:29:50.0

Re: Expected cert-path validation behavior

Hi Patrick and Steve, Just to confirm one last thing about the NIST/RFC3280 discussion below again: if there is no CRL present at all for a given CA and we are doing string revocation information checking, then we fail the associated request? Or in other words, is absence of a CRL for a given CA

Re: [openssl.org #1574] Session Ticket in OpenSSL 0.9.9 and EAP-FAST

On Wed, Nov 12, 2008 at 07:07:56PM +0100, Stephen Henson via RT wrote: Well I'm assuming that there needs to be a way to obtain the ticket value the peer has sent. Although it is possible to use the debugging interface for that it then prevents it being used for anything else. Something

Re: [openssl.org #1574] Session Ticket in OpenSSL 0.9.9 and EAP-FAST

On Wed, Nov 12, 2008 at 07:07:56PM +0100, Stephen Henson via RT wrote: Well I'm assuming that there needs to be a way to obtain the ticket value the peer has sent. Although it is possible to use the debugging interface for that it then prevents it being used for anything else. Something