MS capi engine questions/proposals

2009-05-31 Thread Christof Pas
Hello, I use the MS capi engine to access windows store certificates and keys from openSSL. (And please, please: no windows/Linux discussion here). While working with capi engine, I found some things I would like to discuss here. Please forgive me that I have more than one item to discuss:

Re: [PROPOSAL] rename uni2asc asc2uni because of naming conflict

2009-05-31 Thread Dr. Stephen Henson
On Sat, May 30, 2009, Guenter wrote: Hi, Ger Hobbelt schrieb: It's advised to register this at the OpenSSL issue tracker by forwarding this to r...@openssl.org It's no guarantee to get serviced pronto, but at least it'll get the attention of the core devs when they have time. (The

[openssl.org #1941] Missing man page: c_rehash(3ssl)

2009-05-31 Thread David Gatwood via RT
Various Linux distros contain a man page for c_rehash(3ssl), but the page is not present in the official tarballs. Please incorporate this or similar content into the actual distribution. Linux man page: http://www.digipedia.pl/man/c_rehash.1ssl.html

Re: [openssl.org #1921] DTLS: openssl s_client broken in 1.0.0-beta2 due to lack of ECDHE support

2009-05-31 Thread Michael Tuexen via RT
Dear all, please find attached a patch which adds support for ECDHE and PSK support for DTLS as requested by Stephen. The diff is against openssl-1.0.0-beta2. Stephen: Please let me know if you have any issues with the patch. Best regards Michael dtls.patch Description: Binary data On

[openssl.org #1921] DTLS: openssl s_client broken in 1.0.0-beta2 due to lack of ECDHE support

2009-05-31 Thread Stephen Henson via RT
[tue...@fh-muenster.de - Sun May 31 16:11:06 2009]: Dear all, please find attached a patch which adds support for ECDHE and PSK support for DTLS as requested by Stephen. The diff is against openssl-1.0.0-beta2. In future please make diffs against the relevant branch as opposed to the

Re: TLS compatibility problem -- can connect to server with NSS but not OpenSSL.

2009-05-31 Thread David Woodhouse
Moving to openssl-dev now that I think I've found the answers... On Sun, 2009-05-31 at 10:13 +0100, David Woodhouse wrote: I found another strange behaviour that I didn't expect -- the _order_ of the certificates in the cafile seems to be important. My original scripts which interact with the

[openssl.org #1942] [PATCH] ssl3_output_cert_chain() selects wrong certificate as issuer.

2009-05-31 Thread David Woodhouse via RT
It's possible for multiple certificates to have the same subject name, and if that happens then ssl3_output_cert_chain() may select the wrong one because it just picks a certificate by name and doesn't actually _check_ if it really is the right one. There's a function which gets this right;

Re: [openssl.org #1921] DTLS: openssl s_client broken in 1.0.0-beta2 due to lack of ECDHE support

2009-05-31 Thread Michael Tüxen
On May 31, 2009, at 7:27 PM, Stephen Henson via RT wrote: [tue...@fh-muenster.de - Sun May 31 16:11:06 2009]: Dear all, please find attached a patch which adds support for ECDHE and PSK support for DTLS as requested by Stephen. The diff is against openssl-1.0.0-beta2. In future please