On Jun 26, 2009, at 2:40 PM, Joe Orton wrote:
This is a good point. We already do this conditionally, in fact.
David, could you try this mod_ssl patch as an alternative solution,
which doesn't necessitate fixes to OpenSSL?
Index: ssl_engine_io.c
[...]
Hello Joe,
Thanks for the mod_ssl only
On Fri, 2009-06-26 at 16:53 +0200, Dr. Stephen Henson wrote:
> Sorry for delay in replying doing a shed load of other stuff at present. The
> patch looks OK but will make a few minor changes to it, set the cert in
> X509_STORE_CTX_init() instead of the structure accedd.
Does it help if I resubmit
> [jor...@redhat.com - Fri Jun 26 13:52:18 2009]:
>
> On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote:
> >
> > I agree with the analysis.
>
> Do you also agree with David's proposal to change the calls to
> BIO_ctrl(, BIO_CTRL_INFO, ) into BIO_wpending() in ssl/*.c? It seem
On Fri, Jun 26, 2009, David Woodhouse wrote:
> On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote:
> > > [dw...@infradead.org - Sun May 31 22:08:11 2009]:
> > >
> > > It's possible for multiple certificates to have the same subject name,
> > > and if that happens then ssl3_output_cert
On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote:
> > [dw...@infradead.org - Sun May 31 22:08:11 2009]:
> >
> > It's possible for multiple certificates to have the same subject name,
> > and if that happens then ssl3_output_cert_chain() may select the wrong
> > one because it just pi
On Jun 26, 2009, at 2:40 PM, Joe Orton wrote:
> This is a good point. We already do this conditionally, in fact.
>
> David, could you try this mod_ssl patch as an alternative solution,
> which doesn't necessitate fixes to OpenSSL?
>
> Index: ssl_engine_io.c
[...]
Hello Joe,
Thanks for the mod_s
On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote:
> > [david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]:
> > The bug report over on the apache tracker:
> >
> > https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
> >
> > has been updated - there is a utility to generate a
On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote:
> > [david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]:
> > The bug report over on the apache tracker:
> >
> > https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
> >
> > has been updated - there is a utility to generate a
I'd like to bump this question. I wonder the same things.
Thanks,
Johannes
mahendra-4 wrote:
>
> Hi All.
>
> I am looking for some docs which explain how to use PSK based SSL
> connection
> ( RFC 4279).
> I tried executing the example apps, but they asked for certificates. My
> understanding