Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Jun 26, 2009, at 2:40 PM, Joe Orton wrote: This is a good point. We already do this conditionally, in fact. David, could you try this mod_ssl patch as an alternative solution, which doesn't necessitate fixes to OpenSSL? Index: ssl_engine_io.c [...] Hello Joe, Thanks for the mod_ssl only

Re: [openssl.org #1942] [PATCH] ssl3_output_cert_chain() selects wrong certificate as issuer.

On Fri, 2009-06-26 at 16:53 +0200, Dr. Stephen Henson wrote: > Sorry for delay in replying doing a shed load of other stuff at present. The > patch looks OK but will make a few minor changes to it, set the cert in > X509_STORE_CTX_init() instead of the structure accedd. Does it help if I resubmit

[openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

> [jor...@redhat.com - Fri Jun 26 13:52:18 2009]: > > On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote: > > > > I agree with the analysis. > > Do you also agree with David's proposal to change the calls to > BIO_ctrl(, BIO_CTRL_INFO, ) into BIO_wpending() in ssl/*.c? It seem

Re: [openssl.org #1942] [PATCH] ssl3_output_cert_chain() selects wrong certificate as issuer.

On Fri, Jun 26, 2009, David Woodhouse wrote: > On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote: > > > [dw...@infradead.org - Sun May 31 22:08:11 2009]: > > > > > > It's possible for multiple certificates to have the same subject name, > > > and if that happens then ssl3_output_cert

Re: [openssl.org #1942] [PATCH] ssl3_output_cert_chain() selects wrong certificate as issuer.

On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote: > > [dw...@infradead.org - Sun May 31 22:08:11 2009]: > > > > It's possible for multiple certificates to have the same subject name, > > and if that happens then ssl3_output_cert_chain() may select the wrong > > one because it just pi

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Jun 26, 2009, at 2:40 PM, Joe Orton wrote: > This is a good point. We already do this conditionally, in fact. > > David, could you try this mod_ssl patch as an alternative solution, > which doesn't necessitate fixes to OpenSSL? > > Index: ssl_engine_io.c [...] Hello Joe, Thanks for the mod_s

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote: > > [david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]: > > The bug report over on the apache tracker: > > > > https://issues.apache.org/bugzilla/show_bug.cgi?id=46952 > > > > has been updated - there is a utility to generate a

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote: > > [david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]: > > The bug report over on the apache tracker: > > > > https://issues.apache.org/bugzilla/show_bug.cgi?id=46952 > > > > has been updated - there is a utility to generate a

Re: PSK usage( RFC 4279) - examples and docs

I'd like to bump this question. I wonder the same things. Thanks, Johannes mahendra-4 wrote: > > Hi All. > > I am looking for some docs which explain how to use PSK based SSL > connection > ( RFC 4279). > I tried executing the example apps, but they asked for certificates. My > understanding