How about something like '-certopt none,ext'? I'd like to see an
option where 'none' automatically says 'no_header, no_sigdump,
no_version, no_subject, no_issuer, no_validity, no_serial, no_pubkey,
no_signame, no_ext', and anything after it is used to add to the
set... rather like how ciphers are
if I rework this to an 'ext-only' option, would this be acceptable? I
would prefer to improve the usability.
On 9/25/09, Stephen Henson via RT wrote:
>> [wgou...@gmail.com - Fri Sep 25 17:54:07 2009]:
>>
>> Hi,
>>
>> The following patch adds a new option, '-ext_print' to the x509
>> program which
> [wgou...@gmail.com - Fri Sep 25 17:54:07 2009]:
>
> Hi,
>
> The following patch adds a new option, '-ext_print' to the x509
> program which prints out the x509v3 extensions included in a
> certificate. The use case for this patch is that for users which use
> the command line program to parse a
We are developing Estionian Digital Signature software and there are lot
of big companies (etc. State Institutions and Banks) who are using HTTP
proxy authentication.
I can see there is already similar request on task tracker
http://rt.openssl.org/Ticket/Display.html?id=728.
We are looking way
The function BIO_write can return a negative integer or zero in an error
case. Thus, it should be tested whether it is less than or equal to zero,
and not simply whether it is equal to zero, to detect errors. Other nearby
calls to BIO_printf, whose return value is determined by a call to
BIO_writ
The function BN_exp can return a negative integer in an error case, so its
result should be checked with <= 0 rather than !.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
//
@expression@
expression list args;
@@
- BN_exp(args) == 0
+ BN_exp(args) <= 0
In each case, the value of i might be the result of calling i2b_PVK_bio,
i2b_PublicKey_bio, or i2b_PrivateKey_bio, each of which can return a
negative value in case of an error. Thus the result should be tested with
<= 0. On the other hand, it appears that if OPENSSL_NO_RSA or
OPENSSL_NO_DSA is d
The function EVP_SealInit can return a negative integer in an
error case, so the result should be tested with <= 0.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
//
@match@
expression x, E;
position p1,p2,p3;
constant C;
@@
(
break; // parsing problem,
The function EVP_SealInit can return a negative integer in an
error case, so the result should be tested with <= 0.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
//
@match@
expression x, E;
position p1,p2,p3;
constant C;
@@
(
break; // parsing problem,
The function EVP_DigestVerifyFinal can return a negative integer in an
error case, so the result should be tested with <= 0.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
//
@match@
expression x, E;
position p1,p2,p3;
constant C;
@@
(
break; // parsing
The function BIO_write can return a negative integer in an error case. The
same is true of i2a_ASN1_INTEGER and i2a_ASN1_OBJECT. The result of
BIO_printf is determined by the result of a call to BIO_write. Thus, in
all of these cases an error should be detected by a less than or equal to
zero te
The function BIO_write can return a negative integer or zero in an error
case. Thus, testing whether the result is nonzero is not meaningful.
Other nearby code tests whether it is less than or equal to 0, which is the
change made here.
The semantic patch that helps find this problem is as follows
The function BIO_ctrl can return a negative integer in an error case. A
few lines below, a call to a similar function, BIO_flush, is checked
as though both negative and zero error values are possible.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
//
@mat
The function BIO_ctrl can return a negative integer in an error case. In
the same file, some calls to similar functions, eg BIO_flush, are checked
as though both negative and zero error values are possible.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
//
Hi,
The following patch adds a new option, '-ext_print' to the x509
program which prints out the x509v3 extensions included in a
certificate. The use case for this patch is that for users which use
the command line program to parse and analyze certificates, it is
useful to get the raw extensions t
Issue : SSL Library Error : Apache crash after some times
Using Open-SSL integrated with Apache ( not as separate installation ).
OpenSSL version: openssl-0.9.8i
apache version : 2.2.11
I am facing apache restarts problem after some time (2-3 hours). But
sometimes it is an unclean restart a
Hey all,
I've been using openssl 0.9.8k on Win32 and have run into a corner case when my
app is installed into a directory containing non-ASCII characters. It tries to
load a cert store using SSL_CTX_load_verify_locations() and it fails to read
the file.
It turns out that this is a common prob
17 matches
Mail list logo