Hi! Attached patch seamlessly integrates OCSP client functionality into
OpenSSL verification routines -- the thing OpenSSL currently missing.
This patch makes it possible for every app that uses OpenSSL for SSL/TLS
connections -- like racoon, openldap, openvpn -- to check certificates
against
SBR uses OpenSSL 0.9.7e and has its own extension parsing code (0.9.7e base
code just ignores anything after the base ClientHello). SBR only explicitly
handles the SessionTicket extension (for EAP-FAST), all others appear to be
properly skipped, and SBR certainly knows nothing about the
Bonjour,
If the OCSP URL isn't found in the supplied certificate, you're trying
to find it in its issuer? That's not standard, even if it can work.
It seems you're looking for the issuer by its subject name. When you
have several CA certificates with the same name in your store (that's
Hi, Erwann! Thanks for your comments.
On Fri, 2012-06-08 at 16:54 +0200, Erwann Abalea wrote:
Bonjour,
If the OCSP URL isn't found in the supplied certificate, you're trying
to find it in its issuer? That's not standard, even if it can work.
Yeah, my bad. Wasn't a good idea.
It seems
The getsockopt() for IP_MTU and IPV6_MTU at least on Linux returns a
value of length 4. On little endian systems this is not so critical
problem however on big endian 64 bit systems it means the interpretation
of the returned value by the code in dgram_ctrl() is completely wrong -
you will get a