This bug is affecting us as well.
It seems to be prevalent during generation of several certificates at
the same time, leading me to think it is a race condition. There is no
evidence supporting it is a bug occuring every X certificates. Rather,
as stated, it shows itself during multiple
Hi all,
To properly validate the certificate, the steps in RFC5280 Section 6 need to be
followed. This allows for validation of the certificate, as well as the chain
back to a trusted Root.
OpenSSL 1.0.1 has most of the pieces in place to do this, but there are a few
areas where you would
There are a number of concepts that are related, but they are different, and it
(can be) important to keep them straight.
Proof of possession -- how do you know that someone who gave you a cert has the
private key? This seems to be what the OP was writing about. Conceptually,
you give them
On Wed, 10 Apr 2013, Michael Tuexen wrote:
The main point is whether the OpenSSL maintainers are interested in IPv6
support or not.
If they are, the patch can be optimized in whatever way they want. I they are
not, the
patch goes nowhere, so optimizing it doesn't make much sense...
Best
--On Thursday, April 11, 2013 9:37 AM -0700 Dan Mahoney, System Admin
d...@prime.gushi.org wrote:
I would love it if the maintainers would actually come forward and give
a direct answer on whether or not they're interested.
+1
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
On Thu, Apr 11, 2013, Quanah Gibson-Mount wrote:
--On Thursday, April 11, 2013 9:37 AM -0700 Dan Mahoney, System
Admin d...@prime.gushi.org wrote:
I would love it if the maintainers would actually come forward and give
a direct answer on whether or not they're interested.
+1
Well I'm
Is there a target date for releasing 1.0.2?
Thanks,
Paul
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Dr. Stephen Henson
Sent: Thursday, April 11, 2013 11:06 AM
To: openssl-dev@openssl.org
Subject: Re: [openssl.org #2051]
From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich
Sent: Tuesday, 09 April, 2013 12:55
-dev added, I think this is a bug
This pair of commands used to work as expected, but in 1.0.0 and
later the resulting cert is self-signed, and not signed by the CA key.
ITYM 1.0.1 as per subject.
Thanks Steve for showing interest on this.
And I think we could start another thread discussing this patch and
improving it.
Regards,
Bala