I don't think it makes sense to have a separate flag.
What's the harm in looking at the CN if you don't find a match in the SAN?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
On Wed, Apr 02, 2014 at 07:24:21AM -0400, Salz, Rich wrote:
I don't think it makes sense to have a separate flag.
What's the harm in looking at the CN if you don't find a match in the SAN?
Well, in fact if any DNS SANs exist, per RFC 6125 and other prior
art, one in fact must not look at the
A quick check of some of our customers shows that out of 4200 SSL certs, 820
have a wildcard CN.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
On Wed, Apr 02, 2014 at 11:45:05AM -0400, Salz, Rich wrote:
A quick check of some of our customers shows that out of 4200
SSL certs, 820 have a wildcard CN.
Right, I think this makes particular sense for Akamai customers,
for whom you likely host multiple related web sites and coordinating
the
Right, I think this makes particular sense for Akamai customers, for whom you
likely host multiple related web sites and coordinating the deployment of
multiple certs is likely often too complex.
No, these are individual per-site certs for our customers. And just because
you gave me the
Fixing one of my own bugs, there since SSLeay days I belive :-)
If a short PEM encoded sequence is passed to the BIO, and the file
has 2 \n following, it will fail.
openssl asn1parse -in f2.bad
where f2.bad = EOF
-BEGIN PARAMETERS-
MA0GByqGSM49AQECAgD/
-END PARAMETERS-
EOF
The
Howdy
I am currently building using OpenSSL 0.9.8w
The compile flags etc all come from Intel drop
I would like to move to 1.0.1e (which I know is not the latest) but I have
other SW which uses 1.0.1e
If I look at the delta from 0.9.8w to what Intel provides with their
changes there are maybe 10
Hello,
I have tested today OPENSSL-1.0.2-STABLE-SNAP-20140402 and find out
that it fails to build on OpenVMS.
The following patch is needed to make it work.
SYSTEM@ia64$ mc DKA0:[UTIL]gdiff -p [.crypto]crypto-lib.com;1
[.crypto]crypto-lib.com;2
*** [.crypto]crypto-lib.com;1 Tue Feb
Hi all,
I just made a small improvement to the helper script CA.pl so that now it
can also:
1. Generate CRLs
2. Revoke certificates
I hope you find it useful. Attached you can see the patch.
Cheers,
Dario.
CA.pl.patch
Description: Binary data