On 2009.10.12 at 19:00:30 +0200, Dr. Stephen Henson wrote:
Well we are in the middle of a beta relase cycle so making incompatible
changes and/or major new functionality isn't an option.
Is this (#2) a major new functionality, given that cache field in
X509_CTX is already here and
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
2. Make X509_LOOKUP_hash_dir lookup method honour cache field in the
X509_STORE structure. (I think that it is better to make this field
a bit mask and interpret constants X509_LU_CERT and X509_LU_CRL as
bit flags, but it would conflict with
On Tue, Oct 13, 2009, Victor B. Wagner wrote:
On 2009.10.12 at 19:00:30 +0200, Dr. Stephen Henson wrote:
Well we are in the middle of a beta relase cycle so making incompatible
changes and/or major new functionality isn't an option.
Is this (#2) a major new functionality, given that
On 2009.10.13 at 14:12:22 +0200, Dr. Stephen Henson wrote:
On Tue, Oct 13, 2009, Victor B. Wagner wrote:
On 2009.10.12 at 19:00:30 +0200, Dr. Stephen Henson wrote:
Well we are in the middle of a beta relase cycle so making incompatible
changes and/or major new functionality
On Tue, Oct 13, 2009, Victor B. Wagner wrote:
In that vein we'd need to document X509_STORE_CTX, X509_verify_cert() and
X509_VERIFY_PARAM (and related functions). Some of this could just copy and
paste or point to some existing documentation for the verify utility.
Now I'm attaching a
On 2009.10.13 at 14:30:50 +0200, Dr. Stephen Henson wrote:
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
2. Make X509_LOOKUP_hash_dir lookup method honour cache field in the
X509_STORE structure. (I think that it is better to make this field
a bit mask and interpret constants
On Tue, Oct 13, 2009, Victor B. Wagner wrote:
--- x509_lu.c.orig 2009-10-13 17:23:48.0 +0400
+++ x509_lu.c 2009-10-13 17:24:15.0 +0400
@@ -290,7 +290,7 @@
tmp=X509_OBJECT_retrieve_by_subject(ctx-objs,type,name);
- if
On 2009.10.13 at 18:20:12 +0200, Dr. Stephen Henson wrote:
There is some additional logic for CRLs though. In by_dir.c it stores the last
suffix value of a CRL so if you have CRL links:
This logic have to be clearly documented in the X509_LOOKUP_hash_dir
manual page. I'd write what I've
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
BTW, it seems that most applications which actualy use CRLs, such as
Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
in its own code, not relying on X509_V_FLAG_CRL_CHECK in X509_STORE.
In some cases CRL lookup is
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
BTW, it seems that most applications which actualy use CRLs, such as
Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
in its own code, not relying on
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
BTW, it seems that most applications which actualy use CRLs, such as
Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
in its own code, not relying on
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
BTW, it seems that most applications which actualy use CRLs, such as
Apache, openvpn and stunnel, do implement lookup of
12 matches
Mail list logo
