The ALPN RFC [1] states:
In the event that the server supports no protocols that the client
advertises, then the server SHALL respond with a fatal
no_application_protocol alert. [2]
This functionality is not yet implemented in OpenSSL. Now that HTTP/2 has
be published as a RFC [3], and due to
fixed on master: commit cc01d21756cc9c79231ef21039782c5fe42008a2
Author: Rich Salz rs...@akamai.com
Date: Thu May 28 13:52:55 2015 -0400
RT3876: Only load config when needed
Create app_load_config(), a routine to load config file. Remove the
always load config from the main app. Change the
Please add documentation for SSL_CTX_clear_extra_chain_certs to the man pages
and mention it's existence in SSL_CTX_add_extra_chain_cert.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
I submitted a patch to support no_application_protocol alert on ALPN
about a year ago.
http://rt.openssl.org/Ticket/Display.html?id=3463
But no one replied me yet.
On 2015/05/29 8:20, Scott Mitchell wrote:
The ALPN RFC [1] states:
In the event that the server supports no protocols that
On 5/27/2015 4:21 AM, Matt Caswell via RT wrote:
On Wed May 27 06:41:51 2015, raysat...@yahoo.com wrote:
On 3/16/2015 5:45 AM, Kai Engert via RT wrote:
Thank you very much for your work on this issue!
In my testing so far, it works as requested.
I noticed the code changes in x509_vfy.c apply
On 5/27/2015 4:21 AM, Matt Caswell via RT wrote:
On Wed May 27 06:41:51 2015, raysat...@yahoo.com wrote:
On 3/16/2015 5:45 AM, Kai Engert via RT wrote:
Thank you very much for your work on this issue!
In my testing so far, it works as requested.
I noticed the code changes in x509_vfy.c apply
Hi Andy,
Thanks for pointing us to a better alternative. We'll try and change
the way of configuring OpenSSL for OCTEON.
-Balaji M
On 25 May 2015 at 21:23, Andy Polyakov via RT r...@openssl.org wrote:
Hi,
This patch adds Cavium Networks' OCTEON target to Configure file. The diff
is taken
Hi Andy,
Thanks for pointing us to a better alternative. We'll try and change
the way of configuring OpenSSL for OCTEON.
-Balaji M
On 25 May 2015 at 21:23, Andy Polyakov via RT r...@openssl.org wrote:
Hi,
This patch adds Cavium Networks' OCTEON target to Configure file. The diff
is taken
Hi,
I am porting openssl_1.0.1g to our private OS.
But we meet some problem, could you please give me a favor.
The issue is described below.
Inside the file obj_xref.c, there is a variable sigx_app that never be
initialize,
so this variable sigx_app will be changed anytime.
The uninitialized
thanks!
Unfortunately there is no pkcs11 wrapper for this device.
There are a few commands implementing RSA operations (generate keyPair,
PreMaster decrypt) and I have to use them to perform server-side SSL handshake.
OpenSC looks very interesting for my task.
Pavel
- openssl-users
My understanding is as there are some similarities between my device and
cryptodev device, i may follow the cryptodev. Is it right? If we want to
take reference from any other engine iam not getting any similarity between
my engine and any one from already implemented. If i go through with pkcs11
Todd, I agree. Have the warning only where it matters (but have it there).
From: Short, Todd [mailto:tsh...@akamai.com]
Sent: Thursday, May 28, 2015 08:25 AM
To: Blumenthal, Uri - 0553 - MITLL
Cc: r...@openssl.org r...@openssl.org; openssl-dev@openssl.org
openssl-dev@openssl.org
Subject: Re:
If I want and expect openssl to use a config file, and it did not find it -
it's darn useful for me to be informed of that fact by openssl.
- Original Message -
From: Rich Salz via RT [mailto:r...@openssl.org]
Sent: Wednesday, May 27, 2015 08:44 PM
To: tsh...@akamai.com
If I want and expect openssl to use a config file, and it did not find it -
it's darn useful for me to be informed of that fact by openssl.
- Original Message -
From: Rich Salz via RT [mailto:r...@openssl.org]
Sent: Wednesday, May 27, 2015 08:44 PM
To: tsh...@akamai.com
The parameters in the configuration file, in general, apply only to certificate
operations. The openssl application does way more than certificate operations,
and seeing a warning for a configuration file that has no impact on the
operation being performed is annoying. Rather than completely
The parameters in the configuration file, in general, apply only to certificate
operations. The openssl application does way more than certificate operations,
and seeing a warning for a configuration file that has no impact on the
operation being performed is annoying. Rather than completely
Todd, I agree. Have the warning only where it matters (but have it there).
From: Short, Todd [mailto:tsh...@akamai.com]
Sent: Thursday, May 28, 2015 08:25 AM
To: Blumenthal, Uri - 0553 - MITLL
Cc: r...@openssl.org r...@openssl.org; openssl-dev@openssl.org
openssl-dev@openssl.org
Subject: Re:
I'm rejecting this ticket on the base that it's aged and that it seems to be a
misunderstanding of what arguments OBJ_bsearch_ex_ should be called with. Since
you aren't calling it directly but have made changes in the rest of the OpenSSL
source, maybe you should have a look at those changes
If the environment variable OPENSSL_CNF points to non-existing file a
warning seems also being informative.
/Ann.
Am 28.05.2015 um 14:25 schrieb Short, Todd:
The parameters in the configuration file, in general, apply only to
certificate operations. The openssl application does way more
On Wed May 27 22:32:56 2015, tsh...@akamai.com wrote:
Hello OpenSSL Org:
This is a change that Akamai has made to its
implementation of OpenSSL.
Version: master branch
Description: Add
X509 OCSP error codes and messages
Github link:
My suggestion is, at least for 1.1 (but I don't see why this can't be ported
down to 1.0.2 and 1.0.1) remove the config loading code from
openssl.c:main() and add the same code in req.c as you can find in ts.c or
srp.c... possibly refactoring that code into a helper function in apps.c.
Yes,
On Thu May 28 02:44:11 2015, rsalz wrote:
Because it goes ahead and proceeds. Not it is explicit testing ENOTFOUND.
It should either error+exit or not complain.
I can be convinced the current behavior is useful.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
The current behavior is
22 matches
Mail list logo
