is the certificate at http://marc.info/?l=openssl-dev&m=128118163216952&w=2
(with the malformed key) *syntactically* correct modulo the bad self signature?
with 1.0.0a
~/local/bin/openssl verify -check_ss_sig -CAfile /tmp/CA-P.cert /tmp/CA-P.cert
/tmp/CA-P.cert: CN = CA
error 7 at 0 depth looku
gt;
> Output of the last command is:
> 139831192893096:error:0407E06D:rsa routines:RSA_verify_PKCS1_PSS:data too
> large:rsa_pss.c:127:
> 139831192893096:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
> lib:a_verify.c:215:
>
>
> Tested with openssl-SNAP-20100808.
>
> __
SS:data too
large:rsa_pss.c:127:
139831192893096:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:215:
Tested with openssl-SNAP-20100808.
__
OpenSSL Project http://www.opens
est.crt test.crt
Output of the last command is:
139831192893096:error:0407E06D:rsa routines:RSA_verify_PKCS1_PSS:data too
large:rsa_pss.c:127:
139831192893096:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:215:
Te
Hi,
This patch corrects a double free bug in ssl3_get_key_exchange
(s3_clnt.c) when an error happens during the connection to a server.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
--- E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c.original Sun Feb 28
01:24:24 2010
+++ E:/dev/li
Hodie VII Id. Aug. MMX, David Shambroom scripsit:
> See:
>
> http://www.ietf.org/rfc/rfc5280.txt
RFC5280 is only a profile for X.509 certificates and CRLs, just were
RFC3280 and RFC2459 before it. Hopefully, RFC5280 is of better quality
than its predecessors, but doesn't replace the standard at a
Hi,
You are right : there is a double free bug in the function
*ssl3_get_key_exchange* which leads to crash if an error occurs.
The bug is in line 1510 of s3_clnt.c where we forget to set the variable
bn_ctx to NULL after freeing it and this leads to the double free error
when BN_CTX_free is
i was pointing out this:
~/local/bin/openssl s_client -connect localhost:
depth=0 CN = CA
verify return:1
*** glibc detected *** /home/build/local/bin/openssl: double free or
corruption (fasttop): 0x00979300 ***
the glibc message means that the current heap operation is on invalid
po
See:
http://www.ietf.org/rfc/rfc5280.txt
Kyle Hamilton wrote:
I was asked this morning where to find the X.509 specification, since
http://itu.int/ is such a messy website.
I'll point you to the general location, because it's a better piece of
information to have than the exact location. (Th