[openssl.org #2351] PATCH: Remove obsolete ipsec extended key usages

2010-09-29 Thread Micah Anderson via RT
Hi, The extended key usages id-kp-ipsecEndSystem, id-kp-ipsecTunnel and id-kp-ipsecUser are obsoleted as per RFC 4945 § 5.1.3.12 section title ExtendedKeyUsage: ... Note that there were three IPsecrelated object identifiers in EKU that were assigned in 1999. The semantics of these values were

[openssl.org #2352] PATCH: Add new extended key usage ipsecIKE

2010-09-29 Thread Micah Anderson via RT
According to RFC 4945 § 5.1.3.12 section title ExtendedKeyUsage[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp

[openssl.org #2353] PATCH: add missing OSCPSigning bits

2010-09-29 Thread Micah Anderson via RT
In a recent attempt to add missing extended key usage pieces, I noticed that the OCSPSigning extended key usage was not fully implemented. It is perfectly possible that I am not fully cognizant of how the code works, and it is properly implemented. It is however, clearly not documented. The

Re: [openssl.org #2352] PATCH: Add new extended key usage ipsecIKE

2010-09-29 Thread Gregory Bellier
2010/9/29 Micah Anderson via RT r...@openssl.org According to RFC 4945 § 5.1.3.12 section title ExtendedKeyUsage[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use:

[openssl.org #2354] [PATCH] Increase Default RSA Key Size to 2048-bits

2010-09-29 Thread Rob Stradling via RT
NIST (SP800-57 Part 1) recommends a minimum RSA key size of 2048-bits beyond 2010. From January 1st 2011, in order to comply with the current Microsoft[1] and Mozilla[2] CA Policies, Commercial CAs will no longer be permitted to issue certificates with RSA key sizes of 2048-bit. Please accept

[openssl.org #2316] Build issue on Tru64 (Dl_info must specify a type)

2010-09-29 Thread Ingersoll, Nelson via RT
I am also attempting to build OpenSSL 1.0.0a on an antique OSF1 system-name-here V4.0 1530 alpha alpha Tru64 system running Alpha 4.0G. I also get the error about dli not being declared. This is the last of the compile log where it fails: cc -I.. -I../.. -I../asn1 -I../evp