Re: PSK usage( RFC 4279) - examples and docs

I'd like to bump this question. I wonder the same things. Thanks, Johannes mahendra-4 wrote: Hi All. I am looking for some docs which explain how to use PSK based SSL connection ( RFC 4279). I tried executing the example apps, but they asked for certificates. My understanding is that

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote: [david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]: The bug report over on the apache tracker: https://issues.apache.org/bugzilla/show_bug.cgi?id=46952 has been updated - there is a utility to generate a set of CA

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote: [david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]: The bug report over on the apache tracker: https://issues.apache.org/bugzilla/show_bug.cgi?id=46952 has been updated - there is a utility to generate a set of CA

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Jun 26, 2009, at 2:40 PM, Joe Orton wrote: This is a good point. We already do this conditionally, in fact. David, could you try this mod_ssl patch as an alternative solution, which doesn't necessitate fixes to OpenSSL? Index: ssl_engine_io.c [...] Hello Joe, Thanks for the mod_ssl

Re: [openssl.org #1942] [PATCH] ssl3_output_cert_chain() selects wrong certificate as issuer.

On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote: [dw...@infradead.org - Sun May 31 22:08:11 2009]: It's possible for multiple certificates to have the same subject name, and if that happens then ssl3_output_cert_chain() may select the wrong one because it just picks a

Re: [openssl.org #1942] [PATCH] ssl3_output_cert_chain() selects wrong certificate as issuer.

On Fri, Jun 26, 2009, David Woodhouse wrote: On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote: [dw...@infradead.org - Sun May 31 22:08:11 2009]: It's possible for multiple certificates to have the same subject name, and if that happens then ssl3_output_cert_chain() may

[openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

[jor...@redhat.com - Fri Jun 26 13:52:18 2009]: On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote: I agree with the analysis. Do you also agree with David's proposal to change the calls to BIO_ctrl(, BIO_CTRL_INFO, ) into BIO_wpending() in ssl/*.c? It seems to

Re: [openssl.org #1942] [PATCH] ssl3_output_cert_chain() selects wrong certificate as issuer.

On Fri, 2009-06-26 at 16:53 +0200, Dr. Stephen Henson wrote: Sorry for delay in replying doing a shed load of other stuff at present. The patch looks OK but will make a few minor changes to it, set the cert in X509_STORE_CTX_init() instead of the structure accedd. Does it help if I resubmit a

Re: [openssl.org #1949] mod_ssl/openssl failures when more than 85 CAs are configured

On Jun 26, 2009, at 2:40 PM, Joe Orton wrote: This is a good point. We already do this conditionally, in fact. David, could you try this mod_ssl patch as an alternative solution, which doesn't necessitate fixes to OpenSSL? Index: ssl_engine_io.c [...] Hello Joe, Thanks for the mod_ssl