I'd like to bump this question. I wonder the same things.
Thanks,
Johannes
mahendra-4 wrote:
Hi All.
I am looking for some docs which explain how to use PSK based SSL
connection
( RFC 4279).
I tried executing the example apps, but they asked for certificates. My
understanding is that
On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote:
[david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]:
The bug report over on the apache tracker:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
has been updated - there is a utility to generate a set of CA
On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote:
[david.sm...@cern.ch - Tue Jun 23 11:06:26 2009]:
The bug report over on the apache tracker:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
has been updated - there is a utility to generate a set of CA
On Jun 26, 2009, at 2:40 PM, Joe Orton wrote:
This is a good point. We already do this conditionally, in fact.
David, could you try this mod_ssl patch as an alternative solution,
which doesn't necessitate fixes to OpenSSL?
Index: ssl_engine_io.c
[...]
Hello Joe,
Thanks for the mod_ssl
On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote:
[dw...@infradead.org - Sun May 31 22:08:11 2009]:
It's possible for multiple certificates to have the same subject name,
and if that happens then ssl3_output_cert_chain() may select the wrong
one because it just picks a
On Fri, Jun 26, 2009, David Woodhouse wrote:
On Tue, 2009-06-02 at 13:40 +0200, Stephen Henson via RT wrote:
[dw...@infradead.org - Sun May 31 22:08:11 2009]:
It's possible for multiple certificates to have the same subject name,
and if that happens then ssl3_output_cert_chain() may
[jor...@redhat.com - Fri Jun 26 13:52:18 2009]:
On Thu, Jun 25, 2009 at 06:05:08PM +0200, Stephen Henson via RT wrote:
I agree with the analysis.
Do you also agree with David's proposal to change the calls to
BIO_ctrl(, BIO_CTRL_INFO, ) into BIO_wpending() in ssl/*.c? It seems
to
On Fri, 2009-06-26 at 16:53 +0200, Dr. Stephen Henson wrote:
Sorry for delay in replying doing a shed load of other stuff at present. The
patch looks OK but will make a few minor changes to it, set the cert in
X509_STORE_CTX_init() instead of the structure accedd.
Does it help if I resubmit a
On Jun 26, 2009, at 2:40 PM, Joe Orton wrote:
This is a good point. We already do this conditionally, in fact.
David, could you try this mod_ssl patch as an alternative solution,
which doesn't necessitate fixes to OpenSSL?
Index: ssl_engine_io.c
[...]
Hello Joe,
Thanks for the mod_ssl