See:
http://www.ietf.org/rfc/rfc5280.txt
Kyle Hamilton wrote:
I was asked this morning where to find the X.509 specification, since
http://itu.int/ is such a messy website.
I'll point you to the general location, because it's a better piece of
information to have than the exact location.
i was pointing out this:
~/local/bin/openssl s_client -connect localhost:
depth=0 CN = CA
verify return:1
*** glibc detected *** /home/build/local/bin/openssl: double free or
corruption (fasttop): 0x00979300 ***
the glibc message means that the current heap operation is on invalid
Hi,
You are right : there is a double free bug in the function
*ssl3_get_key_exchange* which leads to crash if an error occurs.
The bug is in line 1510 of s3_clnt.c where we forget to set the variable
bn_ctx to NULL after freeing it and this leads to the double free error
when BN_CTX_free is
Hodie VII Id. Aug. MMX, David Shambroom scripsit:
See:
http://www.ietf.org/rfc/rfc5280.txt
RFC5280 is only a profile for X.509 certificates and CRLs, just were
RFC3280 and RFC2459 before it. Hopefully, RFC5280 is of better quality
than its predecessors, but doesn't replace the standard at
Hi,
This patch corrects a double free bug in ssl3_get_key_exchange
(s3_clnt.c) when an error happens during the connection to a server.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
--- E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c.original Sun Feb 28
01:24:24 2010
+++
command is:
139831192893096:error:0407E06D:rsa routines:RSA_verify_PKCS1_PSS:data too
large:rsa_pss.c:127:
139831192893096:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:215:
Tested with openssl-SNAP-20100808
:
139831192893096:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:215:
Tested with openssl-SNAP-20100808.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
is the certificate at http://marc.info/?l=openssl-devm=128118163216952w=2
(with the malformed key) *syntactically* correct modulo the bad self signature?
with 1.0.0a
~/local/bin/openssl verify -check_ss_sig -CAfile /tmp/CA-P.cert /tmp/CA-P.cert
/tmp/CA-P.cert: CN = CA
error 7 at 0 depth