Thanks!
On Wed, 19 Sep 2018 at 00:50, Viktor Dukhovni
wrote:
> > On Sep 18, 2018, at 5:27 PM, דרור מויל <moyald...@gmail.com> wrote:
> >
> > I'm experiencing some unexpected (in my opinion - and I might be in the
> wrong here) behavior in hostname checking the OpenSSL CLI utils.
>
> The
> On Sep 18, 2018, at 5:27 PM, דרור מויל <moyald...@gmail.com> wrote:
>
> I'm experiencing some unexpected (in my opinion - and I might be in the wrong
> here) behavior in hostname checking the OpenSSL CLI utils.
The default behaviour follows:
Hi,
I'm experiencing some unexpected (in my opinion - and I might be in the
wrong here) behavior in hostname checking the OpenSSL CLI utils.
I'm trying to verify the hostname of a certificate which has CN=mysite.com
and altSubj=localhost (was generated by pyca/cryptography example -
On Tue, Sep 18, 2018 at 05:11:42PM +, Salz, Rich via openssl-users wrote:
> >My point was about the likelihood of last-draft browsers lingering
> on in the real world for some time (like 1 to 3 years) after the
> TLS1.3-final browser versions ship.
>
> I do not think this is a
> On Sep 18, 2018, at 1:04 PM, Viktor Dukhovni
> wrote:
>
> That depends on whether setting the cert_store element was done properly (in
> a way
> that incremented the reference count) or not. See the documentation of:
>
> SSL_CTX_set1_cert_store(3)
> SSL_CTX_set_cert_store(3)
>My point was about the likelihood of last-draft browsers lingering
on in the real world for some time (like 1 to 3 years) after the
TLS1.3-final browser versions ship.
I do not think this is a concern. Chrome and FF auto-update and get almost
full coverage within a month or two,
Sure. I will open the issue.
From: Nicola
Date: Monday, September 17, 2018 at 10:05 PM
To: "Paras Shah (parashah)" , "openssl-users@openssl.org"
Subject: Re: [openssl-users] Softhsm + engine_pkcs11 + openssl with EC keys
fail.
Would it be possible for you to open this as an issue on Github
> On Sep 18, 2018, at 12:30 PM, Maxwell Dreytser wrote:
>
>> X509_STORE_free() decrements a reference count, and frees the object only
>> when the count reaches zero.
>>
> Was this behavior the same in older versions?
Yes.
> If so, then there is no reason to clear cert_store even in older
This is factually incorrect; the TLS values are lower than the FIPS values, for
example. And also, what “everyone in the know” has always stated isn’t really
true any more.
It would be nice to keep politics out of this list.
--
openssl-users mailing list
To unsubscribe:
> On Sep 18, 2018, at 12:12 PM, ad...@mdtech.us wrote:
>
> I have some legacy code that I am updating for 1.1 and there they set
> SSL_CTX::cert_store to NULL before `SSL_CTX_free`. Is this neccessary for the
> X509_STORE to be shared between contexts?
> Note that this still has to be
Hello,
I have some legacy code that I am updating for 1.1 and there they set
SSL_CTX::cert_store to NULL before `SSL_CTX_free`. Is this neccessary
for the X509_STORE to be shared between contexts?
Note that this still has to be buildable on 1.0 with the same result.
In the docs it says
Hello !
>>
>> With such list it works, but without encoding (data send in cleartext,
>> connection established as Cipher: NULL-SHA)
>>
>> and if I remove eNULL on client side, it doesn't connect - server wait
>> repeat of client cookue forever.
>>
>> At the same time, "openssl s_client
On Tue, Sep 18, 2018 at 9:18 AM
wrote:> Unfortunelly, it's exactly this example which I use. You have
pointed on slightly different version,
> but all difference is:
>
> SSL_CTX_set_cookie_verify_cb(ctx, _cookie);
> instead of
> SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);
>
Hello !
17.09.2018, 16:26, "Richard Weinberger" :
> On Thu, Sep 13, 2018 at 3:51 PM wrote:
>> I tryed to dig inside openssl s_client source code, but it's really too
>> complex for me, it seems like s_client doesn't use
>> SSL_connect, instead, using more low-level functions.
>>
>> So, does
On 15/09/2018 10:46, Kurt Roeckx wrote:
On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote:
On 13/09/2018 09:57, Klaus Keppler wrote:
Hi,
thank you for all your responses.
I've just tested with Firefox Nightly 64.0a1, and both s_server and our
own app (using OpenSSL 1.1.1-release)
15 matches
Mail list logo
