OpenSSL Not Honoring Certs in CA file (SSL_CTX_load_verify_locations)?

Hi All, I'm probably doing something wrong here, but I don't see what it is. I'm calling SSL_CTX_load_verify_locations() with a CAT of PEM files. I'm not calling SSL_CTX_set_default_verify_paths(): /* http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html */ /* I've also tried with

Re: OpenSSL Not Honoring Certs in CA file (SSL_CTX_load_verify_locations)?

On Tue, Feb 12, 2013 at 3:16 AM, Jeffrey Walton noloa...@gmail.com wrote: ... I've used `openssl x509 -text -in AddTrust External CA Root.pem` (copied out directly from s_client), and everything looks OK. CA is TRUE, AKI is present, KU includes Certificate Sign, CRL Sign, etc. $ openssl x509

Re: OpenSSL Not Honoring Certs in CA file (SSL_CTX_load_verify_locations)?

I was missing Add Trust External CA Root, https://support.comodo.com/index.php?_m=downloads_a=viewdownloaddownloaditemid=9nav=0,1. On Tue, Feb 12, 2013 at 3:16 AM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, I'm probably doing something wrong here, but I don't see what it is. I'm

eNULL/NULL ciphers -- actually a cipher?

I realise that the eNULL/NULL ciphers add no encryption, but do they just transmit the data as is, or is there some steganography used? Thanks __ OpenSSL Project http://www.openssl.org User

RE: eNULL/NULL ciphers -- actually a cipher?

I realise that the eNULL/NULL ciphers add no encryption, but do they just transmit the data as is, or is there some steganography used? If you truly realized they add no encryption, you'd realize the answer to your question. :) /r$ -- Principal Security Engineer Akamai Technology

0.9.8z?

There were several commits to the 0_9_8 trunk after the 0.9.8y release last week that appear to be related to CVE-2013-0169. Will there be a forthcoming 0.9.8z release as a result? Or are these commits not needed to mitigate CVE-2013-0169? Thank you. attachment: foleyj.vcf

Re: 0.9.8z?

On Tue, Feb 12, 2013, John Foley wrote: There were several commits to the 0_9_8 trunk after the 0.9.8y release last week that appear to be related to CVE-2013-0169. Will there be a forthcoming 0.9.8z release as a result? Or are these commits not needed to mitigate CVE-2013-0169? The

Re: Assistance with zlib-dynamic build

I was able to specify zlib-dynamic and dso on the ./Configure command and got make and make tests to successfully run past the zlib tests however I was required to put a /usr/lib/libz.so shared object on my system. On our platform we don't have a /usr/lib/libz.so shared object but rather we

RE: X509* and Extract Public Key?

From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton Sent: Monday, 11 February, 2013 23:04 Some minor points: On Mon, Feb 11, 2013 at 5:15 PM, Dave Thompson dthomp...@prinpay.com wrote: On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote: snip: extract