Re: resumption problem

On Thu, Mar 26, 2020 at 12:40:08AM +, Jeremy Harris wrote: > Looks like I'm wrong, from the behaviour. > > It's the second of the possible places, and "i" is 129. > It appears to be failing the WPACKET_sub_allocate_bytes_u16() > call. %rsi before the call, which I think should be > the

Re: resumption problem

On 24/03/2020 20:25, Viktor Dukhovni wrote: >>> I'm guessing it is not the first. The second would an issue with a >>> particular issuer on the CA list (does Exim configure a list of CAs to >>> send to the server?), >> >> I don't think so Looks like I'm wrong, from the behaviour. It's the

Re: OpenSSL 111: authorityKeyIdentifier

Makes perfectly sense. Thank you. > Am 25.03.2020 um 18:49 schrieb Viktor Dukhovni : > > On Wed, Mar 25, 2020 at 05:47:01PM +0100, Dirk wrote: > My expectation (maybe wrong) is that the serial and the issuer name belong to the same X509 certificate that the key id belongs to.

Re: OpenSSL 111: authorityKeyIdentifier

On Wed, Mar 25, 2020 at 05:47:01PM +0100, Dirk wrote: > >> My expectation (maybe wrong) is that the serial and the issuer name belong > >> to > >> the same X509 certificate that the key id belongs to. > > > > Your expectation is "wrong". The issuer DN in the AKID is in fact > > supposed to be

Re: OpenSSL 111: authorityKeyIdentifier

Thank you Victor. Can you point me to the rfc that defines this? Best Am 25.03.2020 um 15:32 schrieb Viktor Dukhovni : > >  >> >> On Mar 24, 2020, at 11:12 AM, Dirk Menstermann wrote: >> >> My expectation (maybe wrong) is that the serial and the issuer name belong to >> the same X509

Re: New decode_errors due to EOF changes in master and 1.1.1e

Thanks. I'll try searching GH issues next time (or opening a new one?) rather than replying to a commit. On 3/25/20 2:37 AM, Matt Caswell wrote: > There is an ongoing discussion on this issue here: > > https://github.com/openssl/openssl/issues/11378 > > In the specific case of

Re: OpenSSL 111: authorityKeyIdentifier

> On Mar 24, 2020, at 11:12 AM, Dirk Menstermann wrote: > > My expectation (maybe wrong) is that the serial and the issuer name belong to > the same X509 certificate that the key id belongs to. Your expectation is "wrong". The issuer DN in the AKID is in fact supposed to be the issuer's

Ok but I try to connect and it doesn’t work ... and I try to ope ssl and it mantioned Thant I cant because of the reason 7

Re: New decode_errors due to EOF changes in master and 1.1.1e

There is an ongoing discussion on this issue here: https://github.com/openssl/openssl/issues/11378 In the specific case of s_client/s_server this actually uncovered a bug in s_server, which is why you see the problem there. Matt On 24/03/2020 23:35, John Baldwin wrote: > I replied to the

Re: 3.0 FIPS related questions

On 24/03/2020 15:02, Salz, Rich wrote: > >>> The second question is somewhat related. Has there been a decision yet >> whether the FOM 3.0 will go through a 140-2 or a 140-3 validation? > >>We are going through 140-2. > > Has the list of validated platforms been made public

RE: RAND SEED in vxworks6.9

FYI: I restarted the discussion in #7946 https://github.com/openssl/openssl/issues/7946#issuecomment-603545804 Matthias