As reported by Bill Parker in trac #600, strdup() return values are not
always correctly checked for failed allocations. This patch adds missing
checks.
Note that in misc.c and options.c, the check is after the dirname() or
basename() call, because these can deal with NULL params and we need to
k
Hi,
On Tue, Aug 25, 2015 at 02:38:20AM -0400, grarpamp wrote:
> Cert serial numbers found in the wild are hardly unique (witness
They are not "in the wild" in this context, as the issueing CA in
OpenVPN contexts is typically in-house - and serial numbers for certs
issued by a single CA(!) *are* u
Hi.
I disagree.
And openssl crl disagrees with you too. There are no sha1 (or other)
fingerprints there, serial numbers are stored there :)
As far as I understand in most of the cases where X509 is used for
OpenVPN, single (mostly probable self-signed) CA is used for
authentication so serial n
On Mon, Aug 24, 2015 at 12:54 PM, Boris Lytochkin
wrote:
> Log serial number of revoked certificate
> In most of situations admin of OpenVPN server needs to know which particular
> certificate is used by client.
Cert serial numbers found in the wild are hardly unique (witness
the Mozilla CA bundl
Hi Gert,
thanks for clarifying this.
Cheers
Jirka H.
On 08/24/2015 11:10 PM, Gert Doering wrote:
> Hi,
>
> On Mon, Aug 24, 2015 at 09:17:44PM +0200, Jiri Horky wrote:
>> thanks for the information. I see you effectively increased the size to
>> 1.2k which, as far as I know, will not work for peo
