[third resend to fill in Victor's reference - removed him from Cc: to
avoid the dupe;
all in the hopes it finally makes it or I get at least an NDN]
Am 17.05.2010, 19:19 Uhr, schrieb Victor Duchovni:
On Mon, May 17, 2010 at 10:23:16AM +0300, Eray Aslan wrote:
On 17.05.2010 03:02, Victor
On Thu, May 20, 2010 at 09:45:41AM +0200, Matthias Andree wrote:
The only race condition is when a trusted root is deleted which has the
same hash as a trusted root that stays, and the hash.0 link needs to go
while the hash.1 link stays. [...] This is substantially safer than
the crude delete
On 17.05.2010 03:02, Victor Duchovni wrote:
If you want to be really clever, you may be able to hash two copies
of the root CA directories with the same set of certificates each with
a different version of c_rehash (and corresponding utilities from the
appropriate OpenSSL version) and then
On Mon, May 17, 2010 at 10:23:16AM +0300, Eray Aslan wrote:
On 17.05.2010 03:02, Victor Duchovni wrote:
If you want to be really clever, you may be able to hash two copies
of the root CA directories with the same set of certificates each with
a different version of c_rehash (and
Postfix works fine when compiled and linked with OpenSSL 1.0.0.
However, when migrating from OpenSSL 0.9.8 to OpenSSL 1.0.0, there is
a potential (in)compatibility issue with CApath directories.
If you use a CApath to store root CA certificates for either the Postfix
SMTP client or the Postfix