On Mon, Mar 06, 2023 at 10:19:36PM +, Job Snijders wrote:
> Am I using X509_get_X509_PUBKEY() properly?
I was not! Thanks for the clue tb@
I think the newly introduced RSA parameter check valid_ca_pkey() can
also be applied to the outside-TBS RSA signature in .cer files.
Am I using X509_get_X509_PUBKEY() properly?
OK?
Kind regards,
Job
Index: cert.c
===
RCS file:
On Mon, Mar 06, 2023 at 08:10:49PM +, Job Snijders wrote:
> Upon re-reading RFC 6487 section 4.8.2, SKIs are not at all arbitary
> identifiers: they must be the SHA-1 hash of the 'Subject Public Key'.
Ah, good.
> The below changeset adds a SPK digest calculation and comparison to the
>
Upon re-reading RFC 6487 section 4.8.2, SKIs are not at all arbitary
identifiers: they must be the SHA-1 hash of the 'Subject Public Key'.
The below changeset adds a SPK digest calculation and comparison to the
X509v3 extension containing the SKI.
OK?
Index: x509.c
> The last times the attribute names were updated were 14 and 21 years ago.
> Modern drives, especially SSDs, get a lot of Unknown columns from the
> 'readattr' command.
>
> Attributes were coalesced from smartmontools, NetBSD's atactl, and
> Wikipedia's citations. Manufacturer-specific
> Currently it is not possible to use unicode codepoints > 0xFF on the console,
> because our UTF-8 decoding logic is badly broken.
>
> The code in question is in wsemul_subr.c, wsemul_getchar().
>
> The problem is that we calculate the number of bytes in a multi-byte
> sequence by just looking
On Mon, Mar 06, 2023 at 04:35:05PM +0100, Theo Buehler wrote:
> > 3) Signatures (outside the TBS) in a .cer must be RSA (TODO: also
> > check mod + (e))
>
> I'd prefer to skip this for now. This does not really buy us much, it
> is independent and I see it as some polish that doesn't need to go
On Mon, Mar 06, 2023 at 02:50:14PM +, Job Snijders wrote:
> On Mon, Mar 06, 2023 at 12:27:36PM +0100, Theo Buehler wrote:
> > On Mon, Mar 06, 2023 at 10:52:31AM +, Job Snijders wrote:
> > > RFC 7935 states in section 3: "The RSA key pairs used to compute the
> > > signatures MUST have a
On Mon, Mar 06, 2023 at 12:27:36PM +0100, Theo Buehler wrote:
> On Mon, Mar 06, 2023 at 10:52:31AM +, Job Snijders wrote:
> > RFC 7935 states in section 3: "The RSA key pairs used to compute the
> > signatures MUST have a 2048-bit modulus and a public exponent (e) of
> > 65,537."
> >
> > The
06.03.2023 13:49, Raf Czlonka пишет:
> To quote sthen@[0]:
>
> But that isn't, it is talking about _execdir,
> _flags, etc where you need to replace the
>
> [0] https://marc.info/?l=openbsd-tech=165364961710717=2
I find this dance in rc.d.8 not helpful:
.It Ar daemon Ns _flags
On Mon, Mar 06, 2023 at 02:52:51PM +0100, Mark Kettenis wrote:
> > Date: Mon, 6 Mar 2023 13:31:58 +
> > From: Klemens Nanni
> >
> > 01.03.2023 17:47, Klemens Nanni пишет:
> > > Same diff as nov 2021 "Re: installer: prompt for WEP only if available"
> > >
06.03.2023 13:56, Stuart Henderson пишет:
> While I'd certainly _like_ to be able to set flags and force -y on
> certain types of system where it makes sense, I don't think there's
> any code to support this is there?
Heh oops... no wonder this diff is sold, I've had support for that in
tree for
On 2023/03/06 13:10, Klemens Nanni wrote:
> All relevant variables should be explained.
>
> Feedback? OK?
>
> Index: rc.conf.8
> ===
> RCS file: /cvs/src/share/man/man8/rc.conf.8,v
> retrieving revision 1.31
> diff -u -p -r1.31
> Date: Mon, 6 Mar 2023 13:31:58 +
> From: Klemens Nanni
>
> 01.03.2023 17:47, Klemens Nanni пишет:
> > Same diff as nov 2021 "Re: installer: prompt for WEP only if available"
> > https://marc.info/?l=openbsd-tech=163680942623448=2
> >
> > bwfm(4) still has no WEP support and using it for
On Mon, Mar 06, 2023 at 01:28:59PM GMT, Klemens Nanni wrote:
> I pointed out how rc.d(8) uses login.conf(5) via `daemon_class', so I linked
> to https://man.openbsd.org/rc.d.8#daemon_class expecting it to be marked up.
>
> Add .Tg to make above link and ":t daemon_class" in `man rc.d' work.
>
>
01.03.2023 17:47, Klemens Nanni пишет:
> Same diff as nov 2021 "Re: installer: prompt for WEP only if available"
> https://marc.info/?l=openbsd-tech=163680942623448=2
>
> bwfm(4) still has no WEP support and using it for installs keeps showing
>
> Which network interface do you wish to
I pointed out how rc.d(8) uses login.conf(5) via `daemon_class', so I linked
to https://man.openbsd.org/rc.d.8#daemon_class expecting it to be marked up.
Add .Tg to make above link and ":t daemon_class" in `man rc.d' work.
Mark up all `daemon_*' variables as single .Va so they get an automatic
All relevant variables should be explained.
Feedback? OK?
Index: rc.conf.8
===
RCS file: /cvs/src/share/man/man8/rc.conf.8,v
retrieving revision 1.31
diff -u -p -r1.31 rc.conf.8
--- rc.conf.8 25 Sep 2022 22:47:27 - 1.31
On Mon, Mar 06, 2023 at 10:52:31AM +, Job Snijders wrote:
> Hi,
>
> RFC 7935 states in section 3: "The RSA key pairs used to compute the
> signatures MUST have a 2048-bit modulus and a public exponent (e) of
> 65,537."
>
> The below adds a check for that.
That's a good first step. See
Hi,
RFC 7935 states in section 3: "The RSA key pairs used to compute the
signatures MUST have a 2048-bit modulus and a public exponent (e) of
65,537."
The below adds a check for that.
OK?
Kind regards,
Job
Index: cms.c
===
RCS
20 matches
Mail list logo