On Tue, Sep 12, 2023 at 12:03:01AM +, Job Snijders wrote:
> On Mon, Sep 11, 2023 at 09:31:03AM +0200, Theo Buehler wrote:
> > > - * This only parses the RFC 3779 extensions since these are necessary for
> > > - * validation.
> >
> > Isn't this still true? Y
On Mon, Sep 11, 2023 at 09:31:03AM +0200, Theo Buehler wrote:
> > - * This only parses the RFC 3779 extensions since these are necessary for
> > - * validation.
>
> Isn't this still true? You don't really parse the subject name.
I took 'parse' to mean something like 'inspects',
On Mon, Sep 11, 2023 at 01:42:03AM +, Job Snijders wrote:
> This adds another compliance check for the X.509 subject name.
>
> Only commonName, and optionally serialNumber, are permitted in the
> certificate subject name. See RFC 6487 section 4.4 and 4.5.
>
> It se
This adds another compliance check for the X.509 subject name.
Only commonName, and optionally serialNumber, are permitted in the
certificate subject name. See RFC 6487 section 4.4 and 4.5.
It seems the one CA who was not compliant with this requirement got
their act together, so now
S V wrote:
> 2023-07-27 17:24 GMT+03:00, Theo de Raadt :
> > You don't explain why you are trying to enable floating point register
> > use in the kernel.
>
> I just have CPU with it (Cortex-a57 with NEON), so was toying with it
> trying to look if I get more performance.
> Got this error and
I was trying (as an experiment) to build aarch64 current kernel with
-march=armv8-a+simd and stumble upon error
Interesting to notice that armv8-a+nofp+simd compiles and runs OK
part of output with error:
cc -g -Werror -Wall -Wimplicit-function-declaration -Wno-pointer-sign
On Mon, Mar 06, 2023 at 08:10:49PM +, Job Snijders wrote:
> Upon re-reading RFC 6487 section 4.8.2, SKIs are not at all arbitary
> identifiers: they must be the SHA-1 hash of the 'Subject Public Key'.
Ah, good.
> The below changeset adds a SPK digest calculation and c
Upon re-reading RFC 6487 section 4.8.2, SKIs are not at all arbitary
identifiers: they must be the SHA-1 hash of the 'Subject Public Key'.
The below changeset adds a SPK digest calculation and comparison to the
X509v3 extension containing the SKI.
OK?
Index: x509.c
On Tue, 08 Nov 2022 18:05:24 +, Klemens Nanni wrote:
> Subject: Document ifc_list immutability
Sure. OK millert@
- todd
Subject: Document ifc_list immutability
OK?
diff --git a/sys/net/if_var.h b/sys/net/if_var.h
index 28514a0bfcd..a472c586f3c 100644
--- a/sys/net/if_var.h
+++ b/sys/net/if_var.h
@@ -78,11 +78,15 @@ struct ifnet;
struct task;
struct cpumem;
+/*
+ * Locks used to protect struct members
Hello OpenBSD developers!
I have a suggestion on how to get the current executable path in OpenBSD that
might be reliable enough and not too costly that it might be accepted for a
future OpenBSD version.
Even if it won't be accepted, I need a little help completing the solution I
have in
Hi,
I sent this to bugs a while back, but it doesn't seem to have been picked up by
anyone.
On both i386 and amd64, the machine boot command in the bootloader has an off
by one bug, which has been present since revision 1.20 in 1998.
The machine boot command is implemented by patching the
On Fri, Feb 05, 2021 at 02:45:41PM +0100, Claudio Jeker wrote:
> RPKI certificates have 3 possible Subject Information Access URI that we
> may be interested in:
> - 1.3.6.1.5.5.7.48.5 (caRepository)
> - 1.3.6.1.5.5.7.48.10 (rpkiManifest)
> - 1.3.6.1.5.5.7.48
RPKI certificates have 3 possible Subject Information Access URI that we
may be interested in:
- 1.3.6.1.5.5.7.48.5 (caRepository)
- 1.3.6.1.5.5.7.48.10 (rpkiManifest)
- 1.3.6.1.5.5.7.48.13 (rpkiNotify)
rpkiManifest points to the .mft file inside the caRepository.
Because
subscribe
foo
subscribe tech@openbsd.org
Karel Gardas(gard...@gmail.com) on 2019.02.10 14:18:00 +0100:
>
> Any issues with the patch now?
no, i just lost track of it.
commited, thanks!
> Anything I shall improve to get that
> into acceptable/comitable state?
>
> Thanks,
> Karel
>
> On Fri, 1 Feb 2019 17:48:46 +0100
> Karel Gardas
Any issues with the patch now? Anything I shall improve to get that
into acceptable/comitable state?
Thanks,
Karel
On Fri, 1 Feb 2019 17:48:46 +0100
Karel Gardas wrote:
> On Fri, 1 Feb 2019 16:53:14 +0100
> Sebastian Benoit wrote:
>
> > > + if (clt->clt_remote_user == NULL &&
> > >
On Fri, 1 Feb 2019 16:53:14 +0100
Sebastian Benoit wrote:
> > + if (clt->clt_remote_user == NULL &&
> > + clt->clt_tls_ctx != NULL &&
> > + (srv_conf->tls_flags & TLSFLAG_CA) &&
> > + stravis(, tls_peer_cert_subject(clt->clt_tls_ctx),
>
>
Karel Gardas(gard...@gmail.com) on 2019.02.01 16:28:17 +0100:
>
> Hello,
>
> I'd like to have X509 peer's cert subject name logged in some form when
> ca option in httpd.conf is used. That is, we do have X509 verified
> client accessing web resource. Following patch implemen
Hello,
I'd like to have X509 peer's cert subject name logged in some form when
ca option in httpd.conf is used. That is, we do have X509 verified
client accessing web resource. Following patch implements this
behavior for combined logging style and for the case http connection
Currently, pcap_setdirection() is described in pcap.3 as follows:
pcap_setdirection() is used to limit the direction
that packets must be flowing in order to be captured.
The "direction" is not described, except in pcap.h.
Should the constants be mentioned in the manpage?
Also, the direction
Hi,
this removes the currently unused arguments *warnmess and ratecap from
pool_sethardlimit().
ok?
diff --git share/man/man9/pool.9 share/man/man9/pool.9
index 75742cf12ab..27226e14a25 100644
--- share/man/man9/pool.9
+++ share/man/man9/pool.9
@@ -72,8 +72,6 @@
.Fo pool_sethardlimit
.Fa
Including when using getopt(3) also makes
extern int opterr, optind, optopt, optreset;
and friends declared, but many utils redeclare them again.
Is there a reason for that, or can those be removed?
As a harmless example, here's a diff to games.
Jan
Index: fortune/strfile/strfile.c
Stuart Henderson wrote:
> On 2017/06/27 18:11, Ted Unangst wrote:
> > so chrome at least has gotten pretty uppity about certs that lack subject
> > altnames.
>
> Oh that's going to be hilarious. There are at least valid reasons for
> doing this (e.g. nameConstraints don'
On 2017/06/27 18:11, Ted Unangst wrote:
> so chrome at least has gotten pretty uppity about certs that lack subject
> altnames.
Oh that's going to be hilarious. There are at least valid reasons for
doing this (e.g. nameConstraints don't work with CN).
>
>
so chrome at least has gotten pretty uppity about certs that lack subject
altnames. following the instructions in ssl.8 is no longer sufficient.
here's a short hint about how to fix this.
Index: ssl.8
===
RCS file: /cvs/src/share
The "EV SSL Certificate Guidelines" available from:
https://cabforum.org/extended-validation/
defines three OIDs commonly seen in leaf certificates:
jurisdictionLocalityName
1.3.6.1.4.1.311.60.2.1.1
jurisdictionStateOrProvinceName
1.3.6.1.4.1.311.60.2.1.2
jurisdictionCountryName
ourreges-Anglas wrote:
> >>> "Ted Unangst" <t...@tedunangst.com> writes:
> >>>
> >>> > i'm tired of seeing bug reports with no subject. i also get a fair bit
> >>> of spam
> >>> > with no subject and i am easily
"trondd" <tro...@kagu-tsuchi.com> writes:
> On Sun, May 15, 2016 1:22 pm, Juan Francisco Cantero Hurtado wrote:
>> On Sun, May 15, 2016 at 06:43:16PM +0200, Jeremie Courreges-Anglas wrote:
>>> "Ted Unangst" <t...@tedunangst.com> writes:
>>&g
On Sun, May 15, 2016 1:22 pm, Juan Francisco Cantero Hurtado wrote:
> On Sun, May 15, 2016 at 06:43:16PM +0200, Jeremie Courreges-Anglas wrote:
>> "Ted Unangst" <t...@tedunangst.com> writes:
>>
>> > i'm tired of seeing bug reports with no s
On Sun, May 15, 2016 at 06:43:16PM +0200, Jeremie Courreges-Anglas wrote:
> "Ted Unangst" <t...@tedunangst.com> writes:
>
> > i'm tired of seeing bug reports with no subject. i also get a fair bit of
> > spam
> > with no subject and i am easily confused.
"Ted Unangst" <t...@tedunangst.com> writes:
> i'm tired of seeing bug reports with no subject. i also get a fair bit of spam
> with no subject and i am easily confused. something is better than nothing.
I fear that after that change all bug reports will only have [
i'm tired of seeing bug reports with no subject. i also get a fair bit of spam
with no subject and i am easily confused. something is better than nothing.
Index: sendbug.c
===
RCS file: /cvs/src/usr.bin/sendbug/sendbug.c,v
espie@openbsd, dera...@cvs.openbsd.org
Bcc:
Subject: Re: sqlite 3.8.11.1
Reply-To:
In-Reply-To: <20150909084510.gh30...@tazenat.gentiane.org>
On Wed, Sep 09, 2015 at 08:45:10AM +, Miod Vallat wrote:
> > Hi,
> >
> > thanks to the hard work of jturner@, here'
Merge two identical if() statements. The change in ip_spd.c 1.59
makes it appear that there is a cut pasto. We should merge the
two identical and adjacent if() statements to avoid confusing people
(and static analyzers).
- todd
Index: sys/netinet/ip_spd.c
Hi again after discussins with Helg, second change is not relevant, so only
the first should remains.
Kind regards.
Index: fuse.c
===
RCS file: /cvs/src/lib/libfuse/fuse.c,v
retrieving revision 1.24
diff -u -p -r1.24 fuse.c
---
Envoyé depuis Windows Mail
Yes. As it would seem, that was unintentional, possibly caused by a bad merge.
I didn't pick this up as it worked on my system. It was thanks to Otto's messae
re parsing changes that I managed to pick that up.
I am working on a new diff which will be released some time within the next few
Fcc: +outbox
Subject: Re: that private mailing list (fwd) Solar Designer: Re: that private
mailing list
I haven't even read this.
I don't care.
if this is the situation with open source disclosure, all of you
users are fucked.
--- Forwarded Message
Received: from
I generally associate negative connotations with so-called, as in
the so-called free world. I wouldn't use it just to name something,
as in the kernel is written in the so-called C language. so-called
implies it's called this, but it's not.
Two imo dubious occurrences in the install notes. It's
Dk sqoexmncn p`gbhrh ahgmeq` menaundhl` j`weqrbemm` h dnqrsom` pejk`l`. B
m`xe bpel nqmnbm{l qpedqrbnl pejk`l{ bkerq Hmrepmer, on qjnk|js d`er
bnglnfmnqr| p`qxhphr| cp`mhv{, nap`rhr| m` qea bmhl`mhe h ophbkew| mnb{u
jkhemrnb hg whqk` xhpnjni `sdhrnphh bqelhpmni o`srhm{.
Opedk`c`el B`l
What's happening! I was searching the web and found... there doing a
giveaway for an iPad2! you need to hurry up and get yours before they run out
heres the web link.. http://so.ee/K50
Index: dev/pci/piixpm.c
===
RCS file: /cvs/src/sys/dev/pci/piixpm.c,v
retrieving revision 1.35
diff -u -r1.35 piixpm.c
--- dev/pci/piixpm.c9 Apr 2011 04:33:40 - 1.35
+++ dev/pci/piixpm.c24 Apr 2011 03:16:31 -
@@
We must protect our planet. Turn off your computer!
Nous devons protC)ger notre planC(te. C teignez votre ordinateur!
Debemos proteger nuestro planeta. Apague su ordenador!
Musimy chroniD naszD planetD. WyEDcz komputer!
PQ P4PP;P6P=Q P7P0Q P8QP8QQ P=P0QQ P?P;P0P=P5QQ. PQ
http://sites.google.com/site/jgctidjtom/yzmbbezipo
http://www.salni.com/ertTUUIOPP.html
http://skateboa.skateboarding-videos.com/GJJlxxcCVB.html
50 matches
Mail list logo