Hi, On Tue, Dec 15, 2015 at 10:41:33PM +0100, Jan Just Keijser wrote: > is loaded, but - as Steffan pointed out - this would mean that multiple > places need a function call to check this: > - when loading an x509 file > - when loading a pkcs12 file > - when loading an inline blob > - when loading something from pkcs11 > - when loading something via cryptostore > - when loading something using the management interface
... which means "truly a lot of places", and we'll end up maintaining that
code for quite a long time...
[..]
> I'm inclined to alter the patch to check it at all items listed above -
> what do you guys think?
> Having to wait for openssl 1.0.2 (which even my fedora 22 box does not
> yet have) seems a bit like "so close, yet so far ..."
OTOH, 0.9.8 and 1.0.0 will be discontinued end of this year, so we should
see vendor upgrades.
Or, as Steffan remarked, just use PolarSSL - which is its own can of worms,
but at least, this functionality is there nicely. If you have 1.3, that is,
so in the 2.3 release train, it won't work before 2.3.10 (argh on all
crypto libraries...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
