On May 3, 2009, at 9:46 AM, Marcin Owsiany wrote:
>
> On Sat, May 02, 2009 at 11:42:00PM +0200, Brice Figureau wrote:
>> Any ideas?
>
> Even though the standards only allow a positive integer, I think there
> are some implementations which produce certs with negative values,
> because they treat them as an opaque set of bits. So if jruby wants
> interoperability, they might have to relax the contstraint.
>
> I think I read that in the "everything you never wanted to know about
> SSL but were forced to find out" document.
>
> BTW if you take time to read that document you will find that the SSL
> world is full of such issues.
And clearly, Puppet should be changed to default to a positive integer
as the first serial.
If the JRuby guys won't relax this (and quite possibly, it uses an
underlying java lib so it's not up to them), then we can just clarify
that people will need to regen that first cert.
--
You can't build a reputation on what you are going to do.
-- Henry Ford
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
