On 3/15/22, 8:08 PM, "Daniel Stenberg" wrote:
>This is probably the same issue as Bug #1007739. Triggered by a bug in
> curl
>for CN-only certificates:
Ah, probably is. This vhost does use a self-signed cert with a CN only, not
Let's Encrypt, and I can't think why else it would be fai
I would speculate that this isn't caused by curl, but by openssl bumping. I
reproduced the test failure on a Mac, and the change log for openssl 3.0.2
includes a very suspicious incompatible change to a critical function. I need
to dig into it, and I don't know when that will be at this point. I
Looking more closely, I'm going to hope curl is at fault and that this is
actually "just" a CA list issue.
It's very unusual for any of this code to rely on "default" trust store
handling but I'm wondering if this code is tripping on that for some reason. If
so, it's likely due to the Let's Enc
On 12/1/18, 4:48 AM, "Pkg-shibboleth-devel on behalf of wf...@niif.hu"
wrote:
> Please let me know if you need any help; for example I can see that
> version 3 of the resolver uses pkg-config for finding the SP, which is
> cool in principle but nobody tested it in Debian yet, so that may
> uncov
The resolver library upstream has already been updated to reflect all these
necessary changes so you're just duplicating that work.
-- Scott
> Scott, have you perhaps got a new estimate for the timing of the 3.0 release?
Summer probably.
-- Scott
On 11/17/17, 11:48 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner"
wrote:
> Now, this is still ongoing:
> https://release.debian.org/transitions/html/auto-xerces-c.html
> The upstream fixes for this issue appeared as new patch level releases
> for XMLTooling (1.6.2), OpenSAML (2.6.1) and t
> It's worth noting that Apache also requires OpenSSL 1.0, which may also
> affect what the Shibboleth stack can link against.
No, that code is isolated into shibd, mod_shib doesn't link to it. That was
deliberate of course, for exactly this reason.
There are edge cases. If you link Xerces to li
On 11/9/16, 3:55 PM, "Pkg-shibboleth-devel on behalf of Kurt Roeckx"
wrote:
> Can I just say this is really ugly code? It's called "internal",
> you really have no business of touching this. And that just for
> some debug log.
The debugging information is a minor portion of the functionality. I
On 11/9/16, 1:13 PM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner"
wrote:
>wf...@niif.hu (Ferenc Wágner) writes:
>
> > Can you recommend a reliable way to decide whether there really are any
>> conflicts between the different OpenSSL libraries used by libcurl and
>> xmltool
10 matches
Mail list logo
