On Mon, Oct 21, 2013 at 5:45 AM, Dr Stephen Henson
wrote:
> On 21/10/2013 05:09, Trevor Perrin wrote:
>>
>> Seems like a lot of work. For example, how would the generic
>> SSLConfCmd commands get hooked-up with passphrase handling for the key
>> files?
>
On Sun, Oct 13, 2013 at 2:24 AM, Kaspar Brand wrote:
> On 13.10.2013 00:43, Trevor Perrin wrote:
>>
>> But maybe the easiest way to handle this is to create another hash
>> table like tPublicCert (e.g. tServerInfoFile or tSSLConfCmd).
>>
>> This table could be p
On Thu, Oct 10, 2013 at 4:44 PM, Dr Stephen Henson
wrote:
> On 10/10/2013 23:18, Trevor Perrin wrote:
>>
>> How would you expect the code to track the Cert -> ServerInfo
>> relationship between these points?
>
> AFAICS the certificate and key file
On Wed, Oct 9, 2013 at 6:52 AM, Dr Stephen Henson
wrote:
>
> Technically the "current certificate" concept doesn't need exposing at all.
> You
> just have to make sure you set all the relevant parameters *after* you set the
> certificate they apply to and *before* you set another one.
Hi Stephen
entail...)
Trevor
On Thu, Oct 3, 2013 at 3:37 PM, Trevor Perrin wrote:
>
>
> On Tue, Oct 1, 2013 at 3:15 AM, Dr Stephen Henson
> wrote:
>>
>>
>> OpenSSL has the concept of the "current certificate". That is the last
>> certificate set. So you set
On Tue, Oct 1, 2013 at 3:15 AM, Dr Stephen Henson <
shen...@opensslfoundation.com> wrote:
>
> OpenSSL has the concept of the "current certificate". That is the last
> certificate set. So you set certificate "foo" and then any parameters you
> set
> are associated with it until another certificate
On Sun, Sep 29, 2013 at 1:06 AM, Kaspar Brand wrote:
> On 28.09.2013 18:34, Dr Stephen Henson wrote:
>> How about something like:
>>
>> int SSL_CONF_cmd_type(SSL_CONF_CTX *cctx, const char *cmd);
>>
>> which can return things like...
>>
>> SSL_CONF_TYPE_INVALID:unrecognised name.
>> SSL_CO
On Fri, Sep 27, 2013 at 9:16 AM, Kaspar Brand wrote:
> On 26.09.2013 23:59, Trevor Perrin wrote:
>> It doesn't work with filenames relative to the Apache root. The patch
>> I submitted uses ssl_engine_config.c:ssl_cmd_check_file() to map
>> relative to absolute filename
On Tue, Sep 24, 2013 at 10:39 PM, Kaspar Brand wrote:
> On 25.09.2013 04:13, Trevor Perrin wrote:
>> The feature is checked in to the 1.0.2 branch [1], so we'd like to
>> expose it through Apache.
>>
>> The patch is pretty simple. I suppose more tests or docs m
Hi Apache folks,
I've been working with Ben Laurie on a "ServerInfoFile" feature for
OpenSSL 1.0.2.
Using a call to OpenSSL's "SSL_CTX_use_serverinfo_file()" the user can
specify a file of PEM blocks containing TLS ServerHello extension
data. The extensions will be returned if the client sends a
10 matches
Mail list logo