Hello!
On Wed, Oct 23, 2013 at 02:48:38PM -0700, Piotr Sikora wrote:
> Hey,
>
> > Just drop the backwards-compatibility and require OpenSSL 1.0.2 or
> > later for that feature, just like a particular version of OpenSSL is
> > needed for TLS-SNI.
>
> I kind of agree with that.
>
> While OpenSSL
Hey Rob,
> #if OPENSSL_VERSION_NUMBER >= 0x10002000L
> // OpenSSL 1.0.2 lets us do this properly
> Call SSL_CTX_add1_chain_cert(ssl->ctx, x509)
> #else
> If (number of ssl_certificate directives > 1)
> // Put this intermediate in the "trusted certificates store"
> Call
Hey,
> Just drop the backwards-compatibility and require OpenSSL 1.0.2 or
> later for that feature, just like a particular version of OpenSSL is
> needed for TLS-SNI.
I kind of agree with that.
While OpenSSL-1.0.2 is still unreleased, it seems that all options for
existing releases are a bit hac
Hello!
On Wed, Oct 23, 2013 at 02:26:41PM -0700, Piotr Sikora wrote:
> Hey Maxim,
>
> > While I tend to think that the problem is indeed related to
> > SSL_MODE_RELEASE_BUFFERS I don't see any reasons why the server
> > side shouldn't be affected. Could you please point out why you
> > think so
Hey Maxim,
> While I tend to think that the problem is indeed related to
> SSL_MODE_RELEASE_BUFFERS I don't see any reasons why the server
> side shouldn't be affected. Could you please point out why you
> think so?
Well, I don't see this from the code, so it's just a hunch, but:
- I wasn't able
On 23/10/13 18:07, W-Mark Kubacki wrote:
Hi,
As someone about to purchase two certificates please allow me to
weight in an outside perspective:
Thanks!
On 2013-10-22 12:09 UTC Maxim Dounin wrote:
An unwanted side effect would be that this will allow client
certificate authentication to use
On 23/10/13 01:25, Maxim Dounin wrote:
On Tue, Oct 22, 2013 at 02:31:01PM +0100, Rob Stradling wrote:
Yes, that's a potentially unwanted side effect. But unfortunately,
AFAICT, putting the intermediates into the "trusted certificates
store" is the only way to implement this feature with OpenS
Hi,
As someone about to purchase two certificates please allow me to
weight in an outside perspective:
On 2013-10-22 12:09 UTC Maxim Dounin wrote:
>
> An unwanted side effect would be that this will allow client
> certificate authentication to use certs from a server's
> certificate chain. Proba
