When handshake messages can't be reassembled because a fragment got
lost, the ChangeCipherSpec included in the same flight was still
processed. The new mastersecret has not been calculated yet, so random
memory is used causing the connection to fail. This patch drops every
ChangeCipherSpec
Dear OpenSSL developers,
please have a look at the following bug about a bad interaction
between mod_ssl and openssl 0.9.7, 0.9.8 and possibly higher
versions when the server side supports more than 85 CAs:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
So far this has only caused
On 2009.06.04 at 21:31:19 -0400, David Michael wrote:
> Hi,
>
> A certain daemon I am building requires root certificates to have
> hash links in order to find them. My target OS provides a multi-cert
> PEM with just about every common root cert out there, so I prefer to
> have the hash links
Hi,
A certain daemon I am building requires root certificates to have
hash links in order to find them. My target OS provides a multi-cert
PEM with just about every common root cert out there, so I prefer to
have the hash links pointing directly at this.
The rehash scripts will only link the
On Mon, 25 May 2009, rakesh aggarwal wrote:
>
>
>
>
>Hi,
>
>i am new to openssl and trying to add support for CTR mode in AES.
>i dont know what i am doing is correct or not?
>I made some changes based on my understanding but i want to cross verify.
>For adding the above support, first i need to
Howard,
I'm building a framework for application servers, one generic task is
to setup ldap servers for user authentication and SSO with kerberos.
There will be situations where an ldap server will have a cert that
our server can't verify. In that case we'd like to ask the user if
they want to tr
John Carter wrote:
Thanks Howard, but the problem we found with that was that the cert is
dumped in what looks like DER format mixed in with lots of other
binary data. However we also go nothing beyond doing -d 3.
On the offchance your version of ldap is newer and dumps the certs
nicely, what ve
Thanks Howard, but the problem we found with that was that the cert is
dumped in what looks like DER format mixed in with lots of other
binary data. However we also go nothing beyond doing -d 3.
On the offchance your version of ldap is newer and dumps the certs
nicely, what version of ldap have yo
John Carter wrote:
Howard,
I appreciate that currently the s_client code is plain-text, this
would have to change to support ASN.1.
As you indicate "working" ldap once starttls done is hard/insane, but
as with all protocols that's the user's problem. Actually we are
primarily interested in seei
Howard,
I appreciate that currently the s_client code is plain-text, this
would have to change to support ASN.1.
As you indicate "working" ldap once starttls done is hard/insane, but
as with all protocols that's the user's problem. Actually we are
primarily interested in seeing the certificate, r
10 matches
Mail list logo