Closing this ticket: works as intended, won't fix.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Tue, Aug 11, 2015 at 08:25:53PM +, Sekwon Choi via RT wrote:
> Hi Viktor and Kurt,
>
> Thanks for the quick response. I think I agree with you guys. I looked up
> hostname RFC again (RFC952 and 1123), not URI RFC, and indeed, '_' and '~'
> are not valid character to be used for hostname.
>
Hi Viktor and Kurt,
Thanks for the quick response. I think I agree with you guys. I looked up
hostname RFC again (RFC952 and 1123), not URI RFC, and indeed, '_' and '~'
are not valid character to be used for hostname.
So technically, what openssl is doing is right. What makes tricky is that,
sinc
On Tue, Aug 11, 2015 at 07:29:15PM +, Viktor Dukhovni wrote:
> On Tue, Aug 11, 2015 at 07:22:58PM +, Kurt Roeckx via RT wrote:
>
> > It looks to me that you're trying to validate an URL instead of a
> > hostname. I don't know of any standart that allows you to put a
> > URL in a certific
On Tue, Aug 11, 2015 at 07:22:58PM +, Kurt Roeckx via RT wrote:
> It looks to me that you're trying to validate an URL instead of a
> hostname. I don't know of any standart that allows you to put a
> URL in a certificate and it also doesn't make much sense.
Certificates IIRC can have URI sub
On Tue, Aug 11, 2015 at 06:53:29PM +, Sekwon Choi via RT wrote:
> When we want to perform a host verification using openssl's APIs that use
> X509_check_host, host URL that includes specific characters such as '_' or
> '~' will be failing when CN from the certificate contains wildcard
> charact
Hi openssl team,
I would like to report a bug as below and patch for the fix.
[ Version affected ] :
1.0.2d (latest) and below (basically, all versions of openssl)
[ Operating system ] :
All
[ Bug description ] :
When we want to perform a host verification using openssl's APIs that use
X509_che
On Tue, Aug 11, 2015 at 07:55:33PM +0200, stefan.n...@t-online.de wrote:
> Hi,
>
> Kurt Roeckx wrote:
>
> > 1.0.2 long term support
> > ===
> >
> > The OpenSSL project team would like to announce that the 1.0.2
> > version will be supported until 2019-12-31.
>
> Lookin
Hi,
Kurt Roeckx wrote:
> 1.0.2 long term support
> ===
>
> The OpenSSL project team would like to announce that the 1.0.2
> version will be supported until 2019-12-31.
Looking at the release date of 1.0.2 (22 Jan 2015) that seems to
be (very slightly) less than the "at
> Yes. But skimping on security features is not a good way to deal with
> software/firmware bloat. And again, attacks on this layer are increasing in
> quantity and sophistication. The current protection mechanisms appear
> insufficient. Draw your own conclusions.
But this isn't a general-purpose
Hi Ian,
Thanks for the report!
Your colleague John Foley suggested to treat this error as unrecoverable:
https://mta.openssl.org/pipermail/openssl-dev/2015-March/001030.html
The error is set while processing the ServerHello, at which point the PAC
has already been sent to the server in the ticke
11 matches
Mail list logo
