to be performed?
Regards,
Anirudh
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Stephen
Henson via RT
Sent: Monday, July 25, 2016 2:04 AM
To: patel3.anir...@gmail.com
Cc: openssl-dev@openssl.org
Subject: [openssl-dev] [openssl.org #4615] Cache utility
to be performed?
Regards,
Anirudh
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Stephen
Henson via RT
Sent: Monday, July 25, 2016 2:04 AM
To: patel3.anir...@gmail.com
Cc: openssl-dev@openssl.org
Subject: [openssl-dev] [openssl.org #4615] Cache utility
On Sun Jul 24 18:29:16 2016, aniru...@avaya.com wrote:
> Thanks a lot !!! Will definitely try it out :)
>
Note that this bugfix is now in OpenSSL 1.0.2 and the master branch so
alternatively just try a recent snapshot.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial
#4615] Cache utility behaving strange with
X509_LOOKUP_add_dir
On Tue Jul 19 22:23:56 2016, steve wrote:
>
> If there are multiple CRLs with the appropriate scope then the first
> one where the current time falls between lastUpdate and nextUpdate is
> used.
>
> It is possi
#4615] Cache utility behaving strange with
X509_LOOKUP_add_dir
On Tue Jul 19 22:23:56 2016, steve wrote:
>
> If there are multiple CRLs with the appropriate scope then the first
> one where the current time falls between lastUpdate and nextUpdate is
> used.
>
> It is possi
On Tue Jul 19 22:23:56 2016, steve wrote:
>
> If there are multiple CRLs with the appropriate scope then the first
> one where
> the current time falls between lastUpdate and nextUpdate is used.
>
> It is possible to dynamically update CRLs but currently only the time
> criteria
> is used. So if
On Tue Jul 19 08:47:11 2016, levitte wrote:
> My answer was incorrect...
>
> What happens when trying to find a CRL is that get_cert_by_subject (in
> crypto/x509/by_dir.c) gets called, and it will try to load every file
> it finds
> (so both $hash{sub_ca}.r0 and $hash{sub_ca}.r1). However, when
: Tuesday, July 19, 2016 2:42 PM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] openssl.org #4615 Cache utility behaving strange
with X509_LOOKUP_add_dir
Fine and thanks for all the explanation.
First let me give my scenario again and then I will come to Mischa’s point.
I got your point
.
Hope I have been able to made my point.
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Mischa
Salle
Sent: Tuesday, July 19, 2016 2:28 PM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] openssl.org #4615 Cache utility behaving strange
with X509_LOOKUP_add_dir
Hi
t;
>
>
> *From:* openssl-dev [mailto:openssl-dev-boun...@openssl.org] *On Behalf
> Of *Mischa Salle
> *Sent:* Tuesday, July 19, 2016 1:27 PM
>
> *To:* openssl-dev@openssl.org
> *Subject:* Re: [openssl-dev] openssl.org #4615 Cache utility behaving
> strange with X5
My answer was incorrect...
What happens when trying to find a CRL is that get_cert_by_subject (in
crypto/x509/by_dir.c) gets called, and it will try to load every file it finds
(so both $hash{sub_ca}.r0 and $hash{sub_ca}.r1). However, when trying to
storing them in the internal store, it will
So let me see if I understand this correctly... $hash(sub_ca).r1 and
$hash(sub_ca).r0, being of the same sub_ca, will of course have the same issuer
name. Right?
Unless I misread the source, OpenSSL will actually load both files. However,
since both CRLs have the same issuer, and cached CRLs are
: [openssl-dev] openssl.org #4615 Cache utility behaving strange
with X509_LOOKUP_add_dir
Hi Anirudh,
this is as far as I know a very old issue (at least since 2002 or so).
Basically a server needs to restart periodically in order to pick up changed
CRLs. There are some workarounds, like forcibly
19, 2016 12:55 PM
> To: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] openssl.org #4615 Cache utility behaving
> strange with X509_LOOKUP_add_dir
>
>
> > I have earlier raised an issue on how openssl is not looking up for
> newer CRLs in each lookup. The only CRL f
> It is not re-checking the files (new CRL for the same issuer) in the CRL
> directory
I believe that is working as designed and what you want is a new feature.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
rio in the ticket#4615
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Salz,
Rich
Sent: Tuesday, July 19, 2016 12:55 PM
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] openssl.org #4615 Cache utility behaving strange
with X509_LOOKUP_add_
> I have earlier raised an issue on how openssl is not looking up for newer
> CRLs in each lookup. The only CRL files it is taking into consideration are
> the ones present in the cache.
> Could you please provide some inputs on this as I am blocked on the
> implementation front.
You mean
Hi,
I have earlier raised an issue on how openssl is not looking up for newer CRLs
in each lookup. The only CRL files it is taking into consideration are the ones
present in the cache.
Could you please provide some inputs on this as I am blocked on the
implementation front.
Regards,
Anirudh
Hi,
I have a query related to how these APIs X509_STORE_add_lookup()
and X509_LOOKUP_add_dir() work. Let me give you a brief explanation of what
I am doing:
Purpose was to add lookup for CRLs.
First when my server starts and my SSL initializes I have successfully
created a store to which lookup
19 matches
Mail list logo
