On Sat, Mar 16, 2002 at 12:06:15AM -0800, Tom Wu wrote:
In both 0.9.6c and 0.9.7-SNAP, the function ssl_verify_alarm_type in
ssl/s3_both.c seems to be missing the newest x509 verification error
codes, like X509_V_ERR_INVALID_PURPOSE, in the switch statment. If such
a verification error
On Mon, 18 Mar 2002, Lutz Jaenicke wrote:
(Don't forget to CC to [EMAIL PROTECTED]).
The address in the US regulations is:[EMAIL PROTECTED]. I don't know
if [EMAIL PROTECTED] is an alias for that or not.
Doug
__
Doug Kaufman
Internet: [EMAIL PROTECTED]
The attached patch against 0.9.6c maps the new X509 verification error
codes into SSL alerts, using the following mappings:
X509_V_ERR_CERT_UNTRUSTED = SSL_AD_BAD_CERTIFICATE
X509_V_ERR_CERT_REJECTED = SSL_AD_BAD_CERTIFICATE
X509_V_ERR_PATH_LENGTH_EXCEEDED = SSL_AD_UNKNOWN_CA
In both 0.9.6c and 0.9.7-SNAP, the function ssl_verify_alarm_type in
ssl/s3_both.c seems to be missing the newest x509 verification error
codes, like X509_V_ERR_INVALID_PURPOSE, in the switch statment. If such
a verification error is encountered, the switch will fall through and an
unknown