using openssl to generate SAN seems not working...

2014-08-15 Thread Wellen Lau
Hi All, I am having trouble to use enable the Subject AlterName in generating CSR or signing the cert. I did google on it and found few places mentioning as below. Does it work ? or something has been broken? This is my configuration file : openssl.conf [ req ] req_extensions = v3_req

Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge MA IM:

RE: Error Handling in a Multithreaded Environment, Failures effecting non-associated connections

2014-08-15 Thread Salz, Rich
Just so I make sure I understand, I just need to do something like: while ((err = ERR_get_error())); When I switch work and everything will be ok? Simpler to just call ERR_clear_error() -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz

RE: using openssl to generate SAN seems not working...

2014-08-15 Thread Wellen Lau
Pls ignore this. I got it works properly now. From: Wellen Lau Sent: Thursday, August 14, 2014 10:50 AM To: openssl-...@openssl.org; openssl-users@openssl.org Subject: using openssl to generate SAN seems not working... Hi All, I am having trouble to use enable the Subject AlterName in

Re: Error Handling in a Multithreaded Environment, Failures effecting non-associated connections

2014-08-15 Thread David Hinkle
Thanks! On Fri, Aug 15, 2014 at 10:50 AM, Salz, Rich rs...@akamai.com wrote: Just so I make sure I understand, I just need to do something like: while ((err = ERR_get_error())); When I switch work and everything will be ok? Simpler to just call ERR_clear_error() -- Principal Security

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Walter H.
Hello On 15.08.2014 17:43, Salz, Rich wrote: Does ANYONE think that case-sensitive cipher names are good idea? this is a bad idea; or can you explain the difference between tlsv1:rc4-md5 and TLSV1:RC4-MD5? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Viktor Dukhovni
On Fri, Aug 15, 2014 at 11:43:51AM -0400, Salz, Rich wrote: Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. The case makes some things more clear:

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
The case makes some things more clear: I never said it didn't. There are lots of other ways to typo the input string. Yup, but saying TLSV1 won't work while TLSv1 does work is silly. Perhaps there are currently no collisions, and case folding is likely safe, but I don't really see much

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Michael Wojcik
Well, one problem is that strcasecmp is not in the Standard C Library, and in fact is illegal, because external identifiers beginning with str are reserved to the implementation. There is no standard case-insensitive string-comparison function in C. You have to write your own. Here's one:

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
Well, one problem is that strcasecmp is not in the Standard C Library, and in fact is illegal, because external identifiers beginning with str are reserved to the implementation. Openssl already handles that, thanks. That said, I agree that case-insensitive comparison would be a good

Error while attempting to create an Intermediate Root CA

2014-08-15 Thread Michael G. Zajac
This one really has me turned around… I am receiving AKID errors which I have seen earlier: *Error Loading extension section v3_x509* *2283200:error:22077079:X509 V3 routines:V2I_AUTHORITY_KEYID:no issuer certificate:v3_akey.c:153:* *2283200:error:22098080:X509 V3

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread shathawa
Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge MA IM:

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Jeffrey Walton
On Sat, Aug 16, 2014 at 12:08 AM, shath...@e-z.net wrote: ... Even today with Unicode character set families, the ability to provide a global case-independent mapping becomes a massive problem. There are a variety of latin-like alphabets and greek alphabets, and even IBM EBCDIC encodings