On Tue, Mar 5, 2019 at 6:05 PM Tomas Mraz wrote:
>
> On Tue, 2019-03-05 at 16:00 +0100, Yann Ylavic wrote:
> > On Tue, Mar 5, 2019 at 2:47 PM Tomas Mraz wrote:
> > >
> > Why? Distros know better than the applications they run?
>
> They actually do, because applications cannot really know whats de
On Tue, 2019-03-05 at 11:28 -0800, Wim Lewis wrote:
> On 5. mar. 2019, at 10:14 f.h., Paul Smith
> wrote:
> > E.g., I'm adding my certificate with SSL_CTX_use_certificate(); is
> > there a way to get it back out?
>
> Does SSL_CTX_get0_certificate() do what you need?
AHA! That seems to do the tr
On 5. mar. 2019, at 10:14 f.h., Paul Smith wrote:
> E.g., I'm adding my certificate with SSL_CTX_use_certificate(); is there a
> way to get it back out?
Does SSL_CTX_get0_certificate() do what you need?
(The "get0" (vs "get") indicates its reference-counting semantics.)
I'm trying to write a simple function to dump the expiration date of
the certificates in my SSL_CTX cert store.
I've managed to retrieve and show the CA certificates from the
certificate store, and the certificate chain, but I can't find a method
that retrieves the certificate itself from SSL_CTX.
On Tue, 2019-03-05 at 16:00 +0100, Yann Ylavic wrote:
> On Tue, Mar 5, 2019 at 2:47 PM Tomas Mraz wrote:
> >
> Why? Distros know better than the applications they run?
They actually do, because applications cannot really know whats deep in
the chain of loaded shared libraries - for example getpw
Hi,
I'm working on a cert+key hot reload feature. Wonder if there is a way to
duplicate an existing SSL_CTX?
The idea would be duplicate the context, change the cert and key it is
using, and then swap the pointers to make it atomic.
Regards,
Zeyuan
--
[image: work-eat-sleep--400090.jpg]
*Zeyua
Tomas Mraz skrev: (5 mars 2019 14:47:18 CET)
>On Tue, 2019-03-05 at 14:16 +0100, Yann Ylavic wrote:
>> On Tue, Mar 5, 2019 at 12:51 PM Matt Caswell
>> wrote:
>> >
>> > 2) The no-pinshared option does not appear in 1.1.1 or 1.1.1a. It
>> > first appears
>> > in 1.1.1b. Backporting the option w
On Tue, Mar 5, 2019 at 2:47 PM Tomas Mraz wrote:
>
> But is it in reality at all possible to explicitly unload OpenSSL?
Well, I don't want to forcibly unload openssl precisely, I want it to
unload when its refcount reaches zero.
> You're talking here about mod_ssl but what if the OpenSSL is load
On 05/03/2019 14:47, Tomas Mraz wrote:
On Tue, 2019-03-05 at 14:16 +0100, Yann Ylavic wrote:
On Tue, Mar 5, 2019 at 12:51 PM Matt Caswell
wrote:
2) The no-pinshared option does not appear in 1.1.1 or 1.1.1a. It
first appears
in 1.1.1b. Backporting the option was considered ok. But changing
the
On Tue, 2019-03-05 at 14:16 +0100, Yann Ylavic wrote:
> On Tue, Mar 5, 2019 at 12:51 PM Matt Caswell
> wrote:
> >
> > 2) The no-pinshared option does not appear in 1.1.1 or 1.1.1a. It
> > first appears
> > in 1.1.1b. Backporting the option was considered ok. But changing
> > the default
> > mid-s
On Tue, Mar 5, 2019 at 12:51 PM Matt Caswell wrote:
>
> On 04/03/2019 23:37, Yann Ylavic wrote:
> > So my question is, why isn't no-pinshared the default?
> > ISTM that pinshared is enabled on linux only,
>
> That isn't correct. pinshared is the default everywhere. The way it is
> achieved
> is d
On 04/03/2019 23:37, Yann Ylavic wrote:
> So my question is, why isn't no-pinshared the default?
> ISTM that pinshared is enabled on linux only,
That isn't correct. pinshared is the default everywhere. The way it is achieved
is different for different platforms (so on Linux we use -znodelete).
12 matches
Mail list logo
