On Tue, Sep 01, 2020 at 12:22:30AM -0500, David Arnold wrote:
> A SSL_CTX api seem like a good idea to provide additional guarantees to
> applications.
>
> Maybe Openssl - used as a library - can return to the other legacy
> applications that the certificate is "deemed not valid any more"
A SSL_CTX api seem like a good idea to provide additional guarantees to
applications.
Maybe Openssl - used as a library - can return to the other legacy
applications that the certificate is "deemed not valid any more" whenever
they try to use an outdated pointer?
This ought to be a transparent
On Mon, Aug 31, 2020 at 11:00:31PM -0500, David Arnold wrote:
> 1. Construe symlinks to current certs in a folder (old or new / file by file)
> 2. Symlink that folder
> 3. Rename the current symlink to that new symlink atomically.
This is fine, but does not provide atomicity of access across
1. Construe symlinks to current certs in a folder (old or new / file by
file)
2. Symlink that folder
3. Rename the current symlink to that new symlink atomically.
On OpenSSL side statd would have to follow through on symlinks - if it
shouldnt do so.
This is +- how kubernetes atomically
> On Aug 31, 2020, at 10:57 PM, Jakob Bohm via openssl-users
> wrote:
>
> Given the practical imposibility of managing atomic changes to a single
> POSIX file of variable-length data, it will often be more practical to
> create a complete replacement file, then replace the filename with the
>
Greetings,
We are currently investigating the usage of OpenSSL 3.0.0 on
our side, especially for FIPS usage, but it seems that for OpenSSL 3.0.0 the
providers, especially the FIPS provider, will be loaded dynamically, my main
worry is that this will easily permit some kind of
On 2020-09-01 01:52, Viktor Dukhovni wrote:
On Sun, Aug 30, 2020 at 07:54:34PM -0500, Kyle Hamilton wrote:
I'm not sure I can follow the "in all cases it's important to keep
the key
and cert in the same file" argument, particularly in line with openat()
usage on the cert file after privilege
On Sun, Aug 30, 2020 at 07:54:34PM -0500, Kyle Hamilton wrote:
> I'm not sure I can follow the "in all cases it's important to keep the key
> and cert in the same file" argument, particularly in line with openat()
> usage on the cert file after privilege to open the key file has been
> dropped.
On 2020-08-31 16:28, Marc Roos wrote:
Why don't you block the whole compute cloud of amazon?
ec2-3-21-30-127.us-east-2.compute.amazonaws.com
Please note, that at least our company hosts a secondary MX in the EC2
cloud, with the option to direct my posts to the list through that
server. However
On 8/31/2020 6:29 AM, Karl Denninger wrote:
>
> I'm trying to figure out why you want to replace the context in an
> *existing* connection that is currently passing data rather than for
> new ones.
>
No, not for existing connections, just for new ones using the same context.
Note that I'm
On 8/30/2020 10:26 PM, Kyle Hamilton wrote:
> Could this be dealt with by the simple removal of any caching layer
> between an SSL_CTX and a directory processed by openssl c_rehash?
> Would reading the filesystem on every certificate verification be too
> heavy for your use case?
That might well
On 8/30/2020 7:24 PM, David Arnold wrote:
> Hot-plugging the pointer seems to force atomicity considerations
> down-stream, which might be
> educationally a good thing for openssl to press for. It also addresses
> Jordan's use case, for however
> application specific it might be. For compat
Why don't you block the whole compute cloud of amazon?
ec2-3-21-30-127.us-east-2.compute.amazonaws.com
-Original Message-
To: openssl-users@openssl.org
Subject: Testing
--
-BEGIN EMAIL SIGNATURE-
The Gospel for all Targeted Individuals (TIs):
[The New York Times]
Subject: How to Migrate Wordpress Website from 32-bit CentOS Linux 6.3 to
64-bit CentOS Linux 8.2 (2004)
Author of this Guide: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 31 August 2020 Monday Singapore Time
Type of Publication: Plain Text
Document
--
-BEGIN EMAIL SIGNATURE-
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
On 8/30/2020 20:19, Jordan Brown wrote:
Well, I can restate the problem that I encountered.
We deliver an integrated storage system. Under the covers it is a
modified Solaris running a usual collection of proprietary and
open-source components. We supply an administrative user interface
16 matches
Mail list logo