as for my observation, people share password with coworkers, they will
share cert in the same way :)
well, password-only is legitimate setup, so I would add test case for it.
maybe bit later.
where can I have a look at existing test cases you are talking about?
суббота, 2 января 2016 г. пользоват
Hi,
On Sat, Jan 02, 2016 at 09:14:21PM +0300, ?? wrote:
> also, does it make sence to perform unit testing on build like
>
> setup server with user/password auth on localhost, connect to is using
> client, see whether it is ok
We do, but we don't run test setups without
also, does it make sence to perform unit testing on build like
setup server with user/password auth on localhost, connect to is using
client, see whether it is ok
?
2015-12-26 12:40 GMT+03:00 Steffan Karger :
> On 26-12-15 10:19, Gert Doering wrote:
> > On Wed, Dec 23, 2015 at 04:11:17PM +0
I'm getting "segmentation fault" after that commit.
well, I suspect you beleive that user _always_ has client cert, which is
not true.
obviously, for preshared keys there''s no user cert, and for user/password
auth there's also no user cert (which is our case)
is Valgrind I see the following:
ht
On 26-12-15 10:19, Gert Doering wrote:
On Wed, Dec 23, 2015 at 04:11:17PM +0100, Jan Just Keijser wrote:
I justed wanted to get back to this one one more time: attached is a
patch to ssl_openssl.c that works in combination with Steffan's patch to
check for expired certificates. This new patch-pa
Hi,
On Wed, Dec 23, 2015 at 04:11:17PM +0100, Jan Just Keijser wrote:
> I justed wanted to get back to this one one more time: attached is a
> patch to ssl_openssl.c that works in combination with Steffan's patch to
> check for expired certificates. This new patch-patch works on my CentOS
> 6 (
Hi,
Steffan Karger wrote:
Hi,
On Wed, Dec 23, 2015 at 4:11 PM, Jan Just Keijser wrote:
Steffan Karger wrote:
[...]
Just use mbedtls ;-)
OpenSSL 1.0.2 has been released almost a year ago, so upcoming distro
releases will probably contain 1.0.2+ (e.g. Ubuntu 15.10 already has
it, 16.0
Hi,
On Wed, Dec 23, 2015 at 4:11 PM, Jan Just Keijser wrote:
> Steffan Karger wrote:
>>
>> [...]
>> Just use mbedtls ;-)
>>
>> OpenSSL 1.0.2 has been released almost a year ago, so upcoming distro
>> releases will probably contain 1.0.2+ (e.g. Ubuntu 15.10 already has
>> it, 16.04 LTS will have i
Hi,
Steffan Karger wrote:
[...]
Just use mbedtls ;-)
OpenSSL 1.0.2 has been released almost a year ago, so upcoming distro
releases will probably contain 1.0.2+ (e.g. Ubuntu 15.10 already has
it, 16.04 LTS will have it too). Should not take too long, right?
As you've probably noticed in the o
On 16/12/15 09:24, Gert Doering wrote:
>
> OTOH, 0.9.8 and 1.0.0 will be discontinued end of this year, so we should
> see vendor upgrades.
Enterprise distributions will not rebase OpenSSL on their supported
distroes. RHEL5 will continue to ship the openssl-0.9.8 base. But it
will be, as it alwa
Hi,
On Tue, Dec 15, 2015 at 10:41:33PM +0100, Jan Just Keijser wrote:
> is loaded, but - as Steffan pointed out - this would mean that multiple
> places need a function call to check this:
> - when loading an x509 file
> - when loading a pkcs12 file
> - when loading an inline blob
> - when loadin
On Tue, Dec 15, 2015 at 10:41 PM, Jan Just Keijser wrote:
> On 15/12/15 08:53, Gert Doering wrote:
>> On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote:
>>> Just tried to build openvpn on one of my laptops (Scientific Linux 7.1,
>>> openssl-1.0.1e-42.el7). And it explodes when reac
Hi,
On 15/12/15 08:53, Gert Doering wrote:
Hi,
On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote:
Just tried to build openvpn on one of my laptops (Scientific Linux 7.1,
openssl-1.0.1e-42.el7). And it explodes when reaching the
SSL_CTX_get0_certificate(), it seems that support
Hi,
On Tue, Dec 15, 2015 at 01:12:49AM +0100, David Sommerseth wrote:
> Just tried to build openvpn on one of my laptops (Scientific Linux 7.1,
> openssl-1.0.1e-42.el7). And it explodes when reaching the
> SSL_CTX_get0_certificate(), it seems that support arrived in OpenSSL 1.0.2?
> Could that be
On 14/12/15 21:09, Steffan Karger wrote:
> Previously, client certificate expiry warnings would only visible in the
> server log, and server certificate expiry warnings in the client log.
> Both after a (failed) connection attempt. This patch adds a warning to
> log when a users own certificate h
Previously, client certificate expiry warnings would only visible in the
server log, and server certificate expiry warnings in the client log.
Both after a (failed) connection attempt. This patch adds a warning to
log when a users own certificate has expired (or is not yet valid) to ease
problem d
16 matches
Mail list logo
