On Mon, Jul 25, 2016 at 01:44:18PM +, Salz, Rich via RT wrote:
> I am not sure what to suggest. This conversation is bouncing across
> two ticket systems and is all about a legacy certificate format that
> is, what, outdated since 2002?
> I am hard-pressed to see why OpenSSL 1.1 has to do anyt
On Mon, Jul 25, 2016 at 12:47:56PM +, Salz, Rich via RT wrote:
>
> > That's exactly what we currently do, we provide a verification callback, but
> > we do need to be able to set the failing cert in a chain for that.
>
> Stick it in EXDAT?
I don't think I understand what you mean...
For a pr
On Mon, Jul 25, 2016 at 12:42:21PM +, Salz, Rich via RT wrote:
> Perhaps the GRID folks can just write their own validation routine completely?
That's exactly what we currently do, we provide a verification callback,
but we do need to be able to set the failing cert in a chain for that.
M
Hi Richard,
On Mon, Jul 25, 2016 at 11:46:50AM +, Richard Levitte via RT wrote:
> Is that code to cope with pathlen checking bugs? That's what it looks to me.
> In
> that case, it might no longer be needed with OpenSSL 1.1, along with some
> other
> stuff (the subject checking stuff comes to
On Sat, Jul 23, 2016 at 09:44:18AM +, Richard Levitte via RT wrote:
> To get current_cert, it's X509_STORE_CTX_get_current_cert().
> To get current_issuer, it's X509_STORE_CTX_get0_current_issuer()
Hi Richard,
yes, those I know, but the problem is the *setting* of the failing cert.
Since we n
On Fri, Jul 22, 2016 at 09:38:13AM +0200, Mattias Ellert wrote:
> tor 2016-07-21 klockan 09:51 + skrev Richard Levitte via RT:
> > On Thu Jul 21 08:18:30 2016, mattias.ell...@physics.uu.se wrote:
> > >
> > > ons 2016-07-20 klockan 15:14 + skrev Richard Levitte via RT:
> > > >
> > > > On M
6 matches
Mail list logo
