#3913: PATCH [hg default] Present SHA1 finger print in interactive cert' check
-+--
Reporter: m-a | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor| Milestone:
Component: crypto
Am 12.02.2017 um 01:09 schrieb Matthias Andree:
> Am 09.02.2017 um 00:52 schrieb isdtor:
>> [...] Comparing the updated certificate file with a pre-update copy,
>> there was one certificate added, and openssl x509 confirms that this
>> is the certificate mutt presented above (on a side note, mutt s
#3913: PATCH [hg default] Present SHA1 finger print in interactive cert' check
--+-
Reporter: m-a | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor| Milestone:
Component: crypto |
Am 12.02.2017 um 00:04 schrieb Kevin J. McCarthy:
> On Thu, Feb 09, 2017 at 10:56:36PM +, isdtor wrote:
>>> What I hear you saying is that *with* the expired imap.google.com
>>> certificate, you are getting a prompt for an expired Google G2 cert
>>> (the 2nd in the chain). But without the expi
Am 12.02.2017 um 13:23 schrieb Matthias Andree:
> All this certificate handling apparently introduces memory leaks. I
> first tried to get a hold of them with clang's address sanitizer, which
> seems somehow handicapped on Ubuntu 16.04, but valgrind seems useful
> enough even if it hogs down perfor
On Sun, Feb 12, 2017 at 01:42:02PM +0100, Matthias Andree wrote:
> Am 12.02.2017 um 13:23 schrieb Matthias Andree:
> > All this certificate handling apparently introduces memory leaks. I
> > first tried to get a hold of them with clang's address sanitizer, which
> > seems somehow handicapped on Ubu
On Sun, Feb 12, 2017 at 12:38:09PM +0100, Matthias Andree wrote:
> Am 12.02.2017 um 01:09 schrieb Matthias Andree:
> > Am 09.02.2017 um 00:52 schrieb isdtor:
> >> [...] Comparing the updated certificate file with a pre-update copy,
> >> there was one certificate added, and openssl x509 confirms tha
On Sun, Feb 12, 2017 at 08:35:10AM -0800, Kevin J. McCarthy wrote:
> On Sun, Feb 12, 2017 at 01:42:02PM +0100, Matthias Andree wrote:
> > Am 12.02.2017 um 13:23 schrieb Matthias Andree:
> > > All this certificate handling apparently introduces memory leaks. I
> > > first tried to get a hold of them
Am 12.02.2017 um 17:35 schrieb Kevin J. McCarthy:
>
> - while ((cert = PEM_read_X509 (fp, NULL, NULL, NULL)) != NULL)
> + while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL)
>{
> if ((X509_cmp_current_time (X509_get_notBefore (cert)) >= 0) ||
> (X509_cmp_current_time
Am 12.02.2017 um 17:49 schrieb Kevin J. McCarthy:
>
> Actually, since this loop, has no break inside, it doesn't make sense to
> have the X509_free() after the loop. Let me see if I can make sure the
> PEM_read_X509() frees the cert even on EOF, and if so we can just pull
> the X509_free() complet
On Sun, Feb 12, 2017 at 06:31:59PM +0100, Matthias Andree wrote:
> Am 12.02.2017 um 17:35 schrieb Kevin J. McCarthy:
> >
> > - while ((cert = PEM_read_X509 (fp, NULL, NULL, NULL)) != NULL)
> > + while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL)
> >{
> > if ((X509_cmp_current
Am 12.02.2017 um 18:54 schrieb Kevin J. McCarthy:
> On Sun, Feb 12, 2017 at 06:31:59PM +0100, Matthias Andree wrote:
>> Am 12.02.2017 um 17:35 schrieb Kevin J. McCarthy:
>>> - while ((cert = PEM_read_X509 (fp, NULL, NULL, NULL)) != NULL)
>>> + while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL))
#3914: mutt stores duplicate certificates into $certificate-file on hostname
mismatch and interactive_check_cert = "allow always"
+--
Reporter: m-a | Owner: mutt-dev
Type: defect | Status: new
Priority: minor | Milestone: 1.8
Com
#3914: mutt stores duplicate certificates into $certificate-file on hostname
mismatch and interactive_check_cert = "allow always"
-+--
Reporter: m-a | Owner: mutt-dev
Type: defect | Status: new
Priority: minor | Milestone: 1.8
#3913: PATCH [hg default] Present SHA1 finger print in interactive cert' check
--+-
Reporter: m-a | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor| Milestone: 1.8
Component: crypto
On Sun, Feb 12, 2017 at 07:24:48PM +0100, Matthias Andree wrote:
> It's not documented to free anything, and it doesn't zero out the
> pointer, and with OpenSSL 1.0.2, valgrind does not complain about
> freeing free memory.
>
> Unfortunately OpenSSL (ab)uses #define preprocessor macros with
> conc
changeset: 6931:2632bc4f5b20
user: Kevin McCarthy
date: Sun Feb 12 09:59:41 2017 -0800
link: http://dev.mutt.org/hg/mutt/rev/2632bc4f5b20
Filter expired local certs for OpenSSL verification.
OpenSSL has trouble establishing the chain and verifying when
duplicate expired certs are
#3913: PATCH [hg default] Present SHA1 finger print in interactive cert' check
--+-
Reporter: m-a | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor| Milestone: 1.8
Component: crypto
#3913: PATCH [hg default] Present SHA1 finger print in interactive cert' check
--+-
Reporter: m-a | Owner: mutt-dev
Type: enhancement | Status: closed
Priority: minor| Milestone: 1.8
Component: crypto
changeset: 6934:cec61c6926ea
user: Matthias Andree
date: Sun Feb 12 13:03:03 2017 -0800
link: http://dev.mutt.org/hg/mutt/rev/cec61c6926ea
Show SHA1 fp in interactive cert check menu.
While here, fix a few compiler warnings about sign mismatch in comparison.
diffs (75 lines):
di
20 matches
Mail list logo
