Re: patch available for CVE-2010-5298?

2014-04-24 Thread Jeffrey Walton
On Thu, Apr 24, 2014 at 1:49 PM, Bin Lu wrote: > Thanks! Ben Laurire checked it in recently (within the last week or so). Until it makes it way into the the tar balls, I believe you should try: https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest. Jeff ___

RE: How to include intermediate in pkcs12?

2014-04-24 Thread Edward Ned Harvey (openssl)
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Tom Francis > > > openssl pkcs12 -export -out mypkcs12.pfx -inkey my.private.key -in > mycert.crt -certfile intermediate.crt -CAfile ca.crt > > (Correct?) So ... I just tried this, and confir

Re: How to include intermediate in pkcs12?

2014-04-24 Thread Tom Francis
On Apr 24, 2014, at 8:21 AM, Edward Ned Harvey (openssl) wrote: >> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- >> us...@openssl.org] On Behalf Of Dave Thompson >> >> - the truststore if -CAfile and/or -CApath specified IF NEEDED > > Thank you very much for your awesome detail

patch available for CVE-2010-5298?

2014-04-24 Thread Bin Lu
Thanks!

Re: SSL Root CA and Intermediate CA Certs.

2014-04-24 Thread Mark H. Wood
On Thu, Apr 24, 2014 at 12:57:36PM +, Michael Wojcik wrote: [snip] > > How and why do you trust any root certs? Generally they're built-in to your > > OS or your browser, so you're just blindly trusting that those guys know > > what > > they're doing. > > And they don't, and they don't care

RE: SSL Root CA and Intermediate CA Certs.

2014-04-24 Thread Edward Ned Harvey (openssl)
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Michael Wojcik > > For someone who does want more background in cryptography, I'd > recommend Schneier's /Applied Cryptography/ over /Cryptography > Engineering/. The latter is for people implementing

RE: SSL Root CA and Intermediate CA Certs.

2014-04-24 Thread Michael Wojcik
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Edward Ned Harvey (openssl) > Sent: Wednesday, 23 April, 2014 21:05 > Subject: RE: SSL Root CA and Intermediate CA Certs. > > I don't know how you learn about SSL/TLS, other than (a) reading the > inte

RE: How to include intermediate in pkcs12?

2014-04-24 Thread Edward Ned Harvey (openssl)
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Dave Thompson > > - the truststore if -CAfile and/or -CApath specified IF NEEDED Thank you very much for your awesome detailed answer. This answers a lot of questions, but I am left with a new one:

RE: How to include intermediate in pkcs12?

2014-04-24 Thread Dave Thompson
A lot of things on the Internet are wrong. The OpenSSL man page does not say multiple occurrences work and I'm pretty sure it never did, nor did the code. In general OpenSSL commandlines don't handle repeated options; the few exceptions are noted. pkcs12 -caname (NOT -cafile) IS one of the few