On 18/05/2016 21:38, Walter H. wrote:
On 18.05.2016 21:10, Viktor Dukhovni wrote:
On May 18, 2016, at 1:26 PM, Walter H.
wrote:
openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt
-trusted_first -untrusted /tmp/chain.pem /tmp/cert.pem
/tmp/chain.pem contains a root certificate
/t
On 18.05.2016 21:10, Viktor Dukhovni wrote:
On May 18, 2016, at 1:26 PM, Walter H. wrote:
openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt -trusted_first
-untrusted /tmp/chain.pem /tmp/cert.pem
/tmp/chain.pem contains a root certificate
/tmp/cert.pem contains a certificate that w
> On May 18, 2016, at 1:26 PM, Walter H. wrote:
>
> openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt -trusted_first
> -untrusted /tmp/chain.pem /tmp/cert.pem
>
> /tmp/chain.pem contains a root certificate
> /tmp/cert.pem contains a certificate that was signed by this root certific
On 18/05/2016 20:00, Jordan Brown wrote:
On 5/18/2016 10:51 AM, Salz, Rich wrote:
Would it be reasonable to have OpenSSL watch the metadata on the file or
directory and, on change, discard cached certificates and, for a file, reload
the file?
Unlikely to happen :)
Are you saying that becaus
On 18.05.2016 19:51, Salz, Rich wrote:
Is there something I'm missing?
Nope.
From the description of SSL_CTX_load_verify_locations i would have
expected that certificates loaded via the CApath mechanism are loaded
anew for every verification process. If this is not the case an
appropriate n
On 5/18/2016 10:51 AM, Salz, Rich wrote:
>> Would it be reasonable to have OpenSSL watch the metadata on the file or
>> directory and, on change, discard cached certificates and, for a file,
>> reload the file?
> Unlikely to happen :)
Are you saying that because nobody is interested in doing the
On 5/18/2016 10:52 AM, Scott Neugroschl wrote:
>
> I believe that’s specific to the servers in question. Often you can
> “restart” a server by giving it a SIGHUP. I don’t know if slapd and
> slurpd will respond in the way you want.
>
I'm thinking more of long-running client applications.
Becaus
I believe that's specific to the servers in question. Often you can "restart"
a server by giving it a SIGHUP. I don't know if slapd and slurpd will respond
in the way you want.
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Jordan Brown
Sent: Wednesday, May 18, 2
> Is there something I'm missing?
Nope.
> Would it be reasonable to have OpenSSL watch the metadata on the file or
> directory and, on change, discard cached certificates and, for a file, reload
> the file?
Unlikely to happen :)
--
Jordan Brown, Oracle Solaris
--
openssl-users mailing list
We have OpenSSL consumers (primarily but not exclusively OpenLDAP).
Some of them are long-running processes.
We'd like to be able to update the list of trusted certificates and have
the changes take effect, without needing to restart those long-running
processes and preferably without needing to
Hello,
when
running this:
openssl verify -CAfile /etc/pki/tls/certs/ca-bundle.trust.crt
-trusted_first -untrusted /tmp/chain.pem /tmp/cert.pem
/tmp/chain.pem contains a root certificate
/tmp/cert.pem contains a certificate that was signed by this root
certificate;
I get the following outpu
11 matches
Mail list logo
