On Aug 30, 2016, at 6:28 PM, Tim Boring wrote:
> When creating a CSR, openssl displays the following
>
>
> State or Province Name (full name) [Some-State]:
>
...
> And a couple lines up from that is a comment pointing to RFC 3280, which
> defines the following:
The original definition is from
Perhaps one way to read it as state or full name if a province.
Or just remove the "full name" part of the text, I suppose.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinf
When creating a CSR, openssl displays the following
State or Province Name (full name) [Some-State]:
But, I can't find anywhere in the OpenSSL codebase that validates that the
input is indeed a "full name"--e.g., that the input is "New York" instead
of "NY".
I've done this search in Github:
ht
On 30/08/16 15:26, Matt Caswell wrote:
>
>
> On 29/08/16 17:37, Julien Vermillard wrote:
>> I patched s_server to send a fake OCSP content (4 bytes).
>> I suppose the server will just push that to the client and the client
>> should fail complaining it's not a correct OCSP response.
>> But the
Hi,
I have some PKCS7 data which I can read like this with OpenSSL:
$ openssl asn1parse -i -inform der -in data.dat
0:d=0 hl=4 l=16208 cons: SEQUENCE
4:d=1 hl=2 l=9 prim: OBJECT:pkcs7-signedData
.. more ..
I can load it in code like so:
// buf contains the raw data, len the l
Awesome thanks :) I'll try it.
Yes I have the feeling I'm the first user of stapling with DTLS
--
Julien Vermillard
On Tue, Aug 30, 2016 at 4:26 PM, Matt Caswell wrote:
>
>
> On 29/08/16 17:37, Julien Vermillard wrote:
> > I patched s_server to send a fake OCSP content (4 bytes).
> > I suppose
On 29/08/16 17:37, Julien Vermillard wrote:
> I patched s_server to send a fake OCSP content (4 bytes).
> I suppose the server will just push that to the client and the client
> should fail complaining it's not a correct OCSP response.
> But the server crash with:
> ssl/statem/statem_dtls.c:127:
On 30/08/16 10:39, Jakob Bohm wrote:
> Also note that on your list of functions, the functions whose
> names do not contain "EVP" are not EVP calls, but traditional
> OpenSSL/SSLeay crypto calls that are probably discontinued in
> OpenSSL 1.1.0.
No, all of those non-EVP calls are still available
On 27/08/2016 20:32, Sugumar wrote:
Can any one help me on this? Thanks.
Some of the calls you mention can be made to fail if you can
tell valgrind to simulate an out-of-memory (malloc fail)
during the call.
Some of the others fail only for invalid parameters or only
under extremely rare condit
