Re: resumption problem

On Thu, Mar 26, 2020 at 12:40:08AM +, Jeremy Harris wrote: > Looks like I'm wrong, from the behaviour. > > It's the second of the possible places, and "i" is 129. > It appears to be failing the WPACKET_sub_allocate_bytes_u16() > call. %rsi before the call, which I think should be > the "na

Re: resumption problem

On 24/03/2020 20:25, Viktor Dukhovni wrote: >>> I'm guessing it is not the first. The second would an issue with a >>> particular issuer on the CA list (does Exim configure a list of CAs to >>> send to the server?), >> >> I don't think so Looks like I'm wrong, from the behaviour. It's the second

Re: OpenSSL 111: authorityKeyIdentifier

Makes perfectly sense. Thank you. > Am 25.03.2020 um 18:49 schrieb Viktor Dukhovni : > > On Wed, Mar 25, 2020 at 05:47:01PM +0100, Dirk wrote: > My expectation (maybe wrong) is that the serial and the issuer name belong to the same X509 certificate that the key id belongs to. >

Re: OpenSSL 111: authorityKeyIdentifier

On Wed, Mar 25, 2020 at 05:47:01PM +0100, Dirk wrote: > >> My expectation (maybe wrong) is that the serial and the issuer name belong > >> to > >> the same X509 certificate that the key id belongs to. > > > > Your expectation is "wrong". The issuer DN in the AKID is in fact > > supposed to be t

Re: OpenSSL 111: authorityKeyIdentifier

Thank you Victor. Can you point me to the rfc that defines this? Best Am 25.03.2020 um 15:32 schrieb Viktor Dukhovni : > >  >> >> On Mar 24, 2020, at 11:12 AM, Dirk Menstermann wrote: >> >> My expectation (maybe wrong) is that the serial and the issuer name belong to >> the same X509 certifi

Re: New decode_errors due to EOF changes in master and 1.1.1e

Thanks. I'll try searching GH issues next time (or opening a new one?) rather than replying to a commit. On 3/25/20 2:37 AM, Matt Caswell wrote: > There is an ongoing discussion on this issue here: > > https://github.com/openssl/openssl/issues/11378 > > In the specific case of s_client/s_server

Re: OpenSSL 111: authorityKeyIdentifier

> On Mar 24, 2020, at 11:12 AM, Dirk Menstermann wrote: > > My expectation (maybe wrong) is that the serial and the issuer name belong to > the same X509 certificate that the key id belongs to. Your expectation is "wrong". The issuer DN in the AKID is in fact supposed to be the issuer's issuer.

Ok but I try to connect and it doesn’t work ... and I try to ope ssl and it mantioned Thant I cant because of the reason 7

Re: New decode_errors due to EOF changes in master and 1.1.1e

There is an ongoing discussion on this issue here: https://github.com/openssl/openssl/issues/11378 In the specific case of s_client/s_server this actually uncovered a bug in s_server, which is why you see the problem there. Matt On 24/03/2020 23:35, John Baldwin wrote: > I replied to the origin

Re: 3.0 FIPS related questions

On 24/03/2020 15:02, Salz, Rich wrote: > >>> The second question is somewhat related. Has there been a decision yet >> whether the FOM 3.0 will go through a 140-2 or a 140-3 validation? > >>We are going through 140-2. > > Has the list of validated platforms been made public y

RE: RAND SEED in vxworks6.9

FYI: I restarted the discussion in #7946 https://github.com/openssl/openssl/issues/7946#issuecomment-603545804 Matthias