"DST Root CA X3" expiry workaround for OpenSSL 1.0.1, 1.0.0 and 0.9.8 client applications

nssl/openssl/commit/f7bf8e02dfcb2c02bc12a59276d0a3ba43e6c204 [3] https://letsencrypt.org/2020/12/21/extending-android-compatibility.html [4] https://crt.sh/?id=3958242236 [5] https://github.com/openssl/openssl/commit/1e53b797f65ef6d3c2eb1052797683fec27a9ff5 [6] https://github.com/openssl/openssl/commit/9a1f59cd3128ddac73d3e0721ecd55935f53ba8b -- Rob Stradling Senior Research & Development Scientist Sectigo Limited

Re: ECC Certificate with certificate chain in RSA format

applies to TLS <=1.1. I'm not aware of any implementation that actually enforce this rule though. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online __ OpenSSL Project

Re: whichever certificate loading first wins

On 02/05/14 15:38, foxtrot wrote: 3) Here is the new cert we are trying to introduce (sales.1d.qb.com) Certificate: Data: Version: 1 (0x0) X.509v1 rather than X.509v3. Could that be the problem? -- Rob Stradling Senior Research & Development Scientist COMODO - Creating T

Re: OpenSSL Security Advisory

same issue when I tried to port over to windows, the ssl3_write_bytes is not exposed in the library. There doesn't seem to be an easy workaround that I can see. Steve... On Fri, Apr 11, 2014 at 7:40 AM, Walter H. wrote: On 10.04.2014 13:16, Rob Stradling wrote: On 09/04/14 20:43, Salz,

Re: OpenSSL Security Advisory

Examples: $ ./heartbleed www.ibm.com:443 NOT VULNERABLE (TLS Heartbeat extension not supported by the server) $ ./heartbleed secure.comodo.net:443 NOT VULNERABLE (TLS Heartbeat extension supported by the server) $ ./heartbleed mail.visservansolkema.nl:443 VULNERABLE! -- Rob Stradling Senior Research &a

Re: ECDHE-ECDSA Support

On 27/03/14 13:17, Rob Stradling wrote: Hi Thomas. I was told a while ago that Google's servers will only negotiate ECDHE-ECDSA if the client i) sends the SNI extension and ii) does _not_ offer any compression methods. IINM, s_client always offers zlib compression if zlib support is com

Re: ECDHE-ECDSA Support

e.com <http://mail.google.com> with > gnutls. > > Any ideas why I can't do that with openssl? ______ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.

Re: Bad OIDs

Trust Root what is this strange? 'Trust Root' as "Extended Key Usage"? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org <mailto:openssl-users@openssl.org> Automated List Mana

Re: Verification error, weird cert chain for portfolio.iguw.tuwien.ac.at

3VxPXLLzj1pxz+0YrWOIHY6V 9+qV5x+tkLiECEeFfyIvGh1IMNZMCNg3GWcyK+tc0LL8blefBDVekAB+EcfeEyrN pG1FJseIVqDwavfY5/wnfmcI0L36tsNhAgFlubgvz1o= -----END CERTIFICATE- -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___

Re: issue with p12 creation and network solutions EV SSL

> > .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15 > > > > <http://2.5.4.15>=V1.0, Clause > > > > > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One > > > > Park St/O=A > > > > > > Company Internation

Re: issue with p12 creation and network solutions EV SSL

=Massachusetts/1 > > .3.6.1.4.1.311.60.2.1.1=A City/2.5.4.15=V1.0, Clause > > > > 5.(b)/C=US/postalCode=05767/ST=MA/L=A City/streetAddress=One Park St/O=A > > Company International Ltd/OU=Book > > > > Sales/OU=Secure Link EV SSL/CN=www.example.com > > >

Re: issue with p12 creation and network solutions EV SSL

-built chain file where they > >>> already concatenated the needed files together but I get the same > >>> error. I also tried the same chain file I used last year -- same > >>> results. Googling is not helping me understand this error. Anyone know > >>> what could be goin

Re: 4485:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:148:

FC2560-compliant "non-delegated" model). I think I'll post my patch to the Request Tracker now, rather than hijack this thread any longer. ;-) > -- > Konrads Smelkovs > Applied IT sorcery. > > On Wed, Mar 24, 2010 at 2:38 PM, Rob Stradling wrote: > > O

Re: 4485:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:148:

__ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org Rob Stradling Senior Research & Development Scientist C·O·M·O·D·O - Cr

Re: 4485:error:27069070:OCSP routines:OCSP_basic_verify:root ca not trusted:ocsp_vfy.c:148:

t; Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Maili

Re: Spam on this list

http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44

Re: CSR has invalid signature

S1_type_1:block type > is > not 01:rsa_pk1.c:100: > 7046:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check > failed:rsa_eay.c:699: > 7046:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP > lib:a_verify.c:168: > > Perhaps you signed your CSR with the wrong private ke

Re: CSR has invalid signature

gt; j2h1K9zSQwk9TQuJaVxG4eNInE+LkbhjOPRkOfhQ1FtHYXSf/Dl/LjQb0d8fRhPC > l24srY24eUkav2pV > -END CERTIFICATE REQUEST- > > > Please help! > Jacob -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44.(0)1274.730505 Fax E