On Thu, Feb 09, 2017 at 12:47:16AM -0500, Selva Nair wrote:
> Hi,
>
> On Thu, Feb 9, 2017 at 12:10 AM, Antonio Quartulli wrote:
>
> >
> > > I would consider username as not sensitive material although not sure
> > > everyone would agree. Unfortunately there is no way to know in advance
> > that
On Wed, Feb 08, 2017 at 11:58:32PM -0500, Selva Nair wrote:
> Hi,
>
> On Wed, Feb 8, 2017 at 10:01 PM, Antonio Quartulli wrote:
>
> > On Wed, Feb 08, 2017 at 02:25:44PM -0500, selva.n...@gmail.com wrote:
> > > From: Selva Nair
> > >
> > > - Keep the username even if auth-nocache is specified so
Hi,
On Wed, Feb 8, 2017 at 10:01 PM, Antonio Quartulli wrote:
> On Wed, Feb 08, 2017 at 02:25:44PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > - Keep the username even if auth-nocache is specified so that
> > any auth_token pushed by the server could be utilized
>
> This m
On Wed, Feb 08, 2017 at 02:25:44PM -0500, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - Keep the username even if auth-nocache is specified so that
> any auth_token pushed by the server could be utilized
This means that even when using no auth-token the username will be cached.
Can this
Am 08.02.17 um 23:39 schrieb Steffan Karger:
> Hi,
>
> On 06-02-17 20:18, Olivier W wrote:
>> Should be compatible with all versions of OpenSSL and LibreSSL.
>> Similar to what is done in curl:
>> https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L6
Hi,
On 07-02-17 09:45, Илья Шипицин wrote:
> I have a question (sorry if I couldn't check myself): did you check that
> SSL_get_privatekey() and SSL_free() won't crash when ssl is NULL ?
>
> what if we involve clang static analyzer for such things ? can we count
> on it ?
>
> it is capab
Hi,
On 06-02-17 20:18, Olivier W wrote:
> Should be compatible with all versions of OpenSSL and LibreSSL.
> Similar to what is done in curl:
> https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619
>
> Error while compiling was:
> "ssl_openssl.c:51
From: Selva Nair
- Keep the username even if auth-nocache is specified so that
any auth_token pushed by the server could be utilized
- When auth-token is received, set nocache = false in user_pass
Note: When handling of auth failure due to token expiry is fixed, remember
to re-instate nocache
