[Date Prev][Date Next]
Re: Any problems with X.509v3 Extensions?
On Mon, 4 Feb 2008, Quanah Gibson-Mount wrote:
--On Monday, February 04, 2008 12:58 PM -0500 "Brian A. Seklecki"
Its a platform-independent question. There aren't any vendor-local
patches that would effect it -- and major OpenSSL development stopped a
OpenLDAP supports both GnuTLS and OpenSSL.
That is true -- but hopefully not too many people are using/depending on
GnuTLS. That stuff is is really far out in the cut.
I've already done the hard work of digging through vendor-localized
OpenSSL patches (FBSD Ports, Pkgsrc, Portage, DEBs, Fink) for things that
would apply globally -- nothing came up, so I dropped the 'Office Space TPS
Reports w/ the new Coversheet' bug report cliche and went right to the
heart of it (as anyone asking about "X.509v3 certificate signing
extensions" likely would be expected to. -- e.g, I was hoping to save you
guys the trouble by the inherent directness.
That is to say, if the message had instead inquired: "Has anyone done a
recent s/strcpy(3)/strlcpy(3)/g audit?", you can likely infer that I'm 1)
Not running GNU/Linux 2) Am Running CVS Trunk 3) Not a PFY.
The current Debian stable has a hacked set of libraries. The questions
Or as my local LUG says "Don't you mean 'Debian Stale'?" -- >:}
were valid. In any case, I hope for success in your testing.
I didn't find any problem using a cert signed with extensions, so either
the 1) The problem didn't exist on OpenLDAP and it was instead manifest in
some other app (FreeRADIUS maybe?) 2) I imagined the problem in my OpenSSL
naivety some time ago 3) The problem was fixed silently. 4) Solar flares.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
"Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?"
~Maynard James Keenan