[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Any problems with X.509v3 Extensions?

On Mon, 4 Feb 2008, Quanah Gibson-Mount wrote:

--On Monday, February 04, 2008 12:58 PM -0500 "Brian A. Seklecki" <lavalamp@spiritual-machines.org> wrote:

Its a  platform-independent question.  There aren't any vendor-local
patches that would effect it -- and major OpenSSL development stopped a
while back.

OpenLDAP supports both GnuTLS and OpenSSL.

That is true -- but hopefully not too many people are using/depending on GnuTLS. That stuff is is really far out in the cut.

I've already done the hard work of digging through vendor-localized OpenSSL patches (FBSD Ports, Pkgsrc, Portage, DEBs, Fink) for things that would apply globally -- nothing came up, so I dropped the 'Office Space TPS Reports w/ the new Coversheet' bug report cliche and went right to the heart of it (as anyone asking about "X.509v3 certificate signing extensions" likely would be expected to. -- e.g, I was hoping to save you guys the trouble by the inherent directness.

That is to say, if the message had instead inquired: "Has anyone done a recent s/strcpy(3)/strlcpy(3)/g audit?", you can likely infer that I'm 1) Not running GNU/Linux 2) Am Running CVS Trunk 3) Not a PFY.

The current Debian stable has a hacked set of libraries. The questions

Or as my local LUG says "Don't you mean 'Debian Stale'?" -- >:}

were valid. In any case, I hope for success in your testing.

Thank you!

I didn't find any problem using a cert signed with extensions, so either the 1) The problem didn't exist on OpenLDAP and it was instead manifest in some other app (FreeRADIUS maybe?) 2) I imagined the problem in my OpenSSL naivety some time ago 3) The problem was fixed silently. 4) Solar flares. 5) ...



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration

l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/

    "Guilty? Yeah. But he knows it. I mean, you're guilty.
    You just don't know it. So who's really in jail?"
    ~Maynard James Keenan