Displaying 4 results from an estimated 4 matches for "stack_of".
Did you mean:
stack_bot
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...mon/ssl-proxy-openssl.c 2015-02-11 00:31:24.986198000 -0500
+++ dovecot-2.2.9/src/login-common/ssl-proxy-openssl.c 2015-02-11 00:32:19.262198000 -0500
@@ -951,54 +951,25 @@
return strstr(cert, "PRIVATE KEY---") != NULL;
}
-static void load_ca(X509_STORE *store, const char *ca,
- STACK_OF(X509_NAME) **xnames_r)
+static void load_ca(SSL_CTX *ssl_ctx, const char *ca)
{
- /* mostly just copy&pasted from X509_load_cert_crl_file() */
- STACK_OF(X509_INFO) *inf;
- X509_INFO *itmp;
- X509_NAME *xname;
- BIO *bio;
- int i;
-
- bio = BIO_new_mem_buf(t_strdup_noconst(ca), strlen(ca));
-...
2012 Mar 20
1
IMAP and POP3 per SSL
...ovecot 2.0.9 which is included in Redhat Enterprise Linux 6.2:
*** src/login-common/ssl-proxy-openssl.c 2010-12-30 10:42:54.000000000 +0100
--- src/login-common/ssl-proxy-openssl.c_1 2012-03-20 09:48:28.359508087 +0100
***************
*** 924,930 ****
X509_STORE *store;
STACK_OF(X509_NAME) *xnames = NULL;
! SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
if (*set->ssl_ca != '\0') {
/* set trusted CA certs */
store = SSL_CTX_get_cert_store(ssl_ctx);
--- 924,930 ----
X509_STORE *store;
STAC...
2011 Oct 13
1
[PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low
...RELEASE_BUFFERS if available to keep memory usage low.
diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Wed Oct 12 17:16:10 2011 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Thu Oct 13 16:19:52 2011 -0300
@@ -925,6 +925,9 @@
STACK_OF(X509_NAME) *xnames = NULL;
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
if (*set->ssl_ca != '\0') {
/* set trusted CA certs */
store = SSL_CTX_get_cert_store(ssl_...
2017 Sep 13
2
[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions
Hi,
I came up with the following patch while trying to figure out a good solution
for the situation described in Debian bug #871987[1]. In short, OpenSSL in
Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
unless an application requests otherwise, only TLSv1.2 is supported. In the
world of e-mail this is seemingly an issue, as there are still way too many old
clients