Displaying 5 results from an estimated 5 matches for "x509_name".
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...roxy-openssl.c 2015-02-11 00:31:24.986198000 -0500
+++ dovecot-2.2.9/src/login-common/ssl-proxy-openssl.c 2015-02-11 00:32:19.262198000 -0500
@@ -951,54 +951,25 @@
return strstr(cert, "PRIVATE KEY---") != NULL;
}
-static void load_ca(X509_STORE *store, const char *ca,
- STACK_OF(X509_NAME) **xnames_r)
+static void load_ca(SSL_CTX *ssl_ctx, const char *ca)
{
- /* mostly just copy&pasted from X509_load_cert_crl_file() */
- STACK_OF(X509_INFO) *inf;
- X509_INFO *itmp;
- X509_NAME *xname;
- BIO *bio;
- int i;
-
- bio = BIO_new_mem_buf(t_strdup_noconst(ca), strlen(ca));
- if (bio ==...
2012 Mar 20
1
IMAP and POP3 per SSL
...0.9 which is included in Redhat Enterprise Linux 6.2:
*** src/login-common/ssl-proxy-openssl.c 2010-12-30 10:42:54.000000000 +0100
--- src/login-common/ssl-proxy-openssl.c_1 2012-03-20 09:48:28.359508087 +0100
***************
*** 924,930 ****
X509_STORE *store;
STACK_OF(X509_NAME) *xnames = NULL;
! SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
if (*set->ssl_ca != '\0') {
/* set trusted CA certs */
store = SSL_CTX_get_cert_store(ssl_ctx);
--- 924,930 ----
X509_STORE *store;
STACK_OF(X509_...
2008 Oct 02
1
Problems using a hand built OpenSSL on Windows
...ild and install
OpenSSL. I also managed to build the Ruby OpenSSL extension, after 1
minor tweak to x509.h to eliminate a macro conflict:
--- x509.orig Thu Oct 02 11:30:10 2008
+++ x509.h Thu Oct 02 11:47:05 2008
@@ -116,6 +116,7 @@
/* Under Win32 these are defined in wincrypt.h */
#undef X509_NAME
#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
#endif
#define X509_FILETYPE_PEM 1
But, when I try to start Rails, for example, I get this:
"The ordinal 284 could not be located in the dynamic link library
SSLEAY32.DLL".
Any idea on how to solve this?
Regards,
Dan
This commu...
2011 Oct 13
1
[PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low
...UFFERS if available to keep memory usage low.
diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Wed Oct 12 17:16:10 2011 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Thu Oct 13 16:19:52 2011 -0300
@@ -925,6 +925,9 @@
STACK_OF(X509_NAME) *xnames = NULL;
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
if (*set->ssl_ca != '\0') {
/* set trusted CA certs */
store = SSL_CTX_get_cert_store(ssl_ctx);
2017 Sep 13
2
[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions
Hi,
I came up with the following patch while trying to figure out a good solution
for the situation described in Debian bug #871987[1]. In short, OpenSSL in
Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
unless an application requests otherwise, only TLSv1.2 is supported. In the
world of e-mail this is seemingly an issue, as there are still way too many old
clients