Re: resumption problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 27/03/2020 21:07, Viktor Dukhovni wrote:
> That function should only affect the server -> client direction.
> Briefly, in OpenSSL 1.1.1 it affected both the client and server
> directions, but this was fixed in OpenSSL 1.1.1a.

If Centos is following the same pattern in 8 as they did in 7,
they do list the letter when there is one; I have a 7 system
claiming "1.0.2k-fips".  So:

> If the distro started with 1.1.1 and only backported security fixes, you
> could be running an OpenSSL version with the unintentional bidirectional
> setting.

.. either this, or even an unpatched basic 1.1.1 .

A simple code addition to avoid that call in the client case sounds
in order.  Would the above likely explain the error I'm getting?


> Another possibility is that your system-wide openssl.cnf file has a
> "RequestCAFile" or "ClientCAFile" setting.

Neither appears to be present in /etc/pki/tls/openssl.cnf
-- 
Cheers,
  Jeremy



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux