You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2010/06/11 08:00:41 UTC

Re: svn commit: r946347 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in ssl/extlookup.t ssl/require.t

On 05/19/2010 09:20 PM, jorton@apache.org wrote:
> Author: jorton
> Date: Wed May 19 19:20:11 2010
> New Revision: 946347
> 
> URL: http://svn.apache.org/viewvc?rev=946347&view=rev
> Log:
> - add test for SSLRequire PeerExtList()
> - test for the string-rendering hack in ssl_ext_lookup()
> - uses an OID stolen from the ASF OID branch; "official" assignment 
>   has been requested for the httpd project from akarasulu@
> 
> Modified:
>     httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
>     httpd/test/framework/trunk/t/ssl/extlookup.t
>     httpd/test/framework/trunk/t/ssl/require.t
> 

> Index: lib/Apache/TestSSLCA.pm
> ===================================================================
> --- lib/Apache/TestSSLCA.pm     (Revision 946346)
> +++ lib/Apache/TestSSLCA.pm     (Revision 946347)
> @@ -243,6 +243,7 @@
>
>  [ comment ]
>  nsComment = This Is A Comment
> +1.3.6.1.4.1.18060.12.0 = ASN1:UTF8String:Lemons

This fails with openssl 0.9.7a on Redhat 4.

Regards

Rüdiger

RE: svn commit: r946347 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in ssl/extlookup.t ssl/require.t

Posted by "Plüm, Rüdiger, VF-Group" <ru...@vodafone.com>.

 

> -----Original Message-----
> From: Joe Orton 
> Sent: Freitag, 11. Juni 2010 13:19
> To: dev@httpd.apache.org
> Subject: Re: svn commit: r946347 - in 
> /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in 
> ssl/extlookup.t ssl/require.t
> 
> On Fri, Jun 11, 2010 at 11:41:25AM +0100, Dr Stephen Henson wrote:
> > On 11/06/2010 07:00, Ruediger Pluem wrote:
> > >> Index: lib/Apache/TestSSLCA.pm
> > >> 
> ===================================================================
> > >> --- lib/Apache/TestSSLCA.pm     (Revision 946346)
> > >> +++ lib/Apache/TestSSLCA.pm     (Revision 946347)
> > >> @@ -243,6 +243,7 @@
> > >>
> > >>  [ comment ]
> > >>  nsComment = This Is A Comment
> > >> +1.3.6.1.4.1.18060.12.0 = ASN1:UTF8String:Lemons
> > > 
> > > This fails with openssl 0.9.7a on Redhat 4.
> > 
> > It will do: that syntax needs the mini-ASN1 compiler which 
> first appeared in
> > OpenSSL 0.9.8.
> > 
> > Including the raw encoding with the DER option should work 
> on all versions, you
> > can generate that with asn1parse in OpenSSL 0.9.8. FYI it is:
> > 
> > 0c 06 4c 65 6d 6f 6e 73
> 
> Thanks for that.  Ruediger, does it work with r953662?

Yep. Thanks.

Regards

Rüdiger

Re: svn commit: r946347 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in ssl/extlookup.t ssl/require.t

Posted by Joe Orton <jo...@redhat.com>.

On Fri, Jun 11, 2010 at 11:41:25AM +0100, Dr Stephen Henson wrote:
> On 11/06/2010 07:00, Ruediger Pluem wrote:
> >> Index: lib/Apache/TestSSLCA.pm
> >> ===================================================================
> >> --- lib/Apache/TestSSLCA.pm     (Revision 946346)
> >> +++ lib/Apache/TestSSLCA.pm     (Revision 946347)
> >> @@ -243,6 +243,7 @@
> >>
> >>  [ comment ]
> >>  nsComment = This Is A Comment
> >> +1.3.6.1.4.1.18060.12.0 = ASN1:UTF8String:Lemons
> > 
> > This fails with openssl 0.9.7a on Redhat 4.
> 
> It will do: that syntax needs the mini-ASN1 compiler which first appeared in
> OpenSSL 0.9.8.
> 
> Including the raw encoding with the DER option should work on all versions, you
> can generate that with asn1parse in OpenSSL 0.9.8. FYI it is:
> 
> 0c 06 4c 65 6d 6f 6e 73

Thanks for that.  Ruediger, does it work with r953662?

Regards, Joe

Re: svn commit: r946347 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in ssl/extlookup.t ssl/require.t

Posted by Dr Stephen Henson <sh...@oss-institute.org>.

On 11/06/2010 07:00, Ruediger Pluem wrote:
> 
> On 05/19/2010 09:20 PM, jorton@apache.org wrote:
>> Author: jorton
>> Date: Wed May 19 19:20:11 2010
>> New Revision: 946347
>>
>> URL: http://svn.apache.org/viewvc?rev=946347&view=rev
>> Log:
>> - add test for SSLRequire PeerExtList()
>> - test for the string-rendering hack in ssl_ext_lookup()
>> - uses an OID stolen from the ASF OID branch; "official" assignment 
>>   has been requested for the httpd project from akarasulu@
>>
>> Modified:
>>     httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in
>>     httpd/test/framework/trunk/t/ssl/extlookup.t
>>     httpd/test/framework/trunk/t/ssl/require.t
>>
> 
>> Index: lib/Apache/TestSSLCA.pm
>> ===================================================================
>> --- lib/Apache/TestSSLCA.pm     (Revision 946346)
>> +++ lib/Apache/TestSSLCA.pm     (Revision 946347)
>> @@ -243,6 +243,7 @@
>>
>>  [ comment ]
>>  nsComment = This Is A Comment
>> +1.3.6.1.4.1.18060.12.0 = ASN1:UTF8String:Lemons
> 
> This fails with openssl 0.9.7a on Redhat 4.
> 

It will do: that syntax needs the mini-ASN1 compiler which first appeared in
OpenSSL 0.9.8.

Including the raw encoding with the DER option should work on all versions, you
can generate that with asn1parse in OpenSSL 0.9.8. FYI it is:

0c 06 4c 65 6d 6f 6e 73

Steve.
-- 
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org