[Pkg-openssl-devel] Bug#829272: Missing accessors

Mattias Ellert via RT rt at openssl.org
Thu Jul 21 08:18:31 UTC 2016


ons 2016-07-20 klockan 15:14 +0000 skrev Richard Levitte via RT:
> On Mon Jul 11 11:34:35 2016, mattias.ellert at physics.uu.se wrote:
> > 
> > I guess having a more restrictive accessor that only sets the
> > EXFLAG_PROXY bit could work. I suggested the more general solution of
> > having set/clear accessors for arbitrary flags since it was - well
> > more
> > general.
> 
> So let me ask this in a different manner, does OpenSSL 1.1 still not set the
> EXFLAG_PROXY flag correctly? In what situations does that happen? That may be
> worth a bug report of its own.
> 
> --
> Richard Levitte
> levitte at openssl.org
> 

The answer to this is related to Mischa's reply, which unfortunately
was only sent to the Debian BTS and not the the OpenSSL RT. I quote it
below. As indicated in the answer, setting the EXFLAG_PROXY allows
handling non-RFC proxies in OpenSSL.

mån 2016-07-11 klockan 14:53 +0200 skrev Mischa Salle:
> Hi Richard, Mattias, others,
> 
> I agree with you that it would be nice if OpenSSL could figure out
> itself whether a cert needs to be treated as a proxy, but currently that
> doesn't work reliably as far as I know.
> The flag is certainly needed in the case of non-RFC3820 proxies, also
> known as legacy proxies. Unfortunately these are still very widely used
> (majority of the proxies actually) and hence our code must be able to
> handle them correctly.
> 
> Best wishes,
> Mischa Sallé
> 

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5032 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20160721/f884ffdf/attachment.bin>


More information about the Pkg-openssl-devel mailing list