Stricter hostname verification following RFC 6125 #12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
e66488c to
b28047c
Compare
|
Looks like a huge improvement to me! Thanks for the detailed test. |
0cd8bc5 to
e9a7bcb
Compare
Thanks to @nahi for the tests and initial documentation.
a007e9b to
9c237a8
Compare
zzak
pushed a commit
that referenced
this pull request
Apr 13, 2015
Stricter hostname verification following RFC 6125
rhenium
pushed a commit
to rhenium/ruby-openssl
that referenced
this pull request
Sep 5, 2016
It's possible that a PKCS ruby#12 strucuture holds zero private keys. At such a time PKCS12_parse() returns NULL as the private key. Likewise, when the strucuture does not contain the corresponding certificate to the private key, PKCS12_parse() returns NULL as the certificate. [ruby-dev:49776] [Bug #12726] Signed-off-by: Kazuki Yamaguchi <k@rhe.jp>
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Sep 5, 2016
It's possible that a PKCS ruby#12 strucuture holds zero private keys. At such a time PKCS12_parse() returns NULL as the private key. Likewise, when the strucuture does not contain the corresponding certificate to the private key, PKCS12_parse() returns NULL as the certificate. [ruby-dev:49776] [Bug #12726]
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Sep 5, 2016
It's possible that a PKCS ruby#12 strucuture holds zero private keys. At such a time PKCS12_parse() returns NULL as the private key. Likewise, when the strucuture does not contain the corresponding certificate to the private key, PKCS12_parse() returns NULL as the certificate. Reported and fix suggested by Masahiro Tomita <tommy@tmtm.org>. [ruby-dev:49776] [Bug #12726]
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Aug 16, 2024
Add a binding for PKCS12_set_mac() to set MAC parameters and (re-)calculate MAC for the content. This allows generating PKCS ruby#12 with consistent MAC parameters with different OpenSSL versions. OpenSSL 3.0 changed the default hash function used for HMAC and the KDF from SHA-1 to SHA-256. Fixes: ruby#772
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Aug 16, 2024
Add a binding for PKCS12_set_mac() to set MAC parameters and (re-)calculate MAC for the content. This allows generating PKCS ruby#12 with consistent MAC parameters with different OpenSSL versions. OpenSSL 3.0 changed the default hash function used for HMAC and the KDF from SHA-1 to SHA-256. Fixes: ruby#772
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Aug 16, 2024
Add a binding for PKCS12_set_mac() to set MAC parameters and (re-)calculate MAC for the content. This allows generating PKCS ruby#12 with consistent MAC parameters with different OpenSSL versions. OpenSSL 3.0 changed the default hash function used for HMAC and the KDF from SHA-1 to SHA-256. Fixes: ruby#772
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Oct 31, 2024
Add a binding for PKCS12_set_mac() to set MAC parameters and (re-)calculate MAC for the content. This allows generating PKCS ruby#12 with consistent MAC parameters with different OpenSSL versions. OpenSSL 3.0 changed the default hash function used for HMAC and the KDF from SHA-1 to SHA-256. Fixes: ruby#772
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Oct 31, 2024
Add a binding for PKCS12_set_mac() to set MAC parameters and (re-)calculate MAC for the content. This allows generating PKCS ruby#12 with consistent MAC parameters with different OpenSSL versions. OpenSSL 3.0 changed the default hash function used for HMAC and the KDF from SHA-1 to SHA-256. Fixes: ruby#772
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Dec 7, 2024
Add a binding for PKCS12_set_mac() to set MAC parameters and (re-)calculate MAC for the content. This allows generating PKCS ruby#12 with consistent MAC parameters with different OpenSSL versions. OpenSSL 3.0 changed the default hash function used for HMAC and the KDF from SHA-1 to SHA-256. Fixes: ruby#772
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this pull request
Dec 7, 2024
Add a binding for PKCS12_set_mac() to set MAC parameters and (re-)calculate MAC for the content. This allows generating PKCS ruby#12 with consistent MAC parameters with different OpenSSL versions. OpenSSL 3.0 changed the default hash function used for HMAC and the KDF from SHA-1 to SHA-256. Fixes: ruby#772
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.