* [9fans] How do I get a CSR CA's like?
@ 2015-05-23 15:31 Brantley Coile
2015-05-23 16:40 ` David du Colombier
` (2 more replies)
0 siblings, 3 replies; 17+ messages in thread
From: Brantley Coile @ 2015-05-23 15:31 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
I’m trying to buy a certificate. Actually, I’m trying to *get* a certificate. They seem to already have my money. Anyway, they want me to paste a Certificate Signing Request into their web page. I have done the following:
dmr% auth/rsagen -b2048 >key
dmr% auth/rsa2csr 'C=US ST=Georgia L=Athens O=South Suite CN=www.etherdrive.com' key >xx
dmr% auth/pemencode 'CERTIFICATE SIGNING REQUEST' <xx >csr
I then pasted the contents of ‘csr’ into the page and get “This CSR has an invalid signature!”
What am I doing wrong?
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-23 15:31 [9fans] How do I get a CSR CA's like? Brantley Coile
@ 2015-05-23 16:40 ` David du Colombier
2015-05-23 17:08 ` lucio
2015-05-23 17:43 ` balaji
2 siblings, 0 replies; 17+ messages in thread
From: David du Colombier @ 2015-05-23 16:40 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Personnaly, I don't have auth/rsa2csr, but I generate the certificate
request from Linux using OpenSSL:
$ openssl req -newkey rsa:2048 -days 730 -keyout key.pem -out csr.pem
-subj "/C=FR/ST=Paris/L=Paris/CN=9grid.fr" -nodes
Then, I convert the key from PEM to DER format:
$ openssl rsa -in key.pem -inform PEM -out key.der -outform DER
Then, I get the certificate from the CA and copy it to Plan 9:
% cp crt.pem /sys/lib/tls/cert.pem
Finally, I import the DER key to factotum:
% auth/asn12rsa -t 'proto=rsa service=tls owner=*' key.der >key
% ramfs -p
% cd /tmp
% auth/secstore -g factotum
% cat key >>factotum
% auth/secstore -p factotum
% cat factotum | read -m >/mnt/factotum/ctl
--
David du Colombier
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-23 15:31 [9fans] How do I get a CSR CA's like? Brantley Coile
2015-05-23 16:40 ` David du Colombier
@ 2015-05-23 17:08 ` lucio
2015-05-24 12:10 ` Brantley Coile
2015-05-23 17:43 ` balaji
2 siblings, 1 reply; 17+ messages in thread
From: lucio @ 2015-05-23 17:08 UTC (permalink / raw)
To: 9fans
> I then pasted the contents of ‘csr’ into the page and get “This CSR
> has an invalid signature!”
It's worth playing with openssl to check the output from auth/rsa2csr.
The diagnostics are bound to be a bit less vague. Trying your
instructions, the PEM encoded csr includes the seemingly unwanted word
"SIGNING" in the headers. When I remove it (and a space) openssl req
reports a valid certificate request.
Lucio.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-23 15:31 [9fans] How do I get a CSR CA's like? Brantley Coile
2015-05-23 16:40 ` David du Colombier
2015-05-23 17:08 ` lucio
@ 2015-05-23 17:43 ` balaji
2 siblings, 0 replies; 17+ messages in thread
From: balaji @ 2015-05-23 17:43 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
as lucio says, just removing the word SIGNING makes it good.
you can test it here: https://www.sslshopper.com/csr-decoder.html
On Sat, May 23, 2015 at 10:31 AM, Brantley Coile <brantleycoile@me.com> wrote:
> I’m trying to buy a certificate. Actually, I’m trying to *get* a certificate. They seem to already have my money. Anyway, they want me to paste a Certificate Signing Request into their web page. I have done the following:
>
> dmr% auth/rsagen -b2048 >key
> dmr% auth/rsa2csr 'C=US ST=Georgia L=Athens O=South Suite CN=www.etherdrive.com' key >xx
> dmr% auth/pemencode 'CERTIFICATE SIGNING REQUEST' <xx >csr
>
> I then pasted the contents of ‘csr’ into the page and get “This CSR has an invalid signature!”
>
> What am I doing wrong?
>
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-23 17:08 ` lucio
@ 2015-05-24 12:10 ` Brantley Coile
2015-05-24 13:07 ` lucio
2015-05-24 15:10 ` Skip Tavakkolian
0 siblings, 2 replies; 17+ messages in thread
From: Brantley Coile @ 2015-05-24 12:10 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Thanks all. It goes through sslshopper fine, but the CA still doesn’t like it. I’ll call them tomorrow. Thanks for all the help.
bwc
> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote:
>
>> I then pasted the contents of ‘csr’ into the page and get “This CSR
>> has an invalid signature!”
>
> It's worth playing with openssl to check the output from auth/rsa2csr.
> The diagnostics are bound to be a bit less vague. Trying your
> instructions, the PEM encoded csr includes the seemingly unwanted word
> "SIGNING" in the headers. When I remove it (and a space) openssl req
> reports a valid certificate request.
>
> Lucio.
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-24 12:10 ` Brantley Coile
@ 2015-05-24 13:07 ` lucio
2015-05-24 15:10 ` Skip Tavakkolian
1 sibling, 0 replies; 17+ messages in thread
From: lucio @ 2015-05-24 13:07 UTC (permalink / raw)
To: 9fans
> Thanks all. It goes through sslshopper fine, but the CA still doesn’t
> like it. I’ll call them tomorrow. Thanks for all the help.
You may have neglected some of the options, for example, you may be
required to specify what the certificate is good for: web server, mail
server, etc.
I know how to set these in openssl, it isn't as obvious with the Plan
9 tools.
Lucio.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-24 12:10 ` Brantley Coile
2015-05-24 13:07 ` lucio
@ 2015-05-24 15:10 ` Skip Tavakkolian
2015-05-25 19:06 ` Brantley Coile
1 sibling, 1 reply; 17+ messages in thread
From: Skip Tavakkolian @ 2015-05-24 15:10 UTC (permalink / raw)
To: 9fans
going by my notes from the last time i used plan9 tools to generate a
CSR, the only differences i see are quoting the O attribute to handle
spaces in organization name and dropping the word "SIGNING" from
PEM header/footer.
> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like it. I’ll call them tomorrow. Thanks for all the help.
>
> bwc
>
>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote:
>>
>>> I then pasted the contents of ‘csr’ into the page and get “This CSR
>>> has an invalid signature!”
>>
>> It's worth playing with openssl to check the output from auth/rsa2csr.
>> The diagnostics are bound to be a bit less vague. Trying your
>> instructions, the PEM encoded csr includes the seemingly unwanted word
>> "SIGNING" in the headers. When I remove it (and a space) openssl req
>> reports a valid certificate request.
>>
>> Lucio.
>>
>>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-24 15:10 ` Skip Tavakkolian
@ 2015-05-25 19:06 ` Brantley Coile
2015-05-26 13:27 ` Brantley Coile
0 siblings, 1 reply; 17+ messages in thread
From: Brantley Coile @ 2015-05-25 19:06 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Turns out the CSR wasn’t acceptable because of the MD5 signature. It seems the that they should be signed as RSA and not MD5. MD5 is not deemed secure enough. The plan 9 code is signing everything with MD5. Who owns this code? Has anyone fixed this yet?
> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9nut@9netics.com> wrote:
>
> going by my notes from the last time i used plan9 tools to generate a
> CSR, the only differences i see are quoting the O attribute to handle
> spaces in organization name and dropping the word "SIGNING" from
> PEM header/footer.
>
>> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like it. I’ll call them tomorrow. Thanks for all the help.
>>
>> bwc
>>
>>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote:
>>>
>>>> I then pasted the contents of ‘csr’ into the page and get “This CSR
>>>> has an invalid signature!”
>>>
>>> It's worth playing with openssl to check the output from auth/rsa2csr.
>>> The diagnostics are bound to be a bit less vague. Trying your
>>> instructions, the PEM encoded csr includes the seemingly unwanted word
>>> "SIGNING" in the headers. When I remove it (and a space) openssl req
>>> reports a valid certificate request.
>>>
>>> Lucio.
>>>
>>>
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-25 19:06 ` Brantley Coile
@ 2015-05-26 13:27 ` Brantley Coile
2015-05-26 14:44 ` Brantley Coile
2015-05-26 18:00 ` lucio
0 siblings, 2 replies; 17+ messages in thread
From: Brantley Coile @ 2015-05-26 13:27 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
UPDATE:
I now have reason to believe that they just removed MD5 from known signing algorithms, and that a SHA1 will work. Anyone know anything about this?
Thanks,
bwc
> On May 25, 2015, at 3:06 PM, Brantley Coile <brantleycoile@me.com> wrote:
>
> Turns out the CSR wasn’t acceptable because of the MD5 signature. It seems the that they should be signed as RSA and not MD5. MD5 is not deemed secure enough. The plan 9 code is signing everything with MD5. Who owns this code? Has anyone fixed this yet?
>
>> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9nut@9netics.com> wrote:
>>
>> going by my notes from the last time i used plan9 tools to generate a
>> CSR, the only differences i see are quoting the O attribute to handle
>> spaces in organization name and dropping the word "SIGNING" from
>> PEM header/footer.
>>
>>> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like it. I’ll call them tomorrow. Thanks for all the help.
>>>
>>> bwc
>>>
>>>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote:
>>>>
>>>>> I then pasted the contents of ‘csr’ into the page and get “This CSR
>>>>> has an invalid signature!”
>>>>
>>>> It's worth playing with openssl to check the output from auth/rsa2csr.
>>>> The diagnostics are bound to be a bit less vague. Trying your
>>>> instructions, the PEM encoded csr includes the seemingly unwanted word
>>>> "SIGNING" in the headers. When I remove it (and a space) openssl req
>>>> reports a valid certificate request.
>>>>
>>>> Lucio.
>>>>
>>>>
>>
>>
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-26 13:27 ` Brantley Coile
@ 2015-05-26 14:44 ` Brantley Coile
2015-05-26 14:46 ` Brantley Coile
2015-05-26 18:00 ` lucio
1 sibling, 1 reply; 17+ messages in thread
From: Brantley Coile @ 2015-05-26 14:44 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
Fixed. Use shall instead of md5 and everyone is happy.
> On May 26, 2015, at 9:27 AM, Brantley Coile <brantleycoile@me.com> wrote:
>
> UPDATE:
>
> I now have reason to believe that they just removed MD5 from known signing algorithms, and that a SHA1 will work. Anyone know anything about this?
>
> Thanks,
> bwc
>
>> On May 25, 2015, at 3:06 PM, Brantley Coile <brantleycoile@me.com> wrote:
>>
>> Turns out the CSR wasn’t acceptable because of the MD5 signature. It seems the that they should be signed as RSA and not MD5. MD5 is not deemed secure enough. The plan 9 code is signing everything with MD5. Who owns this code? Has anyone fixed this yet?
>>
>>> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9nut@9netics.com> wrote:
>>>
>>> going by my notes from the last time i used plan9 tools to generate a
>>> CSR, the only differences i see are quoting the O attribute to handle
>>> spaces in organization name and dropping the word "SIGNING" from
>>> PEM header/footer.
>>>
>>>> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like it. I’ll call them tomorrow. Thanks for all the help.
>>>>
>>>> bwc
>>>>
>>>>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote:
>>>>>
>>>>>> I then pasted the contents of ‘csr’ into the page and get “This CSR
>>>>>> has an invalid signature!”
>>>>>
>>>>> It's worth playing with openssl to check the output from auth/rsa2csr.
>>>>> The diagnostics are bound to be a bit less vague. Trying your
>>>>> instructions, the PEM encoded csr includes the seemingly unwanted word
>>>>> "SIGNING" in the headers. When I remove it (and a space) openssl req
>>>>> reports a valid certificate request.
>>>>>
>>>>> Lucio.
>>>>>
>>>>>
>>>
>>>
>>
>>
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-26 14:44 ` Brantley Coile
@ 2015-05-26 14:46 ` Brantley Coile
0 siblings, 0 replies; 17+ messages in thread
From: Brantley Coile @ 2015-05-26 14:46 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
(Ducking smelling connection!) Use sha1.
> On May 26, 2015, at 10:44 AM, Brantley Coile <brantleycoile@me.com> wrote:
>
> Fixed. Use shall instead of md5 and everyone is happy.
>
>> On May 26, 2015, at 9:27 AM, Brantley Coile <brantleycoile@me.com> wrote:
>>
>> UPDATE:
>>
>> I now have reason to believe that they just removed MD5 from known signing algorithms, and that a SHA1 will work. Anyone know anything about this?
>>
>> Thanks,
>> bwc
>>
>>> On May 25, 2015, at 3:06 PM, Brantley Coile <brantleycoile@me.com> wrote:
>>>
>>> Turns out the CSR wasn’t acceptable because of the MD5 signature. It seems the that they should be signed as RSA and not MD5. MD5 is not deemed secure enough. The plan 9 code is signing everything with MD5. Who owns this code? Has anyone fixed this yet?
>>>
>>>> On May 24, 2015, at 11:10 AM, Skip Tavakkolian <9nut@9netics.com> wrote:
>>>>
>>>> going by my notes from the last time i used plan9 tools to generate a
>>>> CSR, the only differences i see are quoting the O attribute to handle
>>>> spaces in organization name and dropping the word "SIGNING" from
>>>> PEM header/footer.
>>>>
>>>>> Thanks all. It goes through sslshopper fine, but the CA still doesn’t like it. I’ll call them tomorrow. Thanks for all the help.
>>>>>
>>>>> bwc
>>>>>
>>>>>> On May 23, 2015, at 1:08 PM, lucio@proxima.alt.za wrote:
>>>>>>
>>>>>>> I then pasted the contents of ‘csr’ into the page and get “This CSR
>>>>>>> has an invalid signature!”
>>>>>>
>>>>>> It's worth playing with openssl to check the output from auth/rsa2csr.
>>>>>> The diagnostics are bound to be a bit less vague. Trying your
>>>>>> instructions, the PEM encoded csr includes the seemingly unwanted word
>>>>>> "SIGNING" in the headers. When I remove it (and a space) openssl req
>>>>>> reports a valid certificate request.
>>>>>>
>>>>>> Lucio.
>>>>>>
>>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-26 13:27 ` Brantley Coile
2015-05-26 14:44 ` Brantley Coile
@ 2015-05-26 18:00 ` lucio
2015-05-26 19:35 ` Brantley Coile
1 sibling, 1 reply; 17+ messages in thread
From: lucio @ 2015-05-26 18:00 UTC (permalink / raw)
To: 9fans
> I now have reason to believe that they just removed MD5 from known
> signing algorithms, and that a SHA1 will work. Anyone know anything
> about this?
There's an exploit for the MD5 version. It looks pretty serious and
deserves to be fixed by disabling the MD5 signing algorithm.
www.phreedom.org/research/rogue-ca/
What exactly did you change in /sys/src/libsec/port/x509.c? I had a
quick look this morning, but I didn't have the opportunity to dig deep
enough.
Lucio.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-26 18:00 ` lucio
@ 2015-05-26 19:35 ` Brantley Coile
2015-05-26 19:44 ` Joe Bowers
0 siblings, 1 reply; 17+ messages in thread
From: Brantley Coile @ 2015-05-26 19:35 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
I just changed “md5(…)” to “shall(…)” and added an object id to the table. Once I figured out I didn’t have to us RSA to *sign* the CSR, but had to have something other than md5, it was easy.
> On May 26, 2015, at 2:00 PM, lucio@proxima.alt.za wrote:
>
>> I now have reason to believe that they just removed MD5 from known
>> signing algorithms, and that a SHA1 will work. Anyone know anything
>> about this?
>
> There's an exploit for the MD5 version. It looks pretty serious and
> deserves to be fixed by disabling the MD5 signing algorithm.
>
> www.phreedom.org/research/rogue-ca/
>
> What exactly did you change in /sys/src/libsec/port/x509.c? I had a
> quick look this morning, but I didn't have the opportunity to dig deep
> enough.
>
> Lucio.
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-26 19:35 ` Brantley Coile
@ 2015-05-26 19:44 ` Joe Bowers
2015-05-27 2:24 ` lucio
2015-05-27 16:41 ` cinap_lenrek
0 siblings, 2 replies; 17+ messages in thread
From: Joe Bowers @ 2015-05-26 19:44 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
[-- Attachment #1: Type: text/plain, Size: 1037 bytes --]
If it's just as simple, this might be the right place/time to use sha256
for this sort of thing.
On Tue, May 26, 2015 at 12:35 PM, Brantley Coile <brantleycoile@me.com>
wrote:
> I just changed “md5(…)” to “shall(…)” and added an object id to the
> table. Once I figured out I didn’t have to us RSA to *sign* the CSR, but
> had to have something other than md5, it was easy.
>
> > On May 26, 2015, at 2:00 PM, lucio@proxima.alt.za wrote:
> >
> >> I now have reason to believe that they just removed MD5 from known
> >> signing algorithms, and that a SHA1 will work. Anyone know anything
> >> about this?
> >
> > There's an exploit for the MD5 version. It looks pretty serious and
> > deserves to be fixed by disabling the MD5 signing algorithm.
> >
> > www.phreedom.org/research/rogue-ca/
> >
> > What exactly did you change in /sys/src/libsec/port/x509.c? I had a
> > quick look this morning, but I didn't have the opportunity to dig deep
> > enough.
> >
> > Lucio.
> >
> >
>
>
>
[-- Attachment #2: Type: text/html, Size: 1610 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-26 19:44 ` Joe Bowers
@ 2015-05-27 2:24 ` lucio
2015-05-27 16:41 ` cinap_lenrek
1 sibling, 0 replies; 17+ messages in thread
From: lucio @ 2015-05-27 2:24 UTC (permalink / raw)
To: 9fans
> If it's just as simple, this might be the right place/time to use sha256
> for this sort of thing.
Again, I did not look into this in detail, but CSRs I generated
recently with openssl seem to use "SHA1 with RSA encryption" for the
signature:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=ZA, L=Kestell, ST=Free State, O=Proxima Research & Development, OU=Public Internet Services, CN=serendipity.proxima.alt.za/emailAddress=admin@proxima.alt.za
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha1WithRSAEncryption
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:
xx:xx
That was what I thought would take some effort to get right in x509.c
Lucio.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-26 19:44 ` Joe Bowers
2015-05-27 2:24 ` lucio
@ 2015-05-27 16:41 ` cinap_lenrek
2015-05-27 17:57 ` cinap_lenrek
1 sibling, 1 reply; 17+ messages in thread
From: cinap_lenrek @ 2015-05-27 16:41 UTC (permalink / raw)
To: 9fans
done.
http://plan9front.googlecode.com/hg-history/fa82e7b5731e34e120e982f8519d36916ee126b0/sys/src/libsec/port/x509.c
http://code.google.com/p/plan9front/source/detail?r=fa82e7b5731e34e120e982f8519d36916ee126b0
--
cinap
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] How do I get a CSR CA's like?
2015-05-27 16:41 ` cinap_lenrek
@ 2015-05-27 17:57 ` cinap_lenrek
0 siblings, 0 replies; 17+ messages in thread
From: cinap_lenrek @ 2015-05-27 17:57 UTC (permalink / raw)
To: 9fans
just fixed another problem in the code. verify_signature() did not
check the digest length!
http://plan9front.googlecode.com/hg-history/8b005ad9d48998e30c4715383c8bc53fae0eccb1/sys/src/libsec/port/x509.c
http://code.google.com/p/plan9front/source/detail?r=8b005ad9d48998e30c4715383c8bc53fae0eccb1
--
cinap
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2015-05-27 17:57 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-23 15:31 [9fans] How do I get a CSR CA's like? Brantley Coile
2015-05-23 16:40 ` David du Colombier
2015-05-23 17:08 ` lucio
2015-05-24 12:10 ` Brantley Coile
2015-05-24 13:07 ` lucio
2015-05-24 15:10 ` Skip Tavakkolian
2015-05-25 19:06 ` Brantley Coile
2015-05-26 13:27 ` Brantley Coile
2015-05-26 14:44 ` Brantley Coile
2015-05-26 14:46 ` Brantley Coile
2015-05-26 18:00 ` lucio
2015-05-26 19:35 ` Brantley Coile
2015-05-26 19:44 ` Joe Bowers
2015-05-27 2:24 ` lucio
2015-05-27 16:41 ` cinap_lenrek
2015-05-27 17:57 ` cinap_lenrek
2015-05-23 17:43 ` balaji
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).