1) handle errors when loading thumbprint file.
initThumbprints() now returns nil and sets errstr
on error. a syntax error in a thumbprint file
should be reported instead of silently ignored!
(have to check users)
2) fix memory leak in initThumbprints(); we have to use
freeThumbprints() instead of free to release crltab.
3) use the actual head entries for thumbprint
storage in the thumbprints array. most thumbprint
files are rather sparse.
4) remove private emalloc() function. we shouldnt
just exit the calling process on allocation error,
instead handle error properly. this is a library!
from /n/sources/patch/blowfish/readme:
Blowfish is broken. The order of the bytes in the ciphertext
is wrong. The problem is the conversion from the ciphertext
plaintext block to the array of u32int used by the core funcions
and vice versa.
This code has been tested on big endian and little endian
machines.
A test program is also included, bftets.c. It uses the
test vectors of blowfish available at
https://www.schneier.com/code/vectors.txt
- TLSconn structure on stack but not initialized (zeroed)
- original filedescriptor double closed in error case
- original filedescriptor leaked in success case
- leaked TLSconn.sessionID and TLSconn.cert
- clarify in pushtls(2) and pushssl(2)
This patch adds client TLS authentication to libsec in compliance with
rfc 4346.
A new -c flag has been introduced for tlsclient allowing the user to
specify a certificate in pem(8) format which will be provided to the
server upon request.
A -D debug flag has been introduced to enable debugging output.
The patch has been tested against OpenSSL 0.9.7j 04 May 2006.
It exists today because of the great (debugging) help and insight
provided by Matthias Bauer.
TODOs:
- specification of a certain client key in factotum is not possible at
the moment
- tlssrv should support this too
These will get added in another patch.
The first try to submit this patch failed due to a network error.
Sorry for the duplication!
Kind regards,
Christian
