-
Apparently due to some misconception, `pkcs11_get_ec()` assumes that the PCKS#11 device returns `EC_POINT` data of public keys in ASN.1 encoding. At least my CardOS v5.0 test card does not work this w…
-
Hello!
I would like to understand difference (both comparing to spec. and in terms of configuration) between EST server running on testrfc7030.cisco.com and an example of EST server located in exampl…
-
For the server:
Add the distinction between Explicit TA database and Implicit TA database, as this is required according to RFC 7030, section 3.3.2:
The server validates the TLS client certificat…
-
I came across the last parameter 'ex_data' of the server callback functions:
```
int (*est_enroll_pkcs10_cb)(unsigned char *pkcs10, int p10_len,
unsigned char **pkcs7, int *c…
-
When using objdump to view the soname in libest.so, the wrong soname is embedded in the ELF header. It should read the same value in configure.ac (currently 1.1.0). Here's the current output from ob…
-
Hi again John,
for officially publishing and using libest (and any further updates by us or others) possibly outside the country, we need to confirm to our lawyers that it has a valid TSU, and to thi…
DDvO updated
10 years ago
-
When using the est_client_enroll_csr() API to enroll and externally generated CSR, libest does not always include the challengePassword in the CSR even when PoP is forced on by using est_client_force_…
-
The wrong version information for the run-time OpenSSL linkage is displayed when invoking est_log_version(). For example, when compiling against OpenSSL 1.0.1h, and then run-time linking against Cisc…
-
Here is a list of adaptations, mostly on the example client and server,
that I so far did locally and suggest to commit/push::
- added a few missing dependencies in Makefiles of example client and
s…
DDvO updated
10 years ago