-
Hi everyone,
I'm using pyasn1-modules to build a small cmp client (subset of rfc4210). I think there is a mistake in the rfc4210 module in the PKIHeader class.
The last entry should be
```python
…
ghost updated
3 years ago
-
in general we might be too strict on the presence of the key to be when building up the request messages - as they could actually just be omitted, if we would have a RA or CA supporting centralized ke…
tpank updated
6 years ago
-
I am migrating an application from pyasn1 0.1.7 to the newest 0.4.4, and there's an issue with something that used to work in the past. Here is the code to reproduce the error
```
from pyasn1.code…
-
From RFC 4210 D.3's last sentence it seems as if clients need to implement all 3 cases of RFC 4211 4.1 need to be fully RFC compliant.
So far only case 3 is supported \(see crmf/crmf\_lib.c\).
C…
tpank updated
5 years ago
-
It is rather untypical that the target of a certificate chain validation is a self-signed cert,
but there are some valid cases, including directly trusted root CA or EE certs.
I recently came acros…
DDvO updated
5 months ago
-
- Karaf 6.5.2 includes the CMP command.
- Karaf 6.5.3 does not have the CMP command.
- Therefore, te…
-
Users or applications using the library should not be bothered with certificates needed only for checking the protection of CMP messages received. One could modifiy `CMP_CTX_extraCertsIn_get1()` not t…
tpank updated
4 years ago
-
This came up in https://github.com/openssl/openssl/pull/15283#discussion_r772433609.
Looks like `ERR_clear_error()` is not really constant-time due to
`static ossl_inline void err_clear(...)` in …
-
- [❓] What is the ASN.1 format of composite **public keys** from `CompositeKEM.KeyGen()`?
The draft specifies:
The KeyGen() -> (pk, sk) of a composite KEM algorithm will perform the KeyGen…
-
https://github.com/openssl/openssl/blob/master/apps/openssl.cnf#L345
```
ignore_keyusage = 1 # potentially needed quirk
unprotected_errors = 1 # potentially needed quirk
```
Lots of projects su…