[stunnel-users] FQDN validation and checking within
Nagasundaram, Sekhar
snagasun at visa.com
Tue Jan 31 18:14:44 CET 2006
Mike:
Given this: what is the best way for Stunnel to make authentication
And authorization decisions based on information presented in the
Certificate from the peer. My question comes from: how do I do level 3
Checking in a scalable manner when my order of magnitude is in the
Thousands...
Much thanks
Sekhar
-------------------------------
Message: 3
Date: Tue, 31 Jan 2006 09:51:06 +0100
From: "Michal Trojnara" <Michal.Trojnara at mobi-com.net>
Subject: RE: [stunnel-users] FQDN validation and checking within
STunnel
To: <stunnel-users at mirt.net>
Message-ID: <20060131085108.B053F1C130 at linode.mirt.net>
Content-Type: text/plain; charset="us-ascii"
Nagasundaram, Sekhar wrote:
> Is there a setting in Stunnel to do FQDN checking?
DNS is not a secure protocol
(http://www.securesphere.net/download/papers/dnsspoof.htm). Security
should not be based on DNS checks. I'm not going to implement this
feature.
Best regards,
Mike
------------------------------
Message: 4
Date: Tue, 31 Jan 2006 10:41:37 +0100
From: "Michal Trojnara" <Michal.Trojnara at mobi-com.net>
Subject: RE: --with-threads=ucontext portability (was Re:
[stunnel-users] stunnel4.x.x and IRIX)
To: <stunnel-users at mirt.net>
Message-ID: <20060131094139.33A011C17C at linode.mirt.net>
Content-Type: text/plain; charset="iso-8859-1"
Miloslav Trmac wrote:
> I have just seen a crash at a similar place on x86_64. The apparent
> cause is sthreads.c:116:
> makecontext(&ctx->ctx, (void(*)(void))cli, 1, arg); arg is a void
> *, but:
> - the size is given as 1; it should be
> (sizeof (arg) + sizeof (int) - 1) / sizeof (int)
> because the "size" is defined as a number of int arguments
> - it won't work anyway; makecontext () is defined to work only for
> integer parameters. It is not possible to pass a pointer as
> integers on x86_64, which uses registers to pass the first 6
> integer or pointer parameters.
Are we still talking about IRIX?
http://nixdoc.net/man-pages/IRIX/man3c/makecontext.3c.html
I can't find any of mentioned limitations in the manual.
Just the opposite: "the arguments that follow the argc parameter for
makecontext are restricted to longs and pointers only".
Best regards,
Mike
------------------------------
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
End of stunnel-users Digest, Vol 18, Issue 19
*********************************************
More information about the stunnel-users
mailing list