Getting ready for a release, wildcards

Hal Murray halmurray at sonic.net
Tue Apr 19 22:01:57 UTC 2022


I just pushed 2 tweaks.  One is to update the nts cert documentation to say 
that it doesn't do any checking on the certificate.

The other is a hack patch to aes_siv.c to supress deprecated warnings from 
OpenSSL 3.

Is anybody (else) using OpenSSL 3?

It's trivial on FreeBSD.  Just install openssl-devel-3.0.2
(3.0.3 will be out soon)

For others, HOWTO-OpenSSL should be enough.
If not, please fix it, or tell me where you got it trouble or ...

----------

I think I understand the wildcard tangle.  They are generally considered OK.

My plan is to fixup the code so that the default is to accept wildcards but 
it's easy to turn them off.  Details TBD.

Can anybody think of any other optional features that would make things 
slightly more secure?

We should start collecting ideas in this area.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list