[stunnel-users] FQDN validation and checking within

Nagasundaram, Sekhar snagasun at visa.com
Tue Jan 31 18:14:44 CET 2006 

 


Mike:

Given this: what is the best way for Stunnel to make authentication
And authorization decisions based on information presented in the
Certificate from the peer. My question comes from: how do I do level 3
Checking in a scalable manner when my order of magnitude is in the 
Thousands...

Much thanks

Sekhar
-------------------------------


Message: 3
Date: Tue, 31 Jan 2006 09:51:06 +0100
From: "Michal Trojnara" <Michal.Trojnara at mobi-com.net>
Subject: RE: [stunnel-users] FQDN validation and checking within
	STunnel
To: <stunnel-users at mirt.net>
Message-ID: <20060131085108.B053F1C130 at linode.mirt.net>
Content-Type: text/plain;	charset="us-ascii"

 
Nagasundaram, Sekhar wrote:
> Is there a setting in Stunnel to do FQDN checking?

DNS is not a secure protocol
(http://www.securesphere.net/download/papers/dnsspoof.htm).  Security
should not be based on DNS checks.  I'm not going to implement this
feature.

Best regards,
    Mike



------------------------------

Message: 4
Date: Tue, 31 Jan 2006 10:41:37 +0100
From: "Michal Trojnara" <Michal.Trojnara at mobi-com.net>
Subject: RE: --with-threads=ucontext portability (was Re:
	[stunnel-users]	stunnel4.x.x and IRIX)
To: <stunnel-users at mirt.net>
Message-ID: <20060131094139.33A011C17C at linode.mirt.net>
Content-Type: text/plain;	charset="iso-8859-1"

 
Miloslav Trmac wrote:
> I have just seen a crash at a similar place on x86_64.  The apparent 
> cause is sthreads.c:116:
>     makecontext(&ctx->ctx, (void(*)(void))cli, 1, arg); arg is a void 
> *, but:
> - the size is given as 1; it should be
>   (sizeof (arg) + sizeof (int) - 1) / sizeof (int)
>   because the "size" is defined as a number of int arguments
> - it won't work anyway; makecontext () is defined to work only for
>   integer parameters.  It is not possible to pass a pointer as
>   integers on x86_64, which uses registers to pass the first 6
>   integer or pointer parameters.

Are we still talking about IRIX?
http://nixdoc.net/man-pages/IRIX/man3c/makecontext.3c.html
I can't find any of mentioned limitations in the manual.
Just the opposite: "the arguments that follow the argc parameter for
makecontext are restricted to longs and pointers only".

Best regards,
    Mike



------------------------------

_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users


End of stunnel-users Digest, Vol 18, Issue 19
*********************************************

More information about the stunnel-users mailing list