[openssl-users] OpenSSL version 1.1.1 pre release 9 published

Mon Aug 27 18:42:24 UTC 2018

Since this example would show how to generate certificates that people may not have a lot of experience dealing with - I think it would make a lot of sense to document as much as possible.

In short: yes please do include the examples of both what the certs should look like, and how to generate them.

On 8/27/18, 2:34 PM, "openssl-users on behalf of Hubert Kario" <openssl-users-bounces at openssl.org on behalf of hkario at redhat.com> wrote:

    On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
    > On 08/23/2018 09:00 AM, Tomas Mraz wrote:
    > > On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:
    > >> On 08/22/2018 11:48 AM, Matt Caswell wrote:
    > >>> On 22/08/18 00:53, Robert Moskowitz wrote:
    > >>>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
    > >>>>> On 21/08/18 16:24, Robert Moskowitz wrote:
    > >>>>>> Thanks!
    > >>>>>> 
    > >>>>>> Once Fedora beta picks this up, I will run my scripts against
    > >>>>>> it and see
    > >>>>>> if all cases of hash with ED25519 are fixed.
    > >>>>> 
    > >>>>> Unfortunately the command line usability changes for this
    > >>>>> didn't make it
    > >>>>> into the beta. They should still be in the final release.
    > >>>> 
    > >>>> Sigh.  That means you will get it right.  Right?  :)
    > >>>> 
    > >>>> Change seems simple enough.
    > >>> 
    > >>> The relevant change has now been merged to master.
    > >> 
    > >> Fedora had already built pre9.1.  But on the off chance, I will look
    > >> at
    > >> it with tomorrow's build.
    > > 
    > > I'm sorry but no, I am not updating Fedora with current git tree
    > > checkout. You'll have to wait for the next prerelease or the final
    > > version if there are no further prereleases.
    > 
    > Tomas,
    > 
    > Thanks for responding here.
    > 
    > I have been preparing an Internet Draft on how to build an ED25519 pki. 
    > I know have the choice of:
    > 
    > building my own 1.1.1 pre9 for testing.
    > Wait to push the draft out until 1.1.1 is fully released.
    > Fudge the draft by adding yet another caveat (yes there is a caveat
    > section that I developed in creating the ECDSA pki draft) that the
    > commands are for how it is suppose to work in production 1.1.1, not what
    > I had to do in the prerelease.
    > 
    > Decisions decisions.  Thing is I want the draft out so I can push for
    > EDDSA support in IEEE 802.1AR with the next meeting early Sept.

    I'm not sure if providing command line examples for one particular tool are a 
    good idea...

    Example certificates, sure, but not commands to generate them...

    -- 
    Regards,
    Hubert Kario
    Senior Quality Engineer, QE BaseOS Security team
    Web: www.cz.redhat.com
    Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic