@avadacatavra how is it even possible? There is a `—— BEGIN CERTIFICATE ——` wrappers for certs, and similar for keys.
-
-
-
An implementation that doesn't expect certs to be base64 encoded may not try to parse its "cert" input at all.
-
Even an implementation that might expect Base64 encoding might just use a regex like "-.+" to skip BEGIN/END lines.
-
Or, maybe it searches for "BEGIN CERTIFICATE" & when not found assumes the file is a binary (not Base64) DER cert.
-
then it will fail to parse it. base64 obviously won’t parse as DER
-
I bet many TLS servers never parse their own certificates. Definitely many never validate their own certs.
-
oh well… I feel sorry for people who use such software.
End of conversation
New conversation -
-
-
don't wonder, check :-)
-
I prefer to wonder about things here on Twitter and then read the papers that people write on the topics the next year. Much easier.
- 1 more reply
New conversation -
-
-
My recollection is that nginx will refuse to start. I haven't used apache in years.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@hacks4pancakes@avadacatavra The longer I work in this business, the stronger typing I like. Now `int` is gone; soon `string`Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
for the lowest level cert, server has to verify it matches privkey. But maybe it includes the rest of the chain verbatim?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
luckily openssl was properly configured to fail in this situation...unfortunately the error was a bit difficult to understand
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.