On 02/02/2016 02:22 PM, Tim Small wrote:
#813468 is similar but impacting a different application. I did come
across a patch which backports the fix included in newer versions of the
upstream OpenSSL 1.0.1 branch, to the 1.0.1k derived package in Jessie.
I haven't reviewed or tested the fix tho':
https://gist.github.com/h-yamamo/adf44638a1a04b8e86ea
Thanks for the additional info and openssl ticket number. I'm open to
including the 1024-bit certificates mozilla removed and started a
branch, but haven't completed this. I don't have the openssl expertise
to review the patch, but it is interesting and could be a better way to
handle the problem, but also it seems a new patch to openssl in stable
could be more invasive.
--
Michael