The commit into 1.0.1 didn't include the changes to s3_lib.c. SRP is still broken on this branch. Are there any plans to fix this?
> On Aug 11, 2014, at 6:41 PM, "Kurt Roeckx via RT" <r...@openssl.org> wrote: > >> On Mon, Aug 11, 2014 at 11:09:51PM +0200, John Foley via RT wrote: >> The fix discussed in this thread appears to be incomplete: >> >> http://marc.info/?l=openssl-users&m=140752401023837&w=2 >> >> This fix works for SRP cipher suites that uses RSA for DSA, which >> includes 6 of the 9 supported SRP cipher suites. But the three SRP >> cipher suites that don't rely on a server-side certificate are still >> broken. This problem can be recreated using these commands: > > I believe this is already in master in commit > 9e72d496d4f9880ec98f0ed9168246e35c1c3059 > > > Kurt > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org