Date sent: Tue, 4 Jun 2002 19:45:55 +0200
From: Lutz Jaenicke <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: zlib double free bug and openssl question.
Organization: BTU Cottbus, Allgemeine Elektrotechnik
Send reply to: [EMAIL PROTECTED]
I know of several public applications that uses zlib with OpenSSL.
Probably more that I don't know about. In general, anything that
uses SSL enabled telnet can make use of the OpenSSL zlib feature.
Ken
On Mon, Jun 03, 2002 at 04:01:38PM -0400, Lenny Miceli wrote:
> I've tried to search the archives/bug reports/faq's and didn't find any
> definitive answers on the zlib Double Free Bug CERT's Advisory CA-2002-07
> issue. Does openssl v0.9.6b or above have this issue? I know if you do a
> stings on libcrypto.a you find zlib alot, so I assume somehow the zlib library
> is used in crypto/comp/c_zlib.c or somewhere. Thanks for any help
> you can give me.
If not explicitely selected, OpenSSL is not compiled with zlib-
support.
And even if it would be compiled in, it won't be used by default,
unless
an application enables it. I am not aware of any publicly available
application using zlib functionality inside OpenSSL.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
User Support Mailing List openssl-
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
_
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
