Then what would you suggest? SRP is completely broken for us with 1.0.1i
Norm
On 8/8/14, 11:51, Matt Caswell wrote:
On 08/08/14 19:33, Norm Green wrote:
Hello Steve,
Reverting the below commit is necessary but not sufficient. There are
also references to aSRP in s3_clnt.c and ssl_lib.c that must be deleted
to get OpenSSL to build. SRP functions correctly once that has been done.
Those were introduced as part of the fix to CVE-2014-5139 (commit
83764a989)...deleting them may be unwise.
Matt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
