Re: [Clamav-devel] Introducing OpenSSL as a dependency to ClamAV
On Tue, Mar 4, 2014 at 6:58 AM, Mark Allan wrote: > Looks like relying on OpenSSL might cause problems for ClamAV on OS X. > > Al (a regular contributor to this list) pointed me towards the following > blog post > > https://hynek.me/articles/apple-openssl-verification-surprises/ > > It explains some of the problems with Apple's installation of OpenSSL, and > offers some workarounds. Relying on homebrew or MacPorts isn't an option > for me because I produce compiled pre-packaged installers for ClamAV on OS > X; I provide these to the general public, so have to expect users to be > running the standard Apple-supplied OpenSSL. > > Can I ask you to consider one of the two code-level solutions proposed in > that blog post please? Presumably it would have to be implemented as a > configure flag rather than for all Mac builds as I suspect some of the more > advanced ClamAV users out there *will* have compiled their own OpenSSL. > > Thanks > Mark Hey Mark, We're currently only using the hashing functionality in OpenSSL. For the time being, we're not doing anything with X509 certificates, certificate chains, or SSL. We're only using OpenSSL for MD5, SHA1, and SHA256. Thanks, Shawn ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Introducing OpenSSL as a dependency to ClamAV
Looks like relying on OpenSSL might cause problems for ClamAV on OS X. Al (a regular contributor to this list) pointed me towards the following blog post https://hynek.me/articles/apple-openssl-verification-surprises/ It explains some of the problems with Apple's installation of OpenSSL, and offers some workarounds. Relying on homebrew or MacPorts isn't an option for me because I produce compiled pre-packaged installers for ClamAV on OS X; I provide these to the general public, so have to expect users to be running the standard Apple-supplied OpenSSL. Can I ask you to consider one of the two code-level solutions proposed in that blog post please? Presumably it would have to be implemented as a configure flag rather than for all Mac builds as I suspect some of the more advanced ClamAV users out there *will* have compiled their own OpenSSL. Thanks Mark ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Introducing OpenSSL as a dependency to ClamAV
On Mon, Mar 3, 2014 at 6:32 PM, Brandon Perry wrote: > Hi, > > The blog post doesn't mention what would now be SSL-ified. Would the > dependency be added to enable support for SSL enabled streams using the > clams protocol? > For now, we plan on using only the hashing functionality in OpenSSL instead of our own hand-rolled hashing code (for MD5, SHA1, and SHA256). The protocol for clamd will remain untouched. Further work we have planned for freshclam will depend on additional functionality in the OpenSSL library. ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Introducing OpenSSL as a dependency to ClamAV
Hi, The blog post doesn't mention what would now be SSL-ified. Would the dependency be added to enable support for SSL enabled streams using the clams protocol? On Wed, Feb 26, 2014 at 6:23 PM, Brandon Perry wrote: > Will we see changes to the clamd protocol to support SSL in the near > future? > > On 02/26/2014 10:08 AM, Joel Esler (jesler) wrote: > > On Friday last week I put a blog post up about introducing OpenSSL into > the ClamAV ecosystem. I wanted to make sure everyone saw it, so please > have a look at the blog post here: > > > > http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html > > > > -- > > Joel Esler | Threat Intelligence Team Lead | Open Source Manager | > Vulnerability Research Team > > ___ > > http://lurker.clamav.net/list/clamav-devel.html > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Introducing OpenSSL as a dependency to ClamAV
Will we see changes to the clamd protocol to support SSL in the near future? On 02/26/2014 10:08 AM, Joel Esler (jesler) wrote: > On Friday last week I put a blog post up about introducing OpenSSL into the > ClamAV ecosystem. I wanted to make sure everyone saw it, so please have a > look at the blog post here: > > http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html > > -- > Joel Esler | Threat Intelligence Team Lead | Open Source Manager | > Vulnerability Research Team > ___ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
