Re: [openssl-users] OpenSSL 0.9.8 - No more security fixes, nor updates and support, But NO CVEs listed either?

2016-01-12 Thread Joe Flowers 
Thanks, Matt!


I did not know that OpenSSL.org is the only organization that creates
CVEs for OpenSSL.


Thanks for clearing this up for me!


Joe

--


On 12/01/16 22:43, Joe Flowers wrote:
>* Hello OpenSSL Developers,
*> > >* I understand through your previous announcements that OpenSSL
0.9.8 is no longer "supported", and no more "security fixes", nor
"security updates" will be provided by OpenSSL.org.
*> > >* Does this mean that we can expect no more CVEs to be generated
or listed for OpenSSL 0.9.8 also?
*
Not supported means we will no longer being doing work on the 0.9.8 or
1.0.0 branches. This includes any analysis which may lead to a CVE
assignment.

Matt
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] OpenSSL 0.9.8 - No more security fixes, nor updates and support, But NO CVEs listed either?

2016-01-12 Thread Matt Caswell 


On 12/01/16 22:43, Joe Flowers wrote:
> Hello OpenSSL Developers,
> 
> 
> I understand through your previous announcements that OpenSSL 0.9.8 is no 
> longer "supported", and no more "security fixes", nor "security updates" will 
> be provided by OpenSSL.org.
> 
> 
> Does this mean that we can expect no more CVEs to be generated or listed for 
> OpenSSL 0.9.8 also?

Not supported means we will no longer being doing work on the 0.9.8 or
1.0.0 branches. This includes any analysis which may lead to a CVE
assignment.

Matt

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL 0.9.8 - No more security fixes, nor updates and support, But NO CVEs listed either?

2016-01-12 Thread Joe Flowers 
Hello OpenSSL Developers,

I understand through your previous announcements that OpenSSL 0.9.8 is no
longer "supported", and no more "security fixes", nor "security updates"
will be provided by OpenSSL.org.


Does this mean that we can expect no more CVEs to be generated or listed
for OpenSSL 0.9.8 also?


Thanks!

Joe


"NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR
THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED
(AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER
VERSIONS."

"As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL
versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for
these
versions will be provided after that date. In the absence of significant
security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
releases will be the last for those versions. Users of these versions are
advised to upgrade."

per http://openssl.org/news/secadv/20151203.txt.
-
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] OpenSSL 0.9.8 - No more security fixes, nor updates and support, But NO CVEs listed either?

2016-01-12 Thread Joe Flowers 
Hello OpenSSL Developers,


I understand through your previous announcements that OpenSSL 0.9.8 is
no longer "supported", and no more "security fixes", nor "security
updates" will be provided by OpenSSL.org.


Does this mean that we can expect no more CVEs to be generated or
listed for OpenSSL 0.9.8 also?


Thanks!

Joe




"NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE

0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS."


"As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
versions will be provided after that date. In the absence of significant
security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
releases will be the last for those versions. Users of these versions are
advised to upgrade."


per http://openssl.org/news/secadv/20151203.txt.

-
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] libssl.so.1.0.0

2016-01-12 Thread Kurt Roeckx 
On Tue, Jan 12, 2016 at 04:03:42PM -0500, Jeff Archer wrote:
> I am building from source that came from openssl-1.0.2e.tar.gz but it
> appears to be producing output of libssl.so.1.0.0.  Is this what I should
> expect?

Yes.  That is the correct soname for all 1.0.X releases.


Kurt

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] libssl.so.1.0.0

2016-01-12 Thread Jeff Archer 
I am building from source that came from openssl-1.0.2e.tar.gz but it
appears to be producing output of libssl.so.1.0.0.  Is this what I should
expect?


Jeff Archer
jeffarch...@gmail.com 
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_COMP

2016-01-12 Thread Michał Trojnara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12.01.2016 20:18, Viktor Dukhovni wrote:
>> On Jan 12, 2016, at 4:05 AM, Michal Trojnara
>>  wrote: I guess openssl/ssl.h should
>> be modified to include: typedef struct ssl_comp_st SSL_COMP; 
>> DEFINE_STACK_OF(SSL_COMP)
> 
> Try a more recent git commit.  This should be fixed now.

It works.  Thank you.

Best regards,
Mike
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJWlVdRAAoJEC78f/DUFuAUbfIQAMrWPpm37y3/qajjOmvN+ZX4
uke0FFWyMY94DrsSFcL6GjdLa6T1/LvuyDELVn+lujPlMMGq8zApSyQ5Qnsz3Vbq
oosKVga1jpCgJasx8aas4kk6faiggNrk+THjIC5GZtMlqLN/o/cC5SDQgYKQ0UBA
PZRaywTbS37Sdu8gldu0mL46SqGhwyeUV/dNeAvKiB1Bimb4HZMYM3cqs6dabBfr
pw7ymJIa99rSKx4DureWZ+vIrtHyfFm34QT9JB0A+3qqj8m0B8DG71ljsUSbAu7p
YIz1QJ3Aj1qOqWC76JEVtw/754/YKOnWFtapt1A09C9Cxo3DxFFHEwhmiJYHjPu/
0WZbnw91PU9KjEqJ+f6ELxyTT315WjxT2pypgDKw/E1EIetQoaOGukMW1UnTTVJY
UKSsotkNoDT5mrFcfW355KorvXmguKcd3rKT+6gC6zW0CO1pGmCunyp9hSm7K5l1
+pb1cRNDGYIn6jDPJuqCameTFsYx2YGYYGK41k6Bu9kyF8xzWnys26U+aIs4Ib6k
IXToIjDF52gVGS1UQYrz08QsVV3XnI47Q/+FIOlY9oOEMHISQvytIJp7kVaUNZ1Z
0g6g7xEQgn53LMai45htTkzR4Sv15rQDYvXr6IU9KmiCKWUhVmJVa1hTaVAeO8ZX
6i+qE6WzyHUC8qLnuoaL
=4EYu
-END PGP SIGNATURE-
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_COMP

2016-01-12 Thread Viktor Dukhovni 

> On Jan 12, 2016, at 4:05 AM, Michal Trojnara  
> wrote:
> 
> Any idea how to properly use:
> STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
> STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
>  *meths);
> in the latest OpenSSL 1.1 git, which no longer declares SSL_COMP?
> 
> I guess openssl/ssl.h should be modified to include:
> typedef struct ssl_comp_st SSL_COMP;
> DEFINE_STACK_OF(SSL_COMP)

Try a more recent git commit.  This should be fixed now.

-- 
Viktor.



___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_COMP

2016-01-12 Thread Viktor Dukhovni 

> typedef struct ssl_comp_st SSL_COMP;

Yes, that needs to be visible.  Thanks.

Patch below:

openssl base64 -d < ssl_comp.diff
H4sIANFMlVYAA42SwW7iMBCG736KkfYCZJ3QNEArLkU0FLQUEM5hb1awHWIpJFFs
tKyqffe1SygtpFUjRbZn/vnl8XxcJglgvJUaYk/mLNtz4RWlyJXKPPO7KWya40jm
XBxg09/EvfuN6woWxJwFcNPt9oMAYYw/c0SO43zq+vAA+Nbv/bwDxy43XTAR/bcU
XCSgdLVnGoySMlmmoqJKAyFzOp6tpuF6iJqUSigli/wkJSEhs+XiWqszRZXcxtlW
WW00J5TMnkbzJ9Lsy4o8oUwf3u6wXEzoOPo9RE6jeleelc8r44ngMZzMFiEl0Wj8
iy4n1oJErXNDbeRcSFqn+rat9zpA1tEKyqrQgmnTpd0mMhMKkqKCvRLwR+oUdCrs
gapKlyAO2ry4FbfWkzH0Bv2g3fGuezRaenamtbNt4gXx99zU06NZwY7AfAzUpMTB
fZfxW9dlvu/HA/6RlIuSIyIXQctG/85A0QPndfWb4KjK01Re7Bv9AJGb25ot/tZY
MGrKGyv7yVyD5MPjwQBgMiyNK+jk8U7UYWtDn8NounyEzk7otLAF/+zA8RfTrFPz
6YhMT6ma1fYrLOg/L07Oi6wDAAA=
EOF

-- 
Viktor.



___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Jks converted to Pem error in veirfying

2016-01-12 Thread Anil Mathew 
Hi Jan,
Thanks for you reply.  I have sent you the mail with the certificates.  The
version is.
OpenSSL 0.9.8k 25 Mar 2009

​Regards
Anil​


















Sent with MailTrack


On Tue, Jan 12, 2016 at 2:02 AM, Jan Just Keijser  wrote:

> Hi,
>
> On 10/01/16 05:15, Anil Mathew wrote:
>
> I am a novice in terms of ssl and hence have limited knowledge in this.
> Please help
>
> I have been a given a jks file that has server certificate, client
> certificate and a key for the client certificate.  I need to convert it to
> pem to use it in my application.
>
> I have converted a jks file to p12 and then to pem.
> However when i try to verify i get the following error.
>
> echo |openssl verify -verbose -purpose sslclient -issuer_checks -CApath
> C:\Data\Openssl\demoCA\certs -CAfile client.pem client.pem
> client.pem: /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 20 at 0 depth lookup:unable to get local issuer certificate
>
>
> this could be a PRINTABLE_STRING  / UTF8_STRING mismatch - can you send me
> the certificates (not the key!) via private email and I will have a look.
> There are some funky options you can add to openssl to see how the
> certificate is composed.
>
> Also, it would help to list the exact version of openssl that you are
> using (run 'openssl version').
>
> HTH,
>
> JJK
>
>
> ___
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>


-- 
Best Regards
Anil Mathew
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SSL_COMP

2016-01-12 Thread Michal Trojnara 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Guys,

Any idea how to properly use:
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
  *meths);
in the latest OpenSSL 1.1 git, which no longer declares SSL_COMP?

I guess openssl/ssl.h should be modified to include:
typedef struct ssl_comp_st SSL_COMP;
DEFINE_STACK_OF(SSL_COMP)

Best regards,
Mike
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWlMHlAAoJEC78f/DUFuAU3JMQAMtCTOp6fK45IPWwJf+wQ89M
J6Le/KtsVN1IHqnubJF8OUcAxJCMRf0u75irRukuhil8SQ5SgVmham8IhD2oeQ2F
EAbLAZC1GRBBD5q2E+1XcXGB520PKiSjHjz0cEAr7GmLkzUggw1d1/cDKsjiKpnx
CMdCCQ1cTZ/tWt4m2dHnqh4lDpjnKN8AhTsMo8NZjqf3w4gZPtQbUhoIDhR18OUt
xiiaDtKXlYUu+aGtI5lLC2FoU1cFJ8t5ovynsfzB5lLaB5kKKxx7JbjyhtbW1Nxa
UCjzkgJCrpFkeWKx38ddWpf9gCjPMUJ+1rirlukuVs5mitqf8jsiqOIk8qW+E0KJ
ANlWfMNRkk/vLqw4tO9TfPn3WUzmuGbFt3TFUrF8Wj8AtgGYatHdB88m2UzQqdz/
mMaCYZq6B60BnMsHFTKoqdpYRVyTaAde/kAYTBp5CcXbYN/hWx63EtYgtxxtl++2
ts06xj3xze6cy9L9Q4d1qsPf8GtBRiQgkwU7qFjvI4ZE1P5YdJDejNOjOpO7yP8x
S+oFjX0DiaxHFEkoo2GTMj4dBMTBmZ58h7BTZY6PH72JibH1juDe/WWTwSUqWYzJ
zrRkDqiU8cVxonEvVTrppK/jd5gCYmF0b1jlaBZrvrPCEBOCRpYGxI7AIdInk5tv
YeMSmqRugknjQ88AQYxT
=BCDL
-END PGP SIGNATURE-
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users