Re: OpenSSL 0.9.8m-beta1 release (Build Broblem)
On Tue, Jan 26, 2010, So Gerald wrote: I built it with VC-Win32 and got a problem: perl Configure VC-WIN32 no-hw enable-capieng -DOPENSSL_ SSL_CLIENT_ENGINE_AUTO=capi -DOPENSSL_CAPIENG_DIALOG ms\do_masm nmake -f ms\ntdll.mak .\ssl\d1_both.c(992) : warning C4761: integral size mismatch in argument; conversion supplied .\ssl\d1_both.c(992) : error C2220: warning treated as error - no object file ge nerated NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. 2010/1/21 Thor Lancelot Simon t...@panix.com Should be fixed in the next snapshot. In future please report bugs to the request tracker. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 0.9.8m-beta1 release (Build Broblem)
I built it with VC-Win32 and got a problem: perl Configure VC-WIN32 no-hw enable-capieng -DOPENSSL_ SSL_CLIENT_ENGINE_AUTO=capi -DOPENSSL_CAPIENG_DIALOG ms\do_masm nmake -f ms\ntdll.mak .\ssl\d1_both.c(992) : warning C4761: integral size mismatch in argument; conversion supplied .\ssl\d1_both.c(992) : error C2220: warning treated as error - no object file ge nerated NMAKE : fatal error U1077: 'cl' : return code '0x2' Stop. 2010/1/21 Thor Lancelot Simon t...@panix.com On Thu, Jan 21, 2010 at 12:59:36AM +0100, OpenSSL wrote: The OpenSSL project team is pleased to announce the release of version 0.9.8m-beta1 of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bug fix beta release which implements draft-ietf-tls-renegotiation-03.txt to address CVE-2009-3555. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. | *) Implement draft-ietf-tls-renegotiation-03. Re-enable | renegotiation but require the extension as needed. Unfortunately, | SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a | bad idea. It has been replaced by | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with | SSL_CTX_set_options(). This is really not recommended unless you | know what you are doing. | [Eric Rescorla e...@networkresonance.com, Ben Laurie, Steve Henson] The change described above is a major API/ABI change. Now applications must handle three different cases: 1) No built-in support for preventing unsafe renegotiation; do it yourself with callbacks. 2) Built-in support controlled by SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, no #define at all for SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 3) Built-in support controlled by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, no #define for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION I guess once again everyone gets to bump their major version numbers for the OpenSSL shared libraries for a point release (this'll be the second bump in three months for anyone who picked up 0.9.8l) and gets to write application code full of nasty #if hacks which check the OpenSSL version string. Yuck! Thor __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 0.9.8m-beta1 release
On Thu, Jan 21, 2010 at 12:59:36AM +0100, OpenSSL wrote: The OpenSSL project team is pleased to announce the release of version 0.9.8m-beta1 of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bug fix beta release which implements draft-ietf-tls-renegotiation-03.txt to address CVE-2009-3555. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. | *) Implement draft-ietf-tls-renegotiation-03. Re-enable | renegotiation but require the extension as needed. Unfortunately, | SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a | bad idea. It has been replaced by | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with | SSL_CTX_set_options(). This is really not recommended unless you | know what you are doing. | [Eric Rescorla e...@networkresonance.com, Ben Laurie, Steve Henson] The change described above is a major API/ABI change. Now applications must handle three different cases: 1) No built-in support for preventing unsafe renegotiation; do it yourself with callbacks. 2) Built-in support controlled by SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, no #define at all for SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 3) Built-in support controlled by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, no #define for SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION I guess once again everyone gets to bump their major version numbers for the OpenSSL shared libraries for a point release (this'll be the second bump in three months for anyone who picked up 0.9.8l) and gets to write application code full of nasty #if hacks which check the OpenSSL version string. Yuck! Thor __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 0.9.8m-beta1 release
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8m-beta1 released OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8m-beta1 of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bug fix beta release which implements draft-ietf-tls-renegotiation-03.txt to address CVE-2009-3555. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We have taken the unusual step of releasing a beta from the stable branch of OpenSSL for two reasons. Firstly the renegotiation specification may change before they are finalised. Secondly a large number of changes in OpenSSL 0.9.8 have been made since the last release and a beta release should encourage testing and help resolve any issues before the final release. It is expected that this will be the only beta release of OpenSSL 0.9.8m. OpenSSL 0.9.8m-beta1 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.8m-beta1.tar.gz Size: 3767860 MD5 checksum: 6168ce47e20b216c529b14e89144413b SHA1 checksum: 7fa59c637c29e4e679c6942442ec370338a8c69f The checksums were calculated using the following commands: openssl md5 openssl-0.9.8m-beta1.tar.gz openssl sha1 openssl-0.9.8m-beta1.tar.gz Please download and test them as soon as possible. Also check the latest snapshots at ftp://ftp.openssl.org/snapshot/ or CVS (see http://www.openssl.org/source/repos.html) to avoid reporting previously fixed bugs. Reports and patches should be sent to openssl-b...@openssl.org. Discussions around the development of OpenSSL should be sent to openssl-...@openssl.org. Anything else should go to openssl-us...@openssl.org. The best way, at least on Unix, to create a report is to do the following after configuration: make report That will do a few basic checks of the compiler and bc, then build and run the tests. The result will appear on screen and in the file testlog. Please read the report before sending it to us. There may be problems that we can't solve for you, like missing programs. Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEVAwUBS1dBAqLSm3vylcdZAQJ29QgAwF7pjd+ruccAcMGsvA9frIMC9Y5lN4XB c/TruLxYG+R0OJ0I9HELqA60w7J9/nwafYdaDf/ZIeLja+BQAOTsR7ZrDdV6TcM4 NbUeS5nv0X8ttedg1SrYZXZEEAcgBeMu8B9wNfajgr923cSTxdJkDsxTsWGy0C9y HUMHYfFTC5fvnYZy2HHbXzZ1HCPRseOEkv0e+h6eSpYKf3gJXoXiCtfD+VrPM5dz SsnXqD/HDiFvDHKze7TsPC0yItr/jIOXQiO6HSJQ4c0wa6Xif1lBxqHrEMZ0+LFl 9RSJRw9Nye7SXtAHYjx9cQjBgb3Zmjxk9GHNZ9kNnKbLeuMBA9V1zA== =UdBU -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
