[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-03-24 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #9 from michael.lit...@nuix.com --- I was able to download tcnative-1.dll version 1.1.33 from http://apache.spinellicreations.com/tomcat/tomcat-connectors/native/1.1.33/ Thanks very much. -- You are receiving this mail because: Yo

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-03-20 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57465 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-03-20 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #7 from michael.lit...@nuix.com --- I took a look at the steps for building tcnative-1.dll, at http://wiki.apache.org/tomcat/BuildTcNativeWin, and found them to be beyond my skill level. I've asked the vendor of the application I us

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-27 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 Brett Randall changed: What|Removed |Added CC||javabr...@gmail.com -- You are re

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #6 from Mark Thomas --- DTLS is not supported by tc-native. Neither was the no-ssl3 buidl option used to produce the Windows binaries. The client issues are also clearly not relevant. That leaves three issues, all of which ap

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #5 from brian.m.pick...@gmail.com --- (In reply to Mark Thomas from comment #4) > Again, which of those do you think apply to tc-native? Just because OpenSSL > has a vulnerability that does not mean that tc-native automatically h

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #4 from Mark Thomas --- Again, which of those do you think apply to tc-native? Just because OpenSSL has a vulnerability that does not mean that tc-native automatically has the vulnerability. -- You are receiving this mail beca

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #3 from brian.m.pick...@gmail.com --- (In reply to brian.m.pickens from comment #2) > Unless I'm somehow mistaken I believe the following CVEs apply to openssl > 1.0.1j and I believe tcnative 1.1.31 is built with 1.0.1j. > > CVE

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #2 from brian.m.pick...@gmail.com --- Unless I'm somehow mistaken I believe the following CVEs apply to openssl 1.0.1j and I believe tcnative 1.1.31 is built with 1.0.1j. CVE-2014-3569: 21st October 2014 CVE-2014-8275: 5th Janua

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 Mark Thomas changed: What|Removed |Added OS||All --- Comment #1 from Mark Thomas