[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-03-24 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #9 from michael.lit...@nuix.com --- I was able to download tcnative-1.dll version 1.1.33 from http://apache.spinellicreations.com/tomcat/tomcat-connectors/native/1.1.33/ Thanks very much. -- You are receiving this mail because:

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-03-20 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57465 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-03-20 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #7 from michael.lit...@nuix.com --- I took a look at the steps for building tcnative-1.dll, at http://wiki.apache.org/tomcat/BuildTcNativeWin, and found them to be beyond my skill level. I've asked the vendor of the application I

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-27 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 Brett Randall javabr...@gmail.com changed: What|Removed |Added CC|

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #2 from brian.m.pick...@gmail.com --- Unless I'm somehow mistaken I believe the following CVEs apply to openssl 1.0.1j and I believe tcnative 1.1.31 is built with 1.0.1j. CVE-2014-3569: 21st October 2014 CVE-2014-8275: 5th

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #5 from brian.m.pick...@gmail.com --- (In reply to Mark Thomas from comment #4) Again, which of those do you think apply to tc-native? Just because OpenSSL has a vulnerability that does not mean that tc-native automatically

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 Mark Thomas ma...@apache.org changed: What|Removed |Added OS||All --- Comment #1

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #3 from brian.m.pick...@gmail.com --- (In reply to brian.m.pickens from comment #2) Unless I'm somehow mistaken I believe the following CVEs apply to openssl 1.0.1j and I believe tcnative 1.1.31 is built with 1.0.1j.

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #4 from Mark Thomas ma...@apache.org --- Again, which of those do you think apply to tc-native? Just because OpenSSL has a vulnerability that does not mean that tc-native automatically has the vulnerability. -- You are

[Bug 57465] Build TC Native with with latest OpenSSL to address CVEs

2015-01-19 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=57465 --- Comment #6 from Mark Thomas ma...@apache.org --- DTLS is not supported by tc-native. Neither was the no-ssl3 buidl option used to produce the Windows binaries. The client issues are also clearly not relevant. That leaves three