Duplicate of #2206 ?
On 05/09/14 08:35, Mehner, Carl via RT wrote:
OCSP response handling in /apps/ocsp.c
--
2014-06-25
The OCSP Documentation States
https://www.openssl.org/docs/apps/ocsp.html
Otherwise the OCSP responder certificate's CA is checked against the issuing CA
certificate
This can presumably be resolved as fixed, given the commit on #2626 just
now.
On 29/09/10 20:54, Rob Stradling via RT wrote:
NIST (SP800-57 Part 1) recommends a minimum RSA key size of 2048-bits beyond
2010. From January 1st 2011, in order to comply with the current Microsoft[1]
and
Please, see my pull request on GitHub:
https://github.com/openssl/openssl/pull/170
Description from the pull request:
This commit has security implications for simple clients that use
openssl s_client. To demostrate the issue described in the commit
message do:
openssl s_client -connect
Correctly handle '-arch' and '-isysroot' GCC/clang/LLVM
options when compiling for Mac OS X or iOS using targets such as
BSD-generic32 in which the external environment passes in the processor
architecture and toolchain root.
---
openssl/Configure | 12 +++-
1 file changed, 11
Correctly handle '--sysroot' GCC toolchain option when compiling for the
Android NDK using targets such as linux-generic32 in which the external
environment passes in the toolchain root.
---
openssl/Configure | 4
1 file changed, 4 insertions(+)
diff --git a/openssl/Configure
In exceedingly minimal libcrypto-only configurations of OpenSSL such as:
no-lock no-threads no-shared no-zlib no-idea no-camellia no-seed no-bf
no-cast no-des no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-ripemd no-mdc2
no-rsa no-dsa no-dh no-whirlpool no-cms no-dgram no-sock no-ssl2
doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140909$ make test
testing...
(cd ..; make DIRS=crypto all)
making all in crypto...
ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o
cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o
fips_ers.o
On Mon, Sep 08, 2014 at 11:41:42PM -0600, The Doctor wrote:
ls: error initializing month strings
The literal string month does not appear in OpenSSL 1.0.2 source
code. You're probably compiling in a locale not supported by your
system. ls -l is unable to format the date.
--
Viktor.
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps to be part
of post-1.0.2
commit 90899ae82e14ecbfbeac6fc47757470f9a0a9b80
Author: Rich Salz rs...@akamai.com
Date: Tue Sep 9 10:22:01 2014 -0400
RT2642: Allow EHLO hostname to be specified.
Add -smtphost flag, to specify the
This is a duplicate of RT2936, fixed in
https://github.com/akamai/openssl/tree/rsalz-monolith which will be part of
post-1.0.2
commit 3938694b2a770efad980c947b68981b110e784d6
Author: Rich Salz rs...@akamai.com
Date: Fri Aug 15 14:27:04 2014 -0400
PR 2936, etc: Consistently use default cert dir
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps for
inclusion after 1.0.2
(The RAND_xxx issue was already fixed)
commit 16365c8dc390e1cb29a4f64c9b3450d89532a960
Author: Dmitry Belyavsky beld...@gmail.com
Date: Tue Sep 9 12:09:32 2014 -0400
RT2932: Catch write errors
Don't
the link's good now.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated
SLS_library_init only loads the algorithms needed by SSL/TLS ciphersuites.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Not enough information to reproduce the problem.
Most likely application bug that is romping on memory.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Right, 1.0.1d had an error in the fix. Update the advisory to point to 1.0.1e
or later.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development
From an internal review of the patch:
Contexts are meant to be reused and (for example) reusing the same context and
digest avoids having to reallocate a buffer for the internal context structure.
I think this might actually be a problem in the ENGINE not handling reuse
properly, or the EVP API
OPENSSL_config is a very simple-minded API.
If the config file is on a drive that isn't available, and since the API exits
on error, it's working as designed. Closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
Fixed in master and 1.0.2
OpenSSL_1_0_2-stable 283a8fd RT3506: typo's in ssltest
HEAD 4eadd11 RT3506: typo's in ssltest
Author: Kurt Cancemi k...@x64architecture.com
Date: Tue Sep 9 13:48:00 2014 -0400
RT3506: typo's in ssltest
Reviewed-by: Dr. Stephen Henson st...@openssl.org
--
Rich Salz,
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps to be
intergrated after 1.0.2
commit 07cae301ea569173e18ae585caa1457660baf024
Author: John Gardiner Myers jgmy...@proofpoint.com
Date: Tue Sep 9 14:12:42 2014 -0400
RT1766: s_client -reconnect and -starttls broke
Using both
timer-limiting for windows heap-walking, etc., seems to have been implemented
some time ago.
Closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
This incompatible change was made five years ago; nothing to do now.
Closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing
Indeed,
Improved version of the patch are in:
[openssl.org #2937] Handshake performance degradation in 1.0.1 and up.
On 9 September 2014 21:16, Rich Salz via RT r...@openssl.org wrote:
From an internal review of the patch:
Contexts are meant to be reused and (for example) reusing the same
Indeed,
Improved version of the patch are in:
[openssl.org #2937] Handshake performance degradation in 1.0.1 and up.
On 9 September 2014 21:16, Rich Salz via RT r...@openssl.org wrote:
From an internal review of the patch:
Contexts are meant to be reused and (for example) reusing the same
On 08/22/2014 12:26 PM, Salz, Rich wrote:
It'd be good to fix this.
Behold a patch that seems to fix it:
https://www.av8n.com/openssl/bypass-bugfix.diff
The code seems pretty straightforward to me, but on the
other hand, I have very little experience coding in the
openssl environment, so I
OpenSSL_1_0_2-stable 8c0d19d RT1909: Omit version for v1 certificates
HEAD 1f18f50 RT1909: Omit version for v1 certificates
Author: Geoff Keating geo...@apple.com
Date: Tue Sep 9 14:28:54 2014 -0400
RT1909: Omit version for v1 certificates
When calling X509_set_version to set v1 certificate,
Closing this in favor of 2937
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Not enough information to reproduce the defect, closing the ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This can't happen. It's an internal function and never gets NULL
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Local config error.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
The analysis seems wrong, getting confused by the union.
closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
sorry, you can't use stdin twice. we have no control over system buffering,
among other things.
closing file.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Local error.
Other tickets are tracking makefile changes, so closing this one.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
fixed earlier on https://github.com/akamai/openssl/tree/rsalz-monolith
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Partial writes don't work for UDP.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
OpenSSL_1_0_2-stable e61c648 RT3271: Don't use if ! in shell lines
HEAD b999f66 RT3271: Don't use if ! in shell lines
Merge: 843921f b999f66
Author: Rich Salz rs...@openssl.org
Date: Tue Sep 9 17:06:40 2014 -0400
Merge branch 'master' of git.openssl.org:openssl
Previous commit was reviewed by
OpenSSL_1_0_2-stable f33ce36 RT3192: spurious error in DSA verify
HEAD eb63bce RT3192: spurious error in DSA verify
Author: Matt Caswell m...@openssl.org
Date: Tue Sep 9 16:50:06 2014 -0400
RT3192: spurious error in DSA verify
This is funny; Ben commented in the source, Matt opend a ticket,
and
The perl issues aren't reproducible; maybe fixed now if there was a problem.
Make issues are being tracked in (several) other tickets.
The README/rt issue is fixed:
OpenSSL_1_0_2-stable 3aa2d2d RT2196: Clear up some README wording
HEAD 468ab1c RT2196: Clear up some README wording
Author: Rich
On Tue, 9 Sep 2014, Rich Salz via RT wrote:
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps for
integration after 1.0.2
commit f4f79df1a2e1d295e93afe68691499ec034b76ad
Author: Richard Silverman r...@qoxp.net
Date: Tue Sep 9 12:37:27 2014 -0400
RT2962: add -keytab and
38 matches
Mail list logo