[openssl-dev] [openssl.org #3815] Issue with X509_NAME_hash in 0.9.8zb

Hi, The return value of X509_NAME_hash() has changed from 0.9.8zb onwards. I have written a sample program to verify the value return of X509_NAME_hash(). I linked the same program with four different version of crypto library. The output is as below:

[openssl-dev] [openssl.org #3816] Call of memcmp with null pointers in obj_cmp()

The function obj_cmp() (file crypto/objects/obj_dat.c) can in some situations call memcmp() with a null pointer and a zero length. This is invalid behaviour. When compiling openssl with undefined behaviour sanitizer (add -fsanitize=undefined to compile flags) this can be seen. One example that

Re: [openssl-dev] s3_clnt.c changes regarding external pre-shared secret seem to break EAP-FAST

On Wed, Apr 1, 2015 at 10:53 PM, Brian Smith br...@briansmith.org wrote: Emilia Käsper emi...@openssl.org wrote: On Fri, Mar 27, 2015 at 10:40 PM, Brian Smith br...@briansmith.org wrote: If OpenSSL's client code were changed to always use an empty session ID when attempting resumption

Re: [openssl-dev] Fwd: OpenSSL fails to connect to Google on OS X 10.10.3 (Bug Report)

Hi Matt, Thanks for the reply on this, and for backporting the fix to 1.0.2! Having it available to 1.0.1 would be great too, but appreciate the OpenSSL team isn't huge. Is there any timetable on the 1.0.2b release? It seems pulling the following three commits into the 1.0.2a branch and

Re: [openssl-dev] Missing API features

To be honest, I'm not sure how much of this users will actually understand in practice, but that's a different problem. Agree, which is why the current method may just be good enough... ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] Fwd: OpenSSL fails to connect to Google on OS X 10.10.3 (Bug Report)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/04/15 15:43, Dominyk Tiller wrote: Hi Matt, Thanks for the reply on this, and for backporting the fix to 1.0.2! Having it available to 1.0.1 would be great too, but appreciate the OpenSSL team isn't huge. Is there any timetable on the

Re: [openssl-dev] Missing API features

On Mon, Apr 20, 2015, Richard Moore wrote: On 20 April 2015 at 21:25, Salz, Rich rs...@akamai.com wrote: What is the information you're looking for? kx=X25519 or kx=2KRSA or ... ? I picked those because sometimes there's a keysize, and other times it's implicit, for example. The

Re: [openssl-dev] Missing API features

On 21 April 2015 at 12:50, Dr. Stephen Henson st...@openssl.org wrote: I think what would be useful here would be an API that can determine appropriate characterictics of an SSL_CIPHER. For example a NID corresponding to the key exchange algorithm, signer, cipher and MAC. We have to find