[openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled

done in master. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3164] [PATCH] require DH group of 1024 bits

How prophetic! We now require 768 and will do another bump to 1024 in the near future, so I'm resolving this ticket. Cheers, Emilia ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2487] Possible bug

No evidence that it's an OpenSSL bug. You can try openssl-users@ though I'm afraid there's not enough detail to resolve the problem there either. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3404] Bug report

We didn't hear back and there's not enough info to repro; closing. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2968] Possible bug report

Chain building is complicated, because the issuance graph is complicated: certs get recertified, cross-signed, etc. Different clients have different trust stores, and will build different paths. We recently improved OpenSSL chain building to try more paths: see

[openssl-dev] [openssl.org #3494] Possible sign bit bug in openssl 1.0.1i handling of 128-bit serial numbers

As Rich said, this is according to ASN.1 DER spec. Serial numbers are integral, and you need 17 bytes to represent this serial number in two's complement form. ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #3092] BUG: Verify return code: 20 (unable to get local issuer certificate) with openssl 1.0.1

Probably same as https://rt.openssl.org/Ticket/Display.html?id=2968. We improved this. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3995] [PATCH] Fix VS2008 "implicitly converted to 64 bits" build warning

fixed in master. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3936] Bug (maybe) report

OpenSSL attempts to load the master/default conf before diving into the subcommand and overriding the conf with the config in -config. It'll bail when it can't read the file, but only warn if the file does not exist. This seems wrong, and is a regression compared to 0.9.8, so I'm going to leave

[openssl-dev] [openssl.org #955] Implementation of SSL_SESSION_get_session_id

OpenSSL has SSL_SESSION_get_id since 0.9.8, so resolving this ticket just before its 11th anniversary. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2327] bug report

It's been 5 years and we never heard back with more details, so rejecting this ticket. I suppose it could be CVE-2014-3509, though I can't tell. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3727] Question about ECC Patent

We can't help you with legal matters: https://www.openssl.org/docs/faq.html#LEGAL1 Please note that this tracker is for bug reports. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev