I agree with everything Viktor said. In particular that you should
continue to use SSLv23_method. Some additional comments below:
On 28/09/15 16:31, Tiantian Liu via RT wrote:
> sslerror = SSL_get_error(ssl, res);
> if (sslerror == SSL_ERROR_WANT_READ)
On Mon, Sep 28, 2015 at 08:49:12pm +0200, Andy Polyakov wrote:
> > FWIW, Travis CI allows you to define specific builds to be "non-fatal". The
> > failures would still be listed but they wouldn't affect the general state.
> > See
> > for example:
On 29/09/15 14:56, Tiantian Liu via RT wrote:
> Hi Matt & Vi
>
> I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1.
> I only enabled the TLSv1.2 by SSL_CTX_set_option().
> You can see my previous code:
>
> /*setup up by SSLv23_method*/
> meth = SSLv23_method();
>
Hi Matt & Vi
I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. I
only enabled the TLSv1.2 by SSL_CTX_set_option().
You can see my previous code:
/*setup up by SSLv23_method*/
meth = SSLv23_method();
ctx = SSL_CTX_new(meth);
/*Only allow
On Saturday 26 September 2015 01:02:15 Viktor Dukhovni wrote:
> On Sat, Sep 26, 2015 at 12:17:20AM +, Salz, Rich wrote:
> > > On the other side of the coin handling very large ClientHello's is
> > > not without cost and risk.
> >
> > As long as it's a #define that can be changed in ssl.h (or
On Friday 25 September 2015 19:19:12 Kurt Roeckx via RT wrote:
> On Fri, Sep 25, 2015 at 04:23:27PM +, Hubert Kario via RT wrote:
> > Given that TLSv1.3 has a 1RTT mode planned (so Client Key Exchange
> > ends up as an extension, possibly multiple ones), and that quantum
> > computing
Just FYI, I updated the GitHub pull request [0] with the following:
- Merged patches into a single commit. This just makes more sense, and it's not
much more complicated to review.
- Added HKDF_Extract() function to the interface. This is basically equivalent
to calling HMAC(), but the TLS
On 29/09/15 15:45, Tiantian Liu via RT wrote:
> Hi Matt,
> Thanks for prompt response!
> While I confirm with you that my application crashed INSIDE the SSL_connect()
> function.
Your previous email indicated it was not crashing with SSLv23_method():
"While the above code didn't work. I
Hi Matt,
Thanks for prompt response!
While I confirm with you that my application crashed INSIDE the SSL_connect()
function.
So SSL_connect has no chance to return the 'res' value to me for analysis.
Because I inserted a debug message before and after SSL_connect(). You can see
it in the
Thanks Hubert, fixed in 1.0.1
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
We fixed this in a slightly different way. We made BIO_new_file and BIO_s_file
return an alternate implementation that returns run-time failures. Almost all
of the OpenSSL code uses the BIO object, so we didn't have to remove that. We
did #ifdef out any routine that had a "FILE*" param or local
On Sun Sep 27 05:11:00 2015, cber...@us.ibm.com wrote:
> How exactly do I apply this patch? The diffs.applink file should be
> input into
> what program? I tried the following which did not work:
>
The patch should be applied to OpenSSL 1.0.2d. Alternatively download the next
1.0.2 snapshot.
I downloaded the OpenSSL-1.0.1p.
I configured it as :
[root@lin5ent openssl-1.0.1p]# ./config -d --prefix=/usr/ shared threads
/
**The configuration result as
Operating system:
13 matches
Mail list logo