Re: [openssl-dev] [openssl.org #4083] possible fix to make test failure with openssl-1.0.2d on MinGW...

2015-10-12 Thread Support
Hi Christian, A similar patch was already applied to the master branch - see https://rt.openssl.org/Ticket/Display.html?id=3346 and commit 028bac0670c167f154438742eb4d0fbed73df209 You could cherry-pick the commit and apply it to the 1.0.2 branch. Cheers, Peter Mosmans On 12-10-2015 12:03,

Re: [openssl-dev] [openssl.org #4083] possible fix to make test failure with openssl-1.0.2d on MinGW...

2015-10-12 Thread Support via RT
Hi Christian, A similar patch was already applied to the master branch - see https://rt.openssl.org/Ticket/Display.html?id=3346 and commit 028bac0670c167f154438742eb4d0fbed73df209 You could cherry-pick the commit and apply it to the 1.0.2 branch. Cheers, Peter Mosmans On 12-10-2015 12:03,

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

2015-10-12 Thread Dmitry Belyavsky via RT
Hello Matt, On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT wrote: > On Tue Oct 06 20:08:12 2015, beld...@gmail.com wrote: > > Hello! > > > > I get a segfault when executing the command > > > > openssl dgst -engine gost -md_gost94 -mac hmac -macop > >

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

2015-10-12 Thread Dmitry Belyavsky
Hello Matt, On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT wrote: > On Tue Oct 06 20:08:12 2015, beld...@gmail.com wrote: > > Hello! > > > > I get a segfault when executing the command > > > > openssl dgst -engine gost -md_gost94 -mac hmac -macop > >

[openssl-dev] [openssl.org #4073] Segfault in engine processing

2015-10-12 Thread Matt Caswell via RT
On Tue Oct 06 20:08:12 2015, beld...@gmail.com wrote: > Hello! > > I get a segfault when executing the command > > openssl dgst -engine gost -md_gost94 -mac hmac -macop > key:123456901234567890123456789012 > I assume this is on master? I can't reproduce this. Are you using your new GOST engine or

Re: [openssl-dev] ovsdb-client connected error when i update the ovsdb-server ca_cert.pem file

2015-10-12 Thread Liuyongqiang (A)
Does anybody know why ovsdb-server only use the openssl api SSL_CTX_add_client_CA to add certificate, but have no delete api to delete certificate. I found that if I update ca_crt.pem many times(SSL_CTX_add_client_CA add 649 certificates), the error of ovsdb-client connecting ovsdb-server

Re: [openssl-dev] [openssl.org #4083] possible fix to make test failure with openssl-1.0.2d on MinGW...

2015-10-12 Thread christian fafard via RT
Hi Peter, You are completely right! Windows carriage return is the real problem. I should have done better testing before posting a ticket. I'll use your patch until it get commited to the 1.0.2 branch. Thank you Christian > Subject: Re: [openssl-dev] [openssl.org #4083] possible fix to

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Matt Caswell via RT
On 12/10/15 16:03, Alessandro Ghedini via RT wrote: > On Mon, Oct 12, 2015 at 01:45:20PM +, Hubert Kario via RT wrote: >> On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote: >>> On 09/10/15 19:02, Hubert Kario via RT wrote: And for good measure, I also created a test script

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Matt Caswell via RT
On 12/10/15 16:39, Matt Caswell via RT wrote: > > > On 12/10/15 16:03, Alessandro Ghedini via RT wrote: >> On Mon, Oct 12, 2015 at 01:45:20PM +, Hubert Kario via RT wrote: >>> On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote: On 09/10/15 19:02, Hubert Kario via RT wrote:

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Salz, Rich via RT
> AFAICT if SSL_read returns between the first handshake and the second, you > don't get the problem. I think it should not matter when or what SSL_read returns. That should only be returning application-level data to the caller. All state manipulations, etc., should be done underneath and

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Salz, Rich
> AFAICT if SSL_read returns between the first handshake and the second, you > don't get the problem. I think it should not matter when or what SSL_read returns. That should only be returning application-level data to the caller. All state manipulations, etc., should be done underneath and

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Hubert Kario via RT
On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote: > On 09/10/15 19:02, Hubert Kario via RT wrote: > > And for good measure, I also created a test script that > > combines fragmentation with interleaving. > > Did you try my patch with it? And if so what happened? I'm using

[openssl-dev] [openssl.org #4072] dgst command incompatibility between 1.0.2 and 1.1.0

2015-10-12 Thread Matt Caswell via RT
On Tue Oct 06 19:53:30 2015, beld...@gmail.com wrote: > Hello! > > I've found a difference in behaviour between openssl cmdline 1.0.2 and > 1.1.0 versions. > The -macopt cmdline option is not recognized, openssl dgst expects -macop > instead. > Fixed. Thanks. Matt

[openssl-dev] [openssl.org #4089] NULL ciphersuites do not work in master

2015-10-12 Thread Matt Caswell via RT
Closing ticket. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4090] [PATCH] Assorted fixes

2015-10-12 Thread Alessandro Ghedini via RT
Hello, I've prepared a few patches to fix several minor-ish issues (I though it didn't make much sense to submit them one by one). See GitHub pull request at: https://github.com/openssl/openssl/pull/436 The patches are: - Do not treat 0 return value from BIO_get_fd() as error (fixes RT#4068) -

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Nikos Mavrogiannopoulos
On Mon, 2015-09-28 at 11:35 +, Albe Laurenz via RT wrote: > The RFC writes: > >Note: If a rehandshake occurs while data is flowing on a > connection, >the communicating parties may continue to send data using the old >CipherSpec. However, once the ChangeCipherSpec has been sent,

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Nikos Mavrogiannopoulos via RT
On Mon, 2015-09-28 at 11:35 +, Albe Laurenz via RT wrote: > The RFC writes: > >Note: If a rehandshake occurs while data is flowing on a > connection, >the communicating parties may continue to send data using the old >CipherSpec. However, once the ChangeCipherSpec has been sent,

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Alessandro Ghedini via RT
On Mon, Oct 12, 2015 at 01:45:20PM +, Hubert Kario via RT wrote: > On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote: > > On 09/10/15 19:02, Hubert Kario via RT wrote: > > > And for good measure, I also created a test script that > > > combines fragmentation with interleaving. > >

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

2015-10-12 Thread Dmitry Belyavsky
Hello! Thank you, I can't reproduce it either. Please close the ticket. Sorry for disturbing. On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT wrote: > Hello Matt, > > On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT > wrote: > > > On Tue Oct

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

2015-10-12 Thread Dmitry Belyavsky via RT
Hello! Thank you, I can't reproduce it either. Please close the ticket. Sorry for disturbing. On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT wrote: > Hello Matt, > > On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT > wrote: > > > On Tue Oct

Re: [openssl-dev] who wants to fix travis builds?

2015-10-12 Thread Alessandro Ghedini
On Tue, Oct 06, 2015 at 07:41:13pm +, Salz, Rich wrote: > > I've opened the following PR to add support for GCC v5 and address sanitizer > > (not sure if we want valgrind as well...): > > https://github.com/openssl/openssl/pull/429 > > I've started the internal review. Asan is awesome.

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

2015-10-12 Thread Andrey Kulikov via RT
On 12 October 2015 at 12:08, Matt Caswell via RT wrote: > Are you using your new GOST > engine or the one currently in master? > Sorry to come in in the middle, but where to get that new GOST engine, that is not on master now? Is it on some other branch?

Re: [openssl-dev] [openssl.org #4073] Segfault in engine processing

2015-10-12 Thread Andrey Kulikov
On 12 October 2015 at 12:08, Matt Caswell via RT wrote: > Are you using your new GOST > engine or the one currently in master? > Sorry to come in in the middle, but where to get that new GOST engine, that is not on master now? Is it on some other branch?

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Kurt Roeckx via RT
On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote: > > Having done some more digging it seems the problem only occurs if you > get the initial handshake, following by a second reneg handshake *and* > interleaved app data all within the scope of a *single* SSL_read call. > AFAICT

[openssl-dev] [openssl.org #2923] X509_cmp() introduces unnecessary dependency on SHA1

2015-10-12 Thread Emilia Käsper via RT
Thanks for the report. This has now been addressed in 1.0.1+, see commit bfc19297cddd5bc2192c02c7f8896d804b0456cb. Cheers, Emilia ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Matt Caswell via RT
On 12/10/15 19:11, Kurt Roeckx via RT wrote: > On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote: >> >> Having done some more digging it seems the problem only occurs if you >> get the initial handshake, following by a second reneg handshake *and* >> interleaved app data all

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Matt Caswell via RT
On 12/10/15 20:40, Kurt Roeckx via RT wrote: > On Mon, Oct 12, 2015 at 06:54:46PM +, Matt Caswell via RT wrote: >> >> >> On 12/10/15 19:11, Kurt Roeckx via RT wrote: >>> On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote: Having done some more digging it seems the

Re: [openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

2015-10-12 Thread Kurt Roeckx via RT
On Mon, Oct 12, 2015 at 06:54:46PM +, Matt Caswell via RT wrote: > > > On 12/10/15 19:11, Kurt Roeckx via RT wrote: > > On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote: > >> > >> Having done some more digging it seems the problem only occurs if you > >> get the initial

[openssl-dev] [openssl.org #4091] Openssl make depends gives errors when no-md5 is specified

2015-10-12 Thread Ethan Barnes via RT
Hi, I'm trying to compile with as few options as I can since I only need AEAD and thought I would use SHA256 or SHA512 and AES. However, when I try to disable certain cryptos and hashes I get errors: ./config no-ssl no-md5 no-rsa make depends gives: ... eth.c cm_pmeth.c make[2]: Leaving

[openssl-dev] [openssl.org #4059] Error processing set_serial parameter of the req command

2015-10-12 Thread Matt Caswell via RT
Fixed, thanks for the report. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4085] Bug in genpkey in master

2015-10-12 Thread Matt Caswell via RT
Fixed. Thanks Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4086] s_server bug in master

2015-10-12 Thread Matt Caswell via RT
Fixed. Thanks Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4091] Openssl make depends gives errors when no-md5 is specified

2015-10-12 Thread Salz, Rich via RT
Yes, the various no-options don't work well. Not a high priority for 1.0.2 unless patches are provided. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev