Hi Christian,
A similar patch was already applied to the master branch - see
https://rt.openssl.org/Ticket/Display.html?id=3346 and commit
028bac0670c167f154438742eb4d0fbed73df209
You could cherry-pick the commit and apply it to the 1.0.2 branch.
Cheers,
Peter Mosmans
On 12-10-2015 12:03,
Hi Christian,
A similar patch was already applied to the master branch - see
https://rt.openssl.org/Ticket/Display.html?id=3346 and commit
028bac0670c167f154438742eb4d0fbed73df209
You could cherry-pick the commit and apply it to the 1.0.2 branch.
Cheers,
Peter Mosmans
On 12-10-2015 12:03,
Hello Matt,
On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT
wrote:
> On Tue Oct 06 20:08:12 2015, beld...@gmail.com wrote:
> > Hello!
> >
> > I get a segfault when executing the command
> >
> > openssl dgst -engine gost -md_gost94 -mac hmac -macop
> >
Hello Matt,
On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT
wrote:
> On Tue Oct 06 20:08:12 2015, beld...@gmail.com wrote:
> > Hello!
> >
> > I get a segfault when executing the command
> >
> > openssl dgst -engine gost -md_gost94 -mac hmac -macop
> >
On Tue Oct 06 20:08:12 2015, beld...@gmail.com wrote:
> Hello!
>
> I get a segfault when executing the command
>
> openssl dgst -engine gost -md_gost94 -mac hmac -macop
> key:123456901234567890123456789012
>
I assume this is on master? I can't reproduce this. Are you using your new GOST
engine or
Does anybody know why ovsdb-server only use the openssl api
SSL_CTX_add_client_CA to add certificate, but have no delete api to delete
certificate.
I found that if I update ca_crt.pem many times(SSL_CTX_add_client_CA add 649
certificates), the error of ovsdb-client connecting ovsdb-server
Hi Peter,
You are completely right! Windows carriage return is the real problem.
I should have done better testing before posting a ticket.
I'll use your patch until it get commited to the 1.0.2 branch.
Thank you
Christian
> Subject: Re: [openssl-dev] [openssl.org #4083] possible fix to
On 12/10/15 16:03, Alessandro Ghedini via RT wrote:
> On Mon, Oct 12, 2015 at 01:45:20PM +, Hubert Kario via RT wrote:
>> On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote:
>>> On 09/10/15 19:02, Hubert Kario via RT wrote:
And for good measure, I also created a test script
On 12/10/15 16:39, Matt Caswell via RT wrote:
>
>
> On 12/10/15 16:03, Alessandro Ghedini via RT wrote:
>> On Mon, Oct 12, 2015 at 01:45:20PM +, Hubert Kario via RT wrote:
>>> On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote:
On 09/10/15 19:02, Hubert Kario via RT wrote:
> AFAICT if SSL_read returns between the first handshake and the second, you
> don't get the problem.
I think it should not matter when or what SSL_read returns. That should only
be returning application-level data to the caller. All state manipulations,
etc., should be done underneath and
> AFAICT if SSL_read returns between the first handshake and the second, you
> don't get the problem.
I think it should not matter when or what SSL_read returns. That should only
be returning application-level data to the caller. All state manipulations,
etc., should be done underneath and
On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote:
> On 09/10/15 19:02, Hubert Kario via RT wrote:
> > And for good measure, I also created a test script that
> > combines fragmentation with interleaving.
>
> Did you try my patch with it? And if so what happened?
I'm using
On Tue Oct 06 19:53:30 2015, beld...@gmail.com wrote:
> Hello!
>
> I've found a difference in behaviour between openssl cmdline 1.0.2 and
> 1.1.0 versions.
> The -macopt cmdline option is not recognized, openssl dgst expects -macop
> instead.
>
Fixed. Thanks.
Matt
Closing ticket.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hello,
I've prepared a few patches to fix several minor-ish issues (I though it didn't
make much sense to submit them one by one). See GitHub pull request at:
https://github.com/openssl/openssl/pull/436
The patches are:
- Do not treat 0 return value from BIO_get_fd() as error (fixes RT#4068)
-
On Mon, 2015-09-28 at 11:35 +, Albe Laurenz via RT wrote:
> The RFC writes:
>
>Note: If a rehandshake occurs while data is flowing on a
> connection,
>the communicating parties may continue to send data using the old
>CipherSpec. However, once the ChangeCipherSpec has been sent,
On Mon, 2015-09-28 at 11:35 +, Albe Laurenz via RT wrote:
> The RFC writes:
>
>Note: If a rehandshake occurs while data is flowing on a
> connection,
>the communicating parties may continue to send data using the old
>CipherSpec. However, once the ChangeCipherSpec has been sent,
On Mon, Oct 12, 2015 at 01:45:20PM +, Hubert Kario via RT wrote:
> On Friday 09 October 2015 18:05:19 Matt Caswell via RT wrote:
> > On 09/10/15 19:02, Hubert Kario via RT wrote:
> > > And for good measure, I also created a test script that
> > > combines fragmentation with interleaving.
> >
Hello!
Thank you, I can't reproduce it either. Please close the ticket.
Sorry for disturbing.
On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT
wrote:
> Hello Matt,
>
> On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT
> wrote:
>
> > On Tue Oct
Hello!
Thank you, I can't reproduce it either. Please close the ticket.
Sorry for disturbing.
On Mon, Oct 12, 2015 at 12:39 PM, Dmitry Belyavsky via RT
wrote:
> Hello Matt,
>
> On Mon, Oct 12, 2015 at 12:08 PM, Matt Caswell via RT
> wrote:
>
> > On Tue Oct
On Tue, Oct 06, 2015 at 07:41:13pm +, Salz, Rich wrote:
> > I've opened the following PR to add support for GCC v5 and address sanitizer
> > (not sure if we want valgrind as well...):
> > https://github.com/openssl/openssl/pull/429
>
> I've started the internal review. Asan is awesome.
On 12 October 2015 at 12:08, Matt Caswell via RT wrote:
> Are you using your new GOST
> engine or the one currently in master?
>
Sorry to come in in the middle, but where to get that new GOST engine, that
is not on master now?
Is it on some other branch?
On 12 October 2015 at 12:08, Matt Caswell via RT wrote:
> Are you using your new GOST
> engine or the one currently in master?
>
Sorry to come in in the middle, but where to get that new GOST engine, that
is not on master now?
Is it on some other branch?
On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote:
>
> Having done some more digging it seems the problem only occurs if you
> get the initial handshake, following by a second reneg handshake *and*
> interleaved app data all within the scope of a *single* SSL_read call.
> AFAICT
Thanks for the report. This has now been addressed in 1.0.1+, see commit
bfc19297cddd5bc2192c02c7f8896d804b0456cb.
Cheers,
Emilia
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 12/10/15 19:11, Kurt Roeckx via RT wrote:
> On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote:
>>
>> Having done some more digging it seems the problem only occurs if you
>> get the initial handshake, following by a second reneg handshake *and*
>> interleaved app data all
On 12/10/15 20:40, Kurt Roeckx via RT wrote:
> On Mon, Oct 12, 2015 at 06:54:46PM +, Matt Caswell via RT wrote:
>>
>>
>> On 12/10/15 19:11, Kurt Roeckx via RT wrote:
>>> On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote:
Having done some more digging it seems the
On Mon, Oct 12, 2015 at 06:54:46PM +, Matt Caswell via RT wrote:
>
>
> On 12/10/15 19:11, Kurt Roeckx via RT wrote:
> > On Mon, Oct 12, 2015 at 04:19:43PM +, Matt Caswell via RT wrote:
> >>
> >> Having done some more digging it seems the problem only occurs if you
> >> get the initial
Hi,
I'm trying to compile with as few options as I can since I only need AEAD and
thought I would use SHA256 or SHA512 and AES.
However, when I try to disable certain cryptos and hashes I get errors:
./config no-ssl no-md5 no-rsa
make depends
gives:
...
eth.c cm_pmeth.c
make[2]: Leaving
Fixed, thanks for the report.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Fixed.
Thanks
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Fixed.
Thanks
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Yes, the various no-options don't work well. Not a high priority for 1.0.2
unless patches are provided.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
33 matches
Mail list logo