On 5/13/2015 10:19 AM, Matt Caswell wrote:
>
>
> On 08/05/15 09:40, Matt Caswell wrote:
>>
>>
>> On 08/05/15 02:28, Jeffrey Altman wrote:
>>
>>> Regardless, the inability to improve the support in this area has left
>>> the those organ
the IETF Kitten WG are the appropriate
places to hold discussions. Or perhaps hold an IETF BOF first to
explore the interest. The last time I was involved the work product was
https://tools.ietf.org/html/draft-santesson-tls-gssapi-03
I still believe that is a reasonable approach.
Jeffrey Altman
choice of use
insecure protocols or re-implement the applications. I do not believe
that any sane OS or application vendor can with a straight face continue
to ship 2712 support. As such it should be removed from OpenSSL master.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signatu
hat did rely upon it.
OpenSSL does not build with this support by default and it would bad
form to remove it from an existing release series. Removal on the
current master branch should not be an issue.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
pace layout randomization (ASLR). Visual Studio
2010 is the first version of Windows development tools to turn ASLR on
by default for EXEs and DLLs. To disable, use /DYNAMICBASE:NO when
linking. (Or disable the "Randomized Base Address property in Visual
Studio.)
Jeffrey Altman
Secure Endpoints, Inc.
signature.asc
Description: OpenPGP digital signature
at nasm is no longer supported and
yet the instructions still refer to configuring and building with nasm.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
I'm
afraid I'm dreadfully ignorant of the blogosphere.
The Debian patch is the highly publicized patch that kills the PRNG
outright.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
s that
were not prevented by locks, I think you are being foolish. It is not
worth the cost of a production system going down or valuable data being
lost or corrupted.
Jeffrey Altman
Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
assed to the BN_get_flags()
macro are parameters passed into the BN_mod_inverse() and BN_div()
functions. In BN_MONT_CTX_set() those BIGNUM objects are initialized.
I do not see why this warning is being triggered.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
This paper justifies the decision not to rely on the Windows Random
Number Generator.
http://eprint.iacr.org/2007/419.pdf
Quoting:
"We analyzed the security of the algorithm and found a non-trivial
attack: given the internal state of the generator, the previous state
can be computed in O(223) wo
Shobhit Gupta wrote:
> Thanks all for responses.
>
> Andy::I will try appending your piece of code in the end of md_rand.c
>
> --
>
> >I would like to see a minidump with heap for an instance of an
> >application crashing in this c
Andy Polyakov wrote:
> Yes, of course. It's just that as you answered "yes" to question "has
> anyone else had problem" I assumed that you ran into it at some point
> too. I mean my "where was it" targeted you as potential "somebody
> else":-) A.
>
The 'yes' applies to the complaints that have been
Andy Polyakov wrote:
>> The purpose of the CreateToolhelp32Snapshot function is to permit
>> walking data structures that are constantly changing by creating a
>> read-only copy that will not change. The returned HANDLE points to a
>> unique snapshot. Walking the contents of the data structures i
Shobhit Gupta wrote:
> Hi,
>
> We were using OpenSSL in our product, but lately after testing on
> Vista, our application was was crashing (only in Vista) in
> SSL_Connect(). (It worked fine in XP)
>
> After debugging through OpenSSL we found that within RAND_poll() it
> was crashing in a win32 api
Testing from [EMAIL PROTECTED] which subscribed to the list
on 17 Sep 2006.
smime.p7s
Description: S/MIME Cryptographic Signature
I need to extend the OpenSSL ASN.1 support to include the PKINIT
SubjectAltName extension and the Kerberized Certificate Authority extension.
Is there any documentation or guidelines available to assist developers
wishing to add new extensions?
Thanks.
Jeffrey Altman
smime.p7s
Description
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
ink against GnuTLS.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
Last month, Peter Runestig <[EMAIL PROTECTED]> passed away from a heart
attack. Peter was an active participant in the openssl community. He
will be dearly missed by all that knew him.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
The following build issue exists:
cl /Fotmp32dll\c_zlib.obj -Iinc32 -Itmp32dll -DZLIB_SHARED
-DZLIB -DKRB5_MIT /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo
-DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32
-DOPENSSL_SYSNAME_WINNT -DOPENSSL_USE_APPLINK -I. /Fdout3
ong), which
I don't see the benefits of.
Cheers,
Richard
As long as OpenSSL only accepts the extended behavior as input and
never generates the extended behavior on output I do not see there
being a problem.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
part of the DLL initialization. This would solve many problems.
Jeffrey Altman
Jiang Lei wrote:
Hi,
Sorry if this message is sent twice.
I got problem running RAND_poll() in multi-threaded programs. The
function sometimes crashes at "heap_next(&hentry)":
...
if (heaplis
entries; one
for each of the UTF8 representation and the ACE representation.
Jeffrey Altman
Gisle Vanem wrote:
How is the /CN= supposed to be encoded for a host/domain-
name using international characters? In some specified charset
(utf8?) or in the ASCII Compatible Encoded form?
I ask since in an
can only be useful to applications which
statically link in all libraries. Therefore, the openssl distributions
which are shipped by Linux vendors in RPMs cannot be considered
FIPS certified. Correct?
Jeffrey Altman
Marquess, Steve Mr JMLFDC wrote:
RE: Inclusion of FIPS
Jeffrey
ing altered and not the crypto library?"
Can you provide some insight?
Thanks.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
will be the same. I know that with other packages such
as Kerberos you absolutely do not get the same result when building
under cygwin because the environment is more Unix like and therefore
different assumptions are made.
Jeffrey Altman
Steven Reddie wrote:
Jeffrey,
Are you saying that using
The libssl.a and libcrypto.a binaries are linked to cygwin1.dll. This
is not what you want.
You do not want to be using the cygwin build process but the MS Visual
Studio build environment.
Perhaps you can use the cygwin environment to kick off a normal OpenSSL
build in the background.
Jeffrey
1.dll. I may very well be wrong but I believe that they are
simply using the cygwin environment as a means to remote login via SSH
for the purpose of automating the execution of the build process on
Windows in a manner equ
cated
in TLS 1.1 is that the specification of a certificate authority should
not be
required.
TLS 1.1 has passed last call and is currently being reviewed by the
IESG.
Jeffrey Altman
Erik Tkal wrote:
Jeff,
Look in s3_srvr.c -
ssl3_send_certificate_request calls SSL_get_client_CA
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Thu, 6 May 2004 08:24:57 -0400, "Erik Tkal" <[EMAIL PROTECTED]> said:
etssl> Can anyone answer this? How do I tell if this is a known
etssl> problem with OpenSSL or if the RFC is incorrect, or if this is
etssl> just a a
Andy Polyakov wrote:
Now let's imagine we pick Microsoft compiler. I'd suggest to perform an
MT build and link it dynamically with MSVCRT.DLL. Idea is to use MSVCRT
primarily for BIO and other strictly internal purposes (keep in mind
that MSCVRT.DLL can be redistributed). At the same time I'd sani
* from its callers. All of the use of fopen()
is local to its own implementation. Threading issues if any are handled
internally by ensuring that calls are not made outside of a mutex semaphore
lock.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
Dr. Stephen Henson wrote:
That I believe is the main problem: all the runtime library dependencies which
directly or indirectly call incompatible library functions.
There was an attempt to fix this back in SSLeay where the application called
one function which passed pointers to the malloc routine
nsure that there are no such crossings then you
do not have
a dependency. However, with the BIO code I am not sure this is a
possibility.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
y the easiest to implement.
Jeffrey Altman
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Sun, 25 Jan 2004 11:02:06 -0500, Jeffrey Altman <[EMAIL PROTECTED]> said:
jaltman> I think there are two very different markets. One is the
jaltman> cygwin (unix o
Martin Germann wrote:
Jeffrey Altman wrote:
Why do you believe that stunnel represents the most widely used naming?
I just thougt that gcc represents the most widely used naming.
openssl built using Unix style tools certainly has a significant
deployed base.
There are widely deployed
. If anything
I would argue that the naming convention needs to be modified to include
the version number so as to prevent conflicts between 0.9.5, 0.9.6, 0.9.7,
and 0.9.8 all of which have incompatible ABIs.
Jeffrey Altman
Martin Germann wrote:
Hi,
I noticed an inconsistency in the windows library
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Richard Levitte - VMS Whacker via RT wrote:
In message <[EMAIL PROTECTED]> on Wed, 5 Nov 2003 08:42:39 +0100 (MET), "Jeffrey Altman via RT" <[EMAIL PROTECTED]> said:
rt>
rt> The inclusion of "e_os.h" in crypto\des\cfb_enc.c must be specified as
rt> e
The inclusion of "e_os.h" in crypto\des\cfb_enc.c must be specified as
either
#include "openssl/e_os.h"
or
#include "../e_os.h"
This is not performed in a consistent manner in OpenSSL 0.9.6.
__
OpenSSL Project
If that is the case, then THAT is the bug to be fixed.
- Jeffrey Altman
Lee Dilkie wrote:
You can always implement your own source of random data and
push it into
the OpenSSL engine. If you do that the rand_win code will not be
executed.
Jeffrey Altman
As far as I can tell from reading
d be exposed openssl library
calls that the application can pick and choose.
-lee
You can always implement your own source of random data and push it into
the OpenSSL engine. If you do that the rand_win code will not be
executed.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
hundred megs. You should be initializing the random number generator
when your application starts; not when you have to perform your first
SSL/TLS handshake.
Jeffrey Altman
[EMAIL PROTECTED] wrote:
I know this has been brought up a few times on this list - but since I
consider it a severe
--
This KB article explains why exceptions may be thrown or why the data
returned from a performance data call would be invalid:
http://support.microsoft.com/default.aspx?scid=kb;en-us;178887
We may need to wrap calls probing HKEY_PERFORMANCE_DATA in an exception
handling bl
Ingo:
In other words, this test cannot work in all cases based upon the
knowledge of the OpenSSL developers because the account under which the
program executes is determined by the local system administrator OR the
application developer.
All three of these tests would fail for my use of OpenS
crashes on some servers and not others.
There is still an issue of dependence on the COM engine. Services
employing OpenSSL must be loaded after the DCOM service has started.
Jeffrey Altman
Martin Kochanski wrote:
If we're going to try exception handling then I suppose
mine if we were running as a
service. If so, we might be able to tailor this code to behave differently.
Jeffrey Altman
Richard Levitte - VMS Whacker wrote:
cardbox> As for the Windows 2003 Server crash: I agree that disabling
cardbox> sections of code is a Bad Thing. What I've done
Ingo:
Thanks for the function. Can you provide a complete blackbox solution
that is simply
BOOL IsService(void)
Please keep in mind that within the RAND_poll() function we have no
input from the application as to the service name, logon session or
account. All of that information would n
Remove "FAR" from the two locations it is specified in the KSSL_CTX data
structure.
MIT Kerberos 1.3 no longer provides dummy definitions for "FAR" as all
support for
16-bit platforms (MS-DOS) has been removed.
Jeffrey Altman
Wayne Rasmussen via RT wrote:
config -t results
This is not a bug. You must recompile SSH if you want the header
version within the executable to change.
[EMAIL PROTECTED] via RT wrote:
Hi Folks
I have noticed that the internal version number of of opensslv.h (0x0090701fL)
and the internal version number of libcrypto.so.0.9.7 and libssl.so.
This is a different vulnerability. The one you patched two weeks ago
was caused by a failure to decrypt messages when the MAC comparison
failed. This vulnerability is a timing attack against the RSA algorithms.
The Slashdot discussion is here:
http://slashdot.org/article.pl?sid=03/03/14/0012
I will look into this in a few days. I am sorry but I do not have the
time at the moment.
- Jeff
Markus Moeller wrote:
On Wednesday 12 Mar 2003 16:48, [EMAIL PROTECTED] via RT wrote:
A further check showed it is in kssl_TKT2tkt after the kssl_build_principal_2,
because asn1ticket->en
Richard Levitte via RT wrote:
OK, does anyone know a good way to detect (in run-time!) when the program is running as a service? If there's a way, the rest should be easy.
Sorry I have been out of contact on this issue but the problems here are
not about OpenSSL being used within a service b
By any chance did you install the Visual C++ Processor Pack? It
replaces the Back End compiler (C2.DLL). Apparently, this upgrade to
support new processors is a bit buggy. If you need support for new
instruction sets upgrade to VC++ 7.0.
Michael Hunley via RT wrote:
OpenSSl v0.9.7
on Windo
Andy Polyakov via RT wrote:
cl ... -c .\crypto\asn1\n_pkey.c
.\crypto\asn1\n_pkey.c(96) : error C2370: 'NETSCAPE_ENCRYPTED_PKEY_it' :
redefinition; different storage class
.\crypto\asn1\n_pkey.c(93) : see declaration of
'NETSCAPE_ENCRYPTED_PKEY_it'
SUBMISSION TYPE: "TSU"
SUBMITTED BY: Jeffrey Altman
SUBMITTED FOR:
POINT OF CONTACT:[EMAIL PROTECTED]
PHONE and/or FAX:
MANUFACTURER: (if relevant)
PRODUCT NAME/MODEL #: openssl 0.9.7
ECCN: 5D002
NOTIFICATION: The attached patch is against the 20021220 snapshot of
comments inline:
Lutz Jaenicke wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
Server: cvs.openssl.org Name: Lutz Jaenicke
Root: /e/openssl/cvs Email: [EMAIL PROTECTED
Not entirely true. I implemented the dynamic locks on Windows in Kermit
95. I do not have any hardware to test it with though.
+ *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
+ seems that in spite of existing for more than a year, no application
+ author h
know if this is the same problem reported by Jeffrey Altman.
File crypto\rand\rand_win.c - OpenSSL 0.9.6g 9 Aug 2002
Code from the RAND_poll() function.
Line:
253/* It appears like this can cause an exception deep within ADVAPI32.DLL
254 * at random times on Windows 2000. Reported
Rich Salz wrote:
Hmm, so OpenSSL is depending on NULL being all-bytes-zero. :)
Funny about that. :-)
Probably a safe assumption, although theoretically you shouldn't do that.
It really wouldn't matter what assumption you made. At some point there
needs to be a test:
Is this structure
Please ignore my previous e-mail, the problem is located in
X509_STORE_CTX_init()
The memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)) that was commented out
needs to be restored due to the use of OPENSSL_cleanse() on that data
structure. In previous
releases this data structure would have
I'm tracking down the cause of an exception that did not occur with
Kermit 95 with previous
0.9.7 builds. In the process I noticed that in
X509_STORE_CTX_cleanup
the buffer ctx->ex_data is freed with
CRYPTO_free_ex_data
prior to it being cleansed with
OPENSSL_cleanse
I'm pretty sure
I think we need to take a very close look at the situations when it is
safe to replace memset(buf,0,sizeof(buf)) with
OPENSSL_cleanse(buf,sizeof(buf)).
It is clearly safe to make this replacement when the buffer is a stack
allocation because there can be no future use of the data can take
pl
for the
storing of CERTS/KEYS and CRLs.
Could some post a description of what is considered standard practice?
Thanks.
Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!!
The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
id=s->session->cipher_id;
else
id=s->session->cipher->id;
if (s->hit && (id != c->id))
I do wonder why the SSL_SESSION cipher_id field is not consistently
set when the cipher itself is set.
Jeffrey Altman * Volunteer D
Then the assertion should be removed because as it is now it will
always fail.
>
> Jeffrey Altman wrote:
> > The code is the same in both 0.9.6- and 0.9.7-beta4. in 0.9.7-b4
> > there is an assertion added that is being triggered because the buf
> > size is consid
Then the assertion should be removed because as it is now it will
always fail.
>
> Jeffrey Altman wrote:
> > The code is the same in both 0.9.6- and 0.9.7-beta4. in 0.9.7-b4
> > there is an assertion added that is being triggered because the buf
> > size is consid
ECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: OpenSSL and compression using ZLIB
>
> - Original Message -
> From: "Jeffrey Altman" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PRO
other bytes could not be touched in the future
though.
>
> In message <[EMAIL PROTECTED]> on Mon, 25 Nov 2002 09:32:30
>+0100 (MET), "Jeffrey Altman via RT" <[EMAIL PROTECTED]> said:
>
> rt>
> rt> What is the appropriate size for 'buf' in D
bytes could not be touched in the future
though.
>
> In message <[EMAIL PROTECTED]> on Mon, 25 Nov 2002 09:32:30
>+0100 (MET), "Jeffrey Altman via RT" <[EMAIL PROTECTED]> said:
>
> rt>
> rt> What is the appropriate size for 'buf' in D
Thanks. That is very reassuring.
>
> Jeffrey Altman via RT wrote:
> > What is the appropriate size for 'buf' in DSA_size()?
> >
> > 4 bytes is certainly not correct.
>
> Hi Jeffry,
>
> I think it's correct :-)
>
> int DSA_size(
> for more info.
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PR
What is the appropriate size for 'buf' in DSA_size()?
4 bytes is certainly not correct. My guess is that we want to support at
least 256 bits and so it needs to be at least 32 bytes. Does anyone
have a better recommendation?
Jeffrey Altman * Volunteer Developer Kermit
un time library, hence FILE* from
> > the exe cannot work inside the DLL.
> >
> >
> > Jan Kuznik
> > __
> > OpenSSL Project http://www.openssl.org
> > Development Mail
> for more info.
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PR
The following minor problems need to be corrected in 0.9.7 b4 compiled
against the MIT Kerberos distribution:
diff -cw openssl-0.9.7-beta4\ssl/kssl.h openssl-0.9.7-beta4-modified\ssl/kssl.h
*** openssl-0.9.7-beta4\ssl/kssl.h Tue Nov 12 08:23:26 2002
--- openssl-0.9.7-beta4-modified\ssl/kssl.h Tue
according to the SSL 3.0 and TLS 1.0
> > specifications. If the IBM SSL library does not tolerate the empty
> > fragments, then this is a bug that should be fixed in that library.
>
> I have passed this on to the IBM SSL developers. Thank you all for your
> responses.
h the current PATH environment
variable.
Hard Links allowing a file to have multiple directory entries are
supported in NTFS however very few shells understand how to manipulate
them.
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project @ Columbia
TED]
> http://pgina.cs.plu.edu
>
>
> __
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
J
s in ssl.h are wrong.
>
>
> >
> > There, I finally got the time to put this in. Just commited.
> > Please test the next 0.9.7 snapshot and make sure I got it all right.
> >
> > This ticket is now resolved.
> >
> > [[EMAIL PROTECTED] - Mon Sep 30 18:55:
s in ssl.h are wrong.
>
>
> >
> > There, I finally got the time to put this in. Just commited.
> > Please test the next 0.9.7 snapshot and make sure I got it all right.
> >
> > This ticket is now resolved.
> >
> > [[EMAIL PROTECTED] - Mon Sep 30 18:55:
erberos ciphersuites in
> OpenSSL do
> > not use the IDs defined in RFC2712, which obviously has negative
> effects
> > on interoperability.
>
> --
> Richard Levitte
> ______
> OpenSSL Project
erberos ciphersuites in
> OpenSSL do
> > not use the IDs defined in RFC2712, which obviously has negative
> effects
> > on interoperability.
>
> --
> Richard Levitte
> ______
> OpenSSL Project
AAAKAAIB
> DwAQMQBUAGEAYgBsAGUA
> AA4AAgEBBgAAAP8A
> AAAX6RUAAABXAG8AcgBkAEQA
> bwBjAHUAbQBlAG4AdAAA
__
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
Jeffrey Altman * Sr.Software Designer Ker
> Jeffrey Altman wrote:
> > The answer to your questions is 'yes'. As I understand it, the
> > patches were released as they are "for the time being" because it is
> > better to crash your application then allow the attacker to compromise
> > your
gt; > > bit wrong (i.e. in ssl2_generate_key_material(). this is void
> function, so
> > > i cannot indicate error).
> >
> > Thanks for the patch. For static functions, you can safely change
> > void into int so that you can indicate the errors properly.
>
gt; > > bit wrong (i.e. in ssl2_generate_key_material(). this is void
> function, so
> > > i cannot indicate error).
> >
> > Thanks for the patch. For static functions, you can safely change
> > void into int so that you can indicate the errors properly.
>
I submitted an analysis of the changes to be made shortly after the
patches were issued. I won't have time to try and work on patches
until the weekend. Perhaps someone from the OpenSSL team will beat me
to it.
>
> Thanks for the reply.
>
> Do you know when a full fix is to be expected?
>
>
with this.
>
> If it wasn't for this, I'd apply the needed changes immediately. As
> it is now, I'd like to see this issue cleared first.
>
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project @ Columbia University SSH,
> In message <[EMAIL PROTECTED]> on Tue, 30 Jul
>2002 11:31:17 EDT, Jeffrey Altman <[EMAIL PROTECTED]> said:
>
> jaltman> since they do not compile on two major platforms.
>
> On VMS, creating OpenSSL shared libraries is not the norm yet, so
> it'll
> In message <[EMAIL PROTECTED]> on Tue, 30 Jul
>2002 11:31:17 EDT, Jeffrey Altman <[EMAIL PROTECTED]> said:
>
> jaltman> since they do not compile on two major platforms.
>
> On VMS, creating OpenSSL shared libraries is not the norm yet, so
> it'll
rrors to the caller. ssl2_return_error() is always called from
locations that are already in the process of returning errors to the
caller.
server_verify() is safe to return an error value < 0
server_finish() is safe to return an error value < 0
So it seems that we should be able to
rrors to the caller. ssl2_return_error() is always called from
locations that are already in the process of returning errors to the
caller.
server_verify() is safe to return an error value < 0
server_finish() is safe to return an error value < 0
So it seems that we should be able to
checks
For example, in ssl_sess.c ssl_get_new_session() the error
SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp >
ss->session_id_length. I don't see why we need to call abort() (via
die()) if s->sid_ctx_length > sizeof ss->sid_ctx.
Jeffrey Altman * Sr.Software Desig
checks
For example, in ssl_sess.c ssl_get_new_session() the error
SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH is returned if tmp >
ss->session_id_length. I don't see why we need to call abort() (via
die()) if s->sid_ctx_length > sizeof ss->sid_ctx.
Jeffrey Altman * Sr.Software Desig
/r$
>
Or when the new OpenSSLDie() is called. That is why we want it
removed.
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
http://www.kermit-project.org/Se
> rt> Need to add it to the exports list.
>
> For anyone who has the time, the fix is to move the declaration (but
> not the macro die()) from cryptlib.h to crypto.h, then do a make
> update.
And this will auto-generate the entry for util/libeay.num ? Cool.
Jeffrey Al
Need to add it to the exports list.
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and
[EMAIL PROTECTED
1 - 100 of 310 matches
Mail list logo
