ed.
> E.g. 1.0.0->1.1.0
btw, are there any plans to use symbol versioning on systems that
support it?
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
S and
many applications set SSL_OP_ALL. So I guess in practice the workaround
is not widely used.
Does anyone know if there are still 'some broken SSL/TLS
implementations' out there that choke if SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is
not set?
cu
Ludwig
--
(o_ Ludwig Nusse
Thor Lancelot Simon wrote:
> On Thu, Jun 09, 2011 at 05:08:30PM +0200, Ludwig Nussel wrote:
> > Thor Lancelot Simon wrote:
> > >
> > > Again, I think this should be configured via an option on the SSL_CTX.
> >
> > There is no way to set the default con
t; What do you think about this?
>
> Again, I think this should be configured via an option on the SSL_CTX.
There is no way to set the default context options via config file
though, right? So every application would need to be patched.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
---
apps/s_client.c | 17 -
1 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 484d009..3f57a5d 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -904,12 +904,19 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
Ludwig Nussel wrote:
> if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
> (!SSL_CTX_set_default_verify_paths(ctx)))
> {
> /* BIO_printf(bio_err,"error setting default verify locations\n"); */
> ERR_print_errors(bio_
called if SSL_CTX_load_verify_locations()
succeeds which doesn't make much sense.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
__