ar.gz
Yours,
The OpenSSL Project Team...
Mark J. Cox Ben Laurie Andy Polyakov
Ralf S. Engelschall Richard Levitte Geoff Thorpe
Dr. Stephen Henson Bodo Möller
Lutz JänickeUlf Möller
-BEGIN PGP SIGNATURE-
Version: G
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [30 September 2003]
Vulnerabilities in ASN.1 parsing
NISCC (www.niscc.gov.uk) prepared a test suite to check the operation
of SSL/TLS software when presented with a wide range of malformed client
certif
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [4 November 2003]
Denial of Service in ASN.1 parsing
==
Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to
address various ASN.1 issues. The issues were found using a test
suite from NI
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [17 March 2004]
Updated versions of OpenSSL are now available which correct two
security issues:
1. Null-pointer assignment during SSL handshake
===
Testing performed by the OpenSSL group
following command:
openssl md5 < openssl-0.9.7e.tar.gz
Yours,
The OpenSSL Project Team...
Mark J. Cox Ben Laurie Andy Polyakov
Ralf S. Engelschall Richard Levitte Geoff Thorpe
Dr. Stephen Henson Bodo Möller
Lutz Jänicke
> Ok, after I've not established the project environment for us, I've now spent
> two days in front of Photoshop and WML and created the (hopefully) final
In general the new design is really neat; a few minor niggles however:
The second layer of menus are not obvious; when you select about you g
I've found some fun bug in OpenSSL that I'll work through later. This only
seems to be happening in SSLeay 0.9.1b and anything onwards although I've
not yet tried earlier versions yet apart from 0.8.0d (which works).
./openssl s_client -connect www.ukweb.com:443 -CAfile cacert.pem
15929:error:
BN_RECURSION in bn.org.
Mark
Mark J Cox, . www.awe.com/~mark
Latest news on the Apache Web Server ... www.apacheweek.com
__
OpenSSL Project
In going through our internal code I came across some changes that we
should look at putting into OpenSSL. I've attached a large DIFF against
the current CVS tree (all changes in the /ssl/ directory).
"This patch is a fix so that the version number in the master secret, when
passed via RSA, chec
ode thoroughly however, so
it may break for people. I was concerned about the ssl changes as they
are a fairly major change and have not been part of C2Net products so
they've not seen any public testing yet.
Mark
Mark J Cox, .
I'm going to delay applying this patch; after applying some connections
fail:
try openssl -connect www.trustcenter.de:443 [fails]
try openssl -connect www.trustcenter.de:443 -no_tls1 [passes]
On Sun, 31 Jan 1999, Mark J Cox wrote:
> In going through our internal code I came acr
> Actually I didn't found any command line tool able to generate and/or
> verify PKCS#7 signatures (such as generated by signed forms by Netscape
> and other tools ...)
We've (C2Net) got a set of stand-alone command line programs for PKCS#7
encrypt/decrypt that seem to work well. They need a lit
I noticed a problem - when the CA list we were loading from a file
(standard verify_locations stuff) contained a duplicate certificate all
certificates after the duplicate would be ignored. This patch alters
X509_load_cert_file() so that if an error occurs looking at one
certificate the routine w
> that incorporate become covered by the E.A.R. and must adhere to the
> U.S. governments decisions on which countries are to be considered
...plus they may change the rules in 120 days :)
Mark
__
OpenSSL Project
> Having said that SGC might now become obsolete anyway.
I think it will take some time for this to happen; we've got to wait for
MS and Netscape to release full-strength versions, then wait for everyone
to upgrade to them. Theres still a large percentage of people who hit our
site with browsers
cksum: 8dc90a113eb8925795071fbe52b2932c
SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.*.tar.gz
openssl sha1 openssl-0.9.*.tar.gz
Yours,
The OpenSSL Project Team...
Mark J
84dd2
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.*.tar.gz
openssl sha1 openssl-0.9.*.tar.gz
Yours,
The OpenSSL Project Team...
Mark J. Cox Nils Larsch Ulf Möller
Ralf S. Engelschall Ben Laurie
e575d
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.*.tar.gz
openssl sha1 openssl-0.9.*.tar.gz
Yours,
The OpenSSL Project Team...
Mark J. Cox Nils Larsch Ulf Möller
Ralf S. Engelschall Ben Laurie Andy Pol
penssl-0.9.*.tar.gz
Yours,
The OpenSSL Project Team...
Mark J. Cox Nils Larsch Ulf Möller
Ralf S. Engelschall Ben Laurie Andy Polyakov
Dr. Stephen Henson Richard Levitte Geoff Thorpe
Lutz JänickeBodo Möller
-BEGIN PGP
> It would be really good if the RH patches were at least contributed
> for inclusion into 0.9.7 as well.
Yup, and we'll have AEP and Baltimore engines for 0.9.7 soon, it just
wasn't the highest priority.
Cheers,
Mark
__
OpenS
> perl util/mkerr.pl -recurse -write -rebuild
>
> (now, just look at the effect that last thing had on the ENGINE error
> strings! How did that unbalance between macros and strings happen?)
I should have ran that before commiting the SureWare code; I was working
from a diff that was sent t
Noticed a problem with "make install" on the 0.9.6c-dev engine branch,
might affect other branches too.
Mark
Index: Makefile.org
===
RCS file: /e/openssl/cvs/openssl/Makefile.org,v
retrieving revision 1.88.2.7.4.7
diff -u -r1
The recent fix in 0.9.6c engine adding inttypes.h for AEP accelerator
broke Solaris 2.5.1 and Unixware 7 builds. Joe wrote this patch which
compiles on all our build machines. Not tested (but should be okay) on
Windows too.
Cheers, Mark
-- Forwarded message --
Date: Tue, 04 Dec
23 matches
Mail list logo
