On 05/10/16 00:39, David Woodhouse wrote:
> I have the link MTU (typically 1500 bytes), and a DTLS session is
> established.
>
> I call DTLS_set_link_mtu() to set the link MTU.
>
> I need to know the DTLS data MTU — the maximum payload size, which
> depends on the cipher in use.
>
> For
I recently implemented some tests for renegotiation that turned up a
discrepancy between the way TLS and DTLS work.
If a server sends a HelloRequest to the client, then the client responds
by initiating a renegotiation handshake.
We support two forms of renegotiation handshake: normal and
On 06/09/16 08:00, Patel, Anirudh (Anirudh) wrote:
> Now can I convert this dlCRL to PEM format? All this needs to be done
> programmatically and not by executing openssl crl commands.
Yes. Use PEM_write_bio_X509_CRL(), or PEM_write_X509_CRL():
On 26/08/16 11:42, Steffen Nurpmeso wrote:
> N'morning UK. (^.^)
>
> Matt Caswell <m...@openssl.org> wrote:
> |On 25/08/16 22:14, Steffen Nurpmeso wrote:
> |> OpenSSL <open...@openssl.org> wrote:
> |>| OpenSSL version 1.1.0 released
> |>
&
On 25/08/16 22:33, Tom Ritter wrote:
> NCC Group has prepared (or begun preparing) a patch that integrates
> fuzzing of OpenSSL. This work was done primarily by Tim Newsham,
> although the code is based on selftls by Hanno Böck, and it was modified
> by me to fit into the OpenSSL tree. The
On 25/08/16 22:14, Steffen Nurpmeso wrote:
> Good evening.
>
> OpenSSL wrote:
> | OpenSSL version 1.1.0 released
>
> A bit distressing that it is me again, as if i would have
> something to do with that..., but: the tag is missing.
Really? I seem to be able to see it
Fixed in master by e3057a57c and c74aea8d6. Still needs cherry-picking to
1.0.2.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4636
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
Fixed in master by b62b2454f and dfde4219f. Still needs cherry-picking to
1.0.2.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4621
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
On Thu Aug 11 17:12:10 2016, appro wrote:
> Hi,
>
> > I have no time to check with debugger now,
>
> Then no progress will be made. Problem needs to be identified first, and
> since similar problem was identified earlier, I'd have to insist on
> confirmation whether or not it's the same.
>
> > but
Resolved by overlapping buffer checks. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4362
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Mon Aug 22 15:05:17 2016, david...@google.com wrote:
> I may not have time to fully digest the change before the release date, but
> I'm not sure this snippet quite works:
>
> if (ctx->read_start == ctx->read_end) { /* time to read more data */
> ctx->read_end = ctx->read_start =
On Wed Aug 17 16:18:26 2016, levitte wrote:
> On Fri Jul 08 09:36:42 2016, levitte wrote:
> > On Fri Jul 08 09:33:01 2016, noloa...@gmail.com wrote:
> > > Hmmm... If I want to use ld.gold as my linker, the easiest path is to
> > > set LD=ld.gold. It makes perfect sense to some
> >
> > Did it
On Tue Aug 16 08:05:06 2016, matt wrote:
> On Thu Aug 11 16:36:42 2016, matt wrote:
> > Could be this:
> >
> > https://github.com/openssl/openssl/pull/1432
>
>
> That MR has now been merged.
>
> Jeff - please can you confirm that it resolves the issue for this ticket?
No response, so assuming
On 22/08/16 18:12, John Foley wrote:
> Is anyone seeing the following error when building 1.0.2 stable on Windows:
>
> Creating library tmp32dll\junk.lib and object tmp32dll\junk.exp
> IF EXIST out32dll\sslv2conftest.exe.manifest mt -nologo -manifest
>
This should be fixed now. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4646
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Closing this - "working as designed".
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 16/08/16 23:26, Richard Moore wrote:
> I noticed that we have:
>
> __owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
> __owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
> __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
> __owur uint32_t
On 11/08/16 13:29, Andy Polyakov via RT wrote:
>> ( cd test; \
>> SRCTOP=../. \
>> BLDTOP=../. \
>> PERL="perl" \
>> EXE_EXT= \
>> OPENSSL_ENGINES=.././engines \
>> perl .././test/run_tests.pl test_afalg )
>> ../test/recipes/30-test_afalg.t ..
>> 1..1
>> ALG_PERR:
On 02/08/16 01:26, noloa...@gmail.com via RT wrote:
> On Tue, Jul 19, 2016 at 10:01 AM, Matt Caswell <m...@openssl.org> wrote:
>>
>>
>> On 19/07/16 14:41, Richard Levitte via RT wrote:
>>> Hi Jeff,
>>>
>>> I'm going to assume that a newer c
Closing this ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Mon Jul 25 08:49:27 2016, matt wrote:
> Ping Jeff?
Ping again?
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Fix for this was merged as 4a9a0d9bcb. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4638
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 30/07/16 23:45, David Benjamin via RT wrote:
> It is a behavior change, but
> one I'm sure will break no one.
Unfortunately I don't share your optimism that it won't break any one :-(
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4572
Please log in as guest with
FYI, we have recently updated our release strategy for version 1.1.0:
https://www.openssl.org/policies/releasestrat.html
The change is to add the following two dates:
- 4th August 2016, 1.1.0 beta 3 release
- 25th August 2016, 1.1.0 public release
Matt
--
openssl-dev mailing list
To
On Mon Jul 25 18:36:56 2016, d...@inky.com wrote:
> Yes, that appears to fix it. Thanks!
Fixed in 58c27c207dd. Closing ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4618
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To
Ticket submitted by Brian Smith
When doing math on short Weierstrass curves like P-256, we have to special case
points at infinity. In Jacobian coordinates (X, Y, Z), points at infinity have
Z == 0. However, instead of checking for Z == 0, p256-x86-64 instead checks for
(X, Y) == (0, 0). In other
On Tue Jun 14 20:30:09 2016, david...@google.com wrote:
> I recently made some changes around BoringSSL's SSL_set_bio, etc.
> which you
> all might be interested in. The BIO management has two weird behaviors
> right now:
>
> 1. The existence of bbio is leaked in the public API when it should be
>
nt with [inky](http://inky.com?kme=signature)
Hi Dave
Please could you try the attached patch and see if that resolves the issue?
Thanks
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4618
Please log in as guest with password guest if prompted
>From 32f6b811837e0279e8cbc13426
Ping Jeff?
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4584
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 21/07/16 09:56, Christian Hägele wrote:
> Am 25.06.2016, 00:27 Uhr, schrieb Matt Caswell <m...@openssl.org>:
>
>> The current thinking is Thursday 7th July, although that is not set in
>> stone as it depends on what happens between now and then. We don't
>
On Tue Jul 19 16:22:22 2016, k...@roeckx.be wrote:
> On Tue, Jul 19, 2016 at 02:12:41PM +0000, Matt Caswell via RT wrote:
> >
> > Is this still an issue? And if so are you able to provide a backtrace?
>
> This might be a combination of kernel, glibc and gcc bugs, some of
&g
On 19/07/16 16:23, Richard Levitte via RT wrote:
> On Mon Jul 11 16:20:29 2016, k...@roeckx.be wrote:
>> Hi,
>>
>> When trying to check what happens if we simulate malloc()
>> returning NULL I'm running into a problem that I'm not sure how to
>> deal with.
>>
>> We have CRYPTO_THREAD_run_once(),
On Mon Jun 27 09:51:21 2016, matt wrote:
>
>
> On 26/06/16 15:44, Kurt Roeckx via RT wrote:
> > Hi,
> >
> > My last upload of openssl to experimental show this on hppa:
> > *** Error in `./asynctest': double free or corruption (out):
> > 0x007307d8 ***
> > ../util/shlib_wrap.sh ./asynctest => 134
On 19/07/16 14:41, Richard Levitte via RT wrote:
> Hi Jeff,
>
> I'm going to assume that a newer checkout of the master branch won't change
> much, so if you please, try this command and send mack the result:
Who is Mack? ;-)
>
> make test TESTS='test_afalg test_rehash'
Did you mean to
On 19/07/16 14:41, Richard Levitte via RT wrote:
> Hi Jeff,
>
> I'm going to assume that a newer checkout of the master branch won't change
> much, so if you please, try this command and send mack the result:
Who is Mack? ;-)
>
> make test TESTS='test_afalg test_rehash'
Did you mean to
Closing this ticket - fixed in 1.1.0.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4606
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 30/06/16 20:23, Salz, Rich wrote:
>
>> Specify neither if you want most stuff to be installed in /usr/local and
>> config
>> files/default cert/keystore in /usr/local/ssl
>>
>> Specify just --openssldir if you want just config files/default
>> cert/keystore to
>> go into and everything
On 30/06/16 17:59, noloa...@gmail.com via RT wrote:
> On Thu, Jun 30, 2016 at 12:52 PM, Salz, Rich via RT wrote:
>>> I don't want either of them. I only want to install the library in the
>>> directory of
>>> my choosing :)
>>
>> #! /bin/sh
>> make $* && cp *.a $MYDIR
>>
>>
On 29/06/16 15:35, Jan Just Keijser wrote:
> hi all,
>
> I'm the maintainer of grid-proxy-verify, a grid-tool that uses "plain"
> openssl to verify a grid proxy (either RFC3820 or legacy Globus proxy).
> This tool
> http://www.nikhef.nl/~janjust/proxy-verify/
> and
>
On 29/06/16 08:33, Tomas Mraz via RT wrote:
> On Út, 2016-06-28 at 22:10 +, Thomas Waldmann via RT wrote:
>> On 06/28/2016 11:18 PM, Kurt Roeckx via RT wrote:
>>>
>>> On Mon, Jun 27, 2016 at 08:50:43PM +, Thomas Waldmann via RT
>>> wrote:
I didn't ask where to get the missing
On 27/06/16 21:56, Timothy B. Terriberry wrote:
> Because I am writing a library, which I
> intend to be re-entrant, but which does not have any explicit threading
> support (or dependencies), I don't have any convenient global place to
> cache it. I haven't needed one for anything else.
You
On 28/06/16 16:18, Oleg Kukartsev via RT wrote:
> Guys,
> There is an issue with openssl s_client described here:
> http://stackoverflow.com/questions/25760596/how-to-terminate-openssl-s-client-after-connection
> Basically, it prevents openssl s_client automation on windows platform.
>
> And a
On 28/06/16 14:41, Richard Levitte wrote:
> In message
>
> on Tue, 28 Jun 2016 12:38:20 +, Catalin Vasile
> said:
>
> cata.vasile> Hi,
> cata.vasile>
> cata.vasile> Is there a way to
On 27/06/16 21:56, Timothy B. Terriberry wrote:
>> Did you see BIO_meth_set_write etc ?
>
> I did. I also saw that exactly no code in OpenSSL itself uses this API.
Not strictly true. s_server uses it as does asynciotest.
We also use the similar RSA_METHOD functions and DSA_METHOD functions in
On 26/06/16 15:44, Kurt Roeckx via RT wrote:
> Hi,
>
> My last upload of openssl to experimental show this on hppa:
> *** Error in `./asynctest': double free or corruption (out): 0x007307d8 ***
> ../util/shlib_wrap.sh ./asynctest => 134
>
> # Failed test 'running asynctest'
> # at
On 24/06/16 22:28, Jouni Malinen wrote:
> On Mon, May 23, 2016 at 01:15:45PM +, Salz, Rich wrote:
>> ... in case you haven't noticed :) Our announced release date for 1.1 has
>> come and gone.
>>
>> We want to close many more bugs before we release it. In the meantime,
>> please test
ed by
> the same thread.
>
> It looks like state_index is going outside of the expected range.
>
> This is possible if one or more threads do
>state_index += num_ceil;
>
> and then another thread reads it before
>if ( state_index > state_num )
> state_
On Mon Jun 13 09:37:59 2016, loic.etie...@qnective.com wrote:
> My claim about portability issues was wrong (sorry): The C-standard
> ensures that positive values are handled in the two's complement
> system, indeed.
>
> However, inl % block_size == inl & (block_size-1) is true if and only
> if
Fixed in latest master. There are a few spurious warning left that I did not
fix. They look like cases of the compiler being overly picky IMO.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4378
Please log in as guest with password guest if prompted
--
openssl-dev mailing
On 17/06/16 20:56, Matt Caswell via RT wrote:
>
>
> On 17/06/16 19:43, Mick Saxton via RT wrote:
>> Perhaps we should consider if there are any negative consequences to my
>> solution?
>> It does work.
>>
>> I am trying really hard to get conte
On 17/06/16 19:43, Mick Saxton via RT wrote:
> Perhaps we should consider if there are any negative consequences to my
> solution?
> It does work.
>
> I am trying really hard to get contention but I am only seeing this problem
> in about 1 out of 100,000 successful TLSv1.2 connections
> On a
On 14/06/16 21:30, David Benjamin via RT wrote:
> For OpenSSL master, I believe it'd also work to add an s->rbio != s->wbio
> check to SSL_set_rbio, but I think those are worse semantics for
> SSL_set_{rbio,wbio}. They are new APIs, so, before it's too late, give them
> clear semantics like
Jeff has confirmed that this issue has been fixed in latest master. Closing
this ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4456
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
This is fixed in latest master. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4565
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Wed Jun 15 17:42:58 2016, rsalz wrote:
> OpenSSL_1_0_2-stable 75f9068 RT4526: Call TerminateProcess, not ExitProcess
> master 9c1a9cc RT4526: Call TerminateProcess, not ExitProcess
>
> Author: Rich Salz
> Date: Tue Jun 14 16:19:37 2016 -0400
>
> RT4526: Call
On 15/06/16 16:31, Daniel Kahn Gillmor wrote:
> On Wed 2016-06-15 09:51:37 -0400, Salz, Rich wrote:
>> I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed.
>> Matt and I disagree :)
>
> Isn't the existence of SSLv2 a bug? ;)
Fixed in OpenSSL 1.1.0 :-)
Matt
--
openssl-dev
On 15/06/16 13:09, Salz, Rich via RT wrote:
> So are we still fixing SSLv2 bugs? Or are they too low on the priority list?
They're certainly low priority, but we are still fixing them.
Matt
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Tue Jun 14 20:42:36 2016, rsalz wrote:
> SSLv2 is not supported any more.
Uyes it is on the 1.0.2 branch? It is off by default though.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038
Please log in as guest with password guest if prompted
--
openssl-dev
Fixed in commit e7653f3bab. Closing ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2388
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Fixed in commit e70656cf1c.
Closing ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=597
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Wed Jun 01 22:20:38 2016, matt wrote:
> Hi Jeff
>
> Please could you try the attached patch?
Jeff confirmed to me that the patch solved the problem. Pushed as commit
25b9d11c0.
Closing ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434
Please log in as guest
On Wed Jun 08 16:02:39 2016, matt wrote:
> On Tue May 24 13:53:07 2016, steve wrote:
> > On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote:
> > > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0
> > > adjustments, I get
> > >
> >
> > Can you please check to see if this
On Thu Jun 02 23:24:44 2016, paul.d...@oracle.com wrote:
> The DTLS packet reassembly code has a performance problem that could
> result in a DoS attack being possible.
>
>
>
> The DTLS packet reassembly uses the data structure defined in
> ssl/pqueue.c for the purpose (it is the only user of this
On Fri Jun 10 13:02:57 2016, z...@ua7.net wrote:
> Hello
>
> Looks like OPENSSL_config have a bug as result users can't set
> alternative path to openssl.cnf file.
> If you take a look on implementation of void OPENSSL_config(const char
> *config_name) it call a
> CONF_modules_load_file(NULL,
Fixed in f5de06aae. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1051
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 10/06/16 10:00, Matt Hart wrote:
> Hi,
>
> I took the CAPI engine and extended it to give preference to NCrypt,
> otherwise to revert to Crypto API. Implemented for RSA so far (no DSA or ECC
> support though BoringSSL have done some ECC work for Windows I could look
> at). Tested with RSA,
Patch applied - thanks. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3720
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Mon Jun 06 18:26:50 2016, loic.etie...@qnective.com wrote:
> crypto/evp/evp_enc.c, EVP_EncryptUpdate
> line 337: inl & (ctx->block_mask)
> line 367: inl & (bl - 1) /* with bl = ctx->cipher->block_size */
Why do you consider this a problem?
Matt
--
Ticket here:
On Tue May 31 16:49:23 2016, rsalz wrote:
> Re-Ping Jeff to take a look and see if things are fixed now.
Ping Jeff.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4456
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
Status as per ticket 4480. Closing this ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4479
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
I applied the original roll up patch. I wasn't keen on adding all the
__STRICT_ANSI__ ifdefs from the later patch. That seems excessive to me for
little benefit - we are generally trying to reduce the ifdef code as much as
possible. I also didn't add the __WORDSIZE bit. I believe that symbol is an
On Wed Jun 01 22:20:38 2016, matt wrote:
> Hi Jeff
>
> Please could you try the attached patch?
Any update on this?
Thanks
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To
On Tue May 24 13:53:07 2016, steve wrote:
> On Sun Feb 21 13:55:35 2016, rainer.j...@kippdata.de wrote:
> > Running the Apache test suite for Apache 2.4 with OpenSSL 1.1.0
> > adjustments, I get
> >
>
> Can you please check to see if this issue is still present in the latest
> OpenSSL 1.1.0?
Hi
On 08/06/16 11:25, Hubert Kario wrote:
> On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote:
>> On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote:
>>> A TLS1.2 connetion with openssl server and gnutls-cli using a
>>> SECP384R1
>>> key ends
On Mon Mar 07 22:27:23 2016, david...@google.com wrote:
> ssl3_get_record silently discards empty records without much context,
> which
> means OpenSSL will happily accept, e.g., empty app data records
> mid-handshake or empty records of bogus type. They get silently
> discarded
> and never
On Thu Apr 07 11:44:09 2016, peter.chernys...@gmail.com wrote:
> Hello!
> BN part program
>
> BN_ULONG BN_mod_word (const BIGNUM * a, BN_ULONG w);
>
> does not work properly on 64-bit machine with some w> 2 ^ 32, although
> declared as BN_ULONG (64 bits).
Fixed in commit e82fd1b4 (1.0.2) and
On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote:
> A TLS1.2 connetion with openssl server and gnutls-cli using a
> SECP384R1
> key ends up with SHA256 as the hash algorithm for signing the key
> exchange.
> This is because gnutls sends the hash algorithms from weak to strong
> and by
The last patches from this have now been applied so closing this ticket.
Thanks!
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3198
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
On 03/06/16 10:52, Alfred E. Heggestad wrote:
> Hi Matt,
>
> thanks for the suggested API and code. Please find below a suggested
> patch that implements this new callback.
>
>
> the patch is based on 1.0.2-dev from GIT:
>
> url: git://git.openssl.org/openssl.git
> branch:
On 02/06/16 14:33, Alfred E. Heggestad wrote:
>
>
> On 01/06/16 13:58, Matt Caswell wrote:
>>
>>
>> On 01/06/16 11:15, Alfred E. Heggestad wrote:
>>> hi,
>>>
>>> we are using DTLS from OpenSSL to implement DTLS-SRTP in our
>>> prod
Hi Jeff
Please could you try the attached patch?
Thanks
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4434
Please log in as guest with password guest if prompted
>From 199bf71fb68a26a9d7ff52af7233bd0b52d0f824 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@opens
dhparam will never generate parameters that fail DH_check(). It would be an
internal error if it did. I added a sanity check anyway and also brought the
documentation up to date. Commit eeb21772e.
Closing this ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4244
On 01/06/16 11:15, Alfred E. Heggestad wrote:
> hi,
>
> we are using DTLS from OpenSSL to implement DTLS-SRTP in our
> product (Wire.com) .. The code and implementation works really well
> and is very robust. We are using OpenSSL version 1.0.2g
>
>
> since our product is deployed globally on
On Wed Jun 01 09:17:18 2016, noloa...@gmail.com wrote:
> > Please could you try the attached patch?
>
> It tested OK. 'make test' executed without any problems. Ship it and
> close the ticket.
Pushed in commit e51329d38. Closing ticket.
Thanks
Matt
--
Ticket here:
Steve fixed this via commit f72f00d495.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4149
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Mon Dec 21 11:07:24 2015, dra...@dancingdragon.be wrote:
> https://github.com/openssl/openssl/pull/512
>
> This PR removes all of the dangerous Windows entropy gathering routines
> in favor of standard CryptGenRandom calls, as was discussed in the
> "Improving OpenSSL default RNG" thread on
On 28/05/16 16:49, sav...@ukr.net wrote:
>
>
> --- Исходное сообщение ---
> От кого: "Matt Caswell" <m...@openssl.org>
> Дата: 27 мая 2016, 18:03:50
>
> > 2. Results for some tests using MSVC there are:
> >
> > skipped: TLSPro
On 27/05/16 15:58, sav...@ukr.net wrote:
>
>
> --- Исходное сообщение ---
> От кого: "Matt Caswell via RT" <r...@openssl.org>
> Дата: 27 мая 2016, 17:45:28
>
> The "make test" hang issue on mingw should now be resolved in the head of
>
On Tue May 10 12:36:40 2016, matt wrote:
> Re-opening. OP reports there are still issues with "make test" hanging.
The "make test" hang issue on mingw should now be resolved in the head of
master. Unfortunately there is now a completely different issue preventing
compilation for mingw :-( That is
On 27/05/16 11:07, Mick Saxton via RT wrote:
> Hi Matt
>
> The test program runs against our major new development so I cannot share it
> as is.
>
> I will try to produce a skeleton version which I could let you have.
>
> - But that will be end if next week as I am away for a few
On 27/05/16 11:07, Mick Saxton via RT wrote:
> Hi Matt
>
> The test program runs against our major new development so I cannot share it
> as is.
>
> I will try to produce a skeleton version which I could let you have.
>
> - But that will be end if next week as I am away for a few
On Fri May 20 15:49:49 2016, mi...@1e.com wrote:
> Hi
>
> Before going any further I would like to state that I have only seen
> this problem when we have 1 or more concurrent connections.
>
> Mostly we notice it on Windows but I have seen it on linux (Ubuntu).
>
> I first noticed it when
I applied this patch in part. The code has moved on since this was written and
this was from pre-reformat times so I added the changes that were still
applicable "manually". See commit 242073bdbc. Also properly implemented the %e
and %g format specifiers in commit d6056f085d. Finally I added a
On 26/05/16 22:48, TJ Saunders wrote:
>
>
>>> I'm currently working on updating proftpd and its various modules to
>>> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is
>>> to determine the SSL protocol version, given an SSL_SESSION pointer.
>>>
>>> Using OpenSSL-1.0.x, I
On 26/05/16 22:27, TJ Saunders wrote:
>
> I'm currently working on updating proftpd and its various modules to
> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is
> to determine the SSL protocol version, given an SSL_SESSION pointer.
>
> Using OpenSSL-1.0.x, I currently
You don't say what version of OpenSSL you were testing. It seems to be either
1.0.2 or 1.0.1 (not master). Anyway, comments inserted.
On Mon Dec 14 13:45:20 2015, skoripe...@juniper.net wrote:
> Issue 1)
> We could have failed to allocate the ctx->cipher_data in
> EVP_CipherInit_ex
>
>
On Thu Apr 07 11:44:09 2016, peter.chernys...@gmail.com wrote:
> Добрый день!
> программа библиотеки BN_mod_word
> BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
>
> работает неверно на 64 бит машине при некоторых w>2^32, хотя объявлена как
> BN_ULONG (64 бита).
>
> Петр
>
> Hello!
> BN part
This ticket was opened in error. The correct ticket that remains open is #1852.
Closing,.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4430
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
This got merged recently. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4525
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
This got merged recently. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4537
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
101 - 200 of 930 matches
Mail list logo