This was merged previously.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4254
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Appears to have been reopened in error. Closing again.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4248
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
The issue as originally described in this ticket has been fixed.
A comment was added at one point to this ticket:
"May I suggest the bug also becomes a wish for support for > 2GB
numbers, as that is what the user originally wanted?"
It's not clear that that is desirable and is unlikely to be adde
Ping Richard Levitte.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4217
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Looks like this was fixed by ba8108154d.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4212
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Seems to have been mostly fixed by dd9589740d, but it looks like there may be a
few things in this patch not covered by that commit. Keeping this open for now.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4207
Please log in as guest with password guest if prompted
--
opens
Github pull 570 which was associated with this ticket has been closed, so
closing this too.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4201
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/
Seems to have been fixed by 6aa0ba4bb28.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4185
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
This seems to be working now.
Closing ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4178
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Stephen answered this issue. The X509_get0_extensions() function does now seem
to be documented.
Closing this ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4177
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https
Added in commit 8b0b80d923. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4176
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Mon May 09 15:05:32 2016, rs...@akamai.com wrote:
> It's probably not an issue because the number of file descriptors has
> increased on the native O/S's. But "file descriptor exhaustion" is
> still an issue for RNG's (google it) and we should keep it in mind for
> the future. What's the best wa
Fixed in commit 3105d69.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1215
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
These patches no longer apply and are no longer relevant to the latest
codebase.
Closing
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1916
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/li
I don't believe this is an issue any more as the maxlen increases along with
the dynamic buffer so no truncation should take place.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1912
Please log in as guest with password guest if prompted
--
openssl-dev mailing lis
These patches no longer apply and are no longer relevant.
Closing
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1875
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
This doesn't seem to match up in any way with current code so I guess it is no
longer relevant.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1873
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openss
This doesn't seem to be the case any more.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1833
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
At some in the intervening period since this was raised these issues have been
fixed.
Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1769
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mail
Due to the elapsed time I am assuming this is no longer a problem for apache.
Please create a new ticket if this is still a problem!
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1298
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsu
These no longer apply due to the elapsed time.
The verify patch doesn't quite make sense (maybe it did when this was written)
because SSL_VERIFY_FAIL_IF_NO_PEER_CERT is a server side only option.
The "manual" option to starttls is quite a neat idea, but will not be applied
in its current state. A
Looks ok to me. I suggest you raise it as a GitHub PR.
Matt
On 08/05/16 08:52, Kurt Cancemi wrote:
> Every function that returns an int in crypto/threads_win.c returns 0
> immediately if the function called from inside the function fails
> except CRYPTO_THREAD_run_once() which returns 1 immediate
Closing this ticket at request of submitter. Erroneous duplicate of #4533
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4534
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-d
On Sat Apr 30 19:51:51 2016, hen...@newdawn.dk wrote:
> Hi there
>
> I've recently come across what looks to be an internal bug in openssl:
>
> Original symptoms was that neither "curl" or "wget" could access the
> following site:
>
> https://coverage.tre.se - this site is using TLS 1.0 (only) and
On 26/04/16 16:16, Douglas E Engert wrote:
> Let me update my response.
> If I am reading GH#995 correctly it still has an issue if a user does:
>
> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
> /* other stuff done, such as calculating d */
> RSA_set0_key(rsa, n, e, d);
>
> rsa is
ey used (i.e. if you supply an EC key then it will use ECDSA).
Matt
>
> Nevertheless, I will try to create a new branch.
>
> Thanks again.
>
> Martin
>
>
>
> -Original Message- From: openssl-dev
> [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Ma
On 26/04/16 09:43, Gäckler Martin (EXT) wrote:
> We’re currently developing a system that uses OAuth protocol to identify
> the users. The service provider is developed in PHP and uses OpenSSL to
> verify the access token. Unfortunately the identity provider, which is
> managed by another company
On 26/04/16 08:26, Richard Levitte wrote:
> [temporarly taking this thread away from RT]
>
> Basically, I can see two solutions:
>
> - Allow calls like RSA_set0_key(rsa, NULL, NULL, d);
>
> That's what's implemented in GH#995, except it doesn't check if the
> input parameters are NULL befo
On 20/04/16 09:24, Matt Caswell wrote:
>
>
> On 19/04/16 19:40, Rainer Jung wrote:
>> I get a core dump during test execution for 1.1.0-pre5. Test is
>> test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc.
>
> Thanks for the detailed analysis. Based
On 20/04/16 15:03, Thirumal, Karthikeyan wrote:
> Thanks Rich.
>
> We first attempted to move to openssl-0.9.8zc - but we faced memory issues
> and our process got dumped at SSL_free. So we backed out and moved back to
> 9.8a.
>
> Can I go to 0.9.8e version and will the SSL fragment issue be
On 19/04/16 20:18, Rainer Jung wrote:
> Output during "make install":
>
> Cannot find "BIO_gets" in podpath: cannot find suitable replacement
> path, cannot resolve link
> Cannot find "BIO_callback_ctrl" in podpath: cannot find suitable
> replacement path, cannot resolve link
> Cannot find "DSA_
On 19/04/16 19:40, Rainer Jung wrote:
> I get a core dump during test execution for 1.1.0-pre5. Test is
> test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc.
Thanks for the detailed analysis. Based on that I have been able to
identify the problem. Fix on the way.
Matt
--
openss
gards Karthikeyan Thirumal
>
> -Original Message- From: openssl-dev
> [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt Caswell
> Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] Windows Patch affe
On 15/04/16 09:15, Thirumal, Karthikeyan wrote:
> Dear Dev folks,
>
> My clients are facing are connectivity issues after windows released
> their OS upgrade this week. I think they have changed the way the SSL
> handshake happens.
>
> My Server is using openssl-0.9.8a and my client sits on a M
Please try again from latest master. Possibly fixed by 627537ddf379.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4499
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Please can you try this again on latest master. Possibly fixed by 627537ddf379.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4455
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/ope
On 14/04/16 01:31, CHOW Anthony wrote:
> I would like to start contributing to this project. On github under
> openssl/CONTRIBUTING stated that there are local unit testing that can
> be done for sanity checking that we can do before submitting a PR.
>
>
>
> In some cases, running these loca
On 01/04/16 16:06, Martin Hecht wrote:
> on SUSE Linux Enterprise Server 11 SP3, when running
>
> ./config && make test
>
> I get errors like:
> Compilation failed in require at ../test/recipes/90-test_v3name.t line 3.
> BEGIN failed--compilation aborted at ../test/recipes/90-test_v3name.t
> li
On 31/03/16 14:00, Hejian via RT wrote:
> Hello, when upgrade openssl to 1.0.2g, If multi thread call the corba
> interface, it will cause core accidently. Please help analyze why the
> core is generated.
>
> There are two kinds of core stack list below.
>
>
> #0 0x7f97729ad324 in RSA_ver
On 30/03/16 15:55, The Doctor wrote:
>
> Just got
>
> make && make test
> gcc -DZLIB_SHARED -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS
> +-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS
> +-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
> +-DSHA512_ASM
On 29/03/16 19:25, Blumenthal, Uri - 0553 - MITLL wrote:
>> clang -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS
>> -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2
>> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
>> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5
On 27/03/16 00:16, Jeffrey Walton wrote:
> Is this a supported configuration (no-ui and apps)?
Co-incidentally, Richard has a patch for no-ui that fixes these problems
that is currently in review.
Matt
>
> There's a fair number of warnings when configuring with no-ui:
>
> apps/enc.c:357:13
On 23/03/16 16:00, Suarez, Miguel wrote:
> Hi
>
>
>
> Can you tell me when 1.0.1t release or later will be made available with
> fixes for the following issues (see below).
1.0.1t does not currently have a planned release date. Releases are
scheduled on an as-needed basis, typically (althoug
On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
>
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
> function. When I do this with OpenSSL from git master as of right now
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:
Auto deinit automatica
What happens if you run the afalgtest directly?
$ cd test
$ ./afalgtest
Matt
On 16/03/16 13:52, noloa...@gmail.com via RT wrote:
> Working from Master on a Gentoo 13 machine, x86_64. The test was run
> as root which explains one of the failures (I don't have users or SSH
> set up yet).
>
> Ker
On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
> I've configured with:
>
> ./config enable-afalgeng
>
> When I run the self tests, I see:
>
> ../test/recipes/30-test_afalg.t ... skipped: test_afalg not
> supported for this build
You should not need to use enable-afalgeng at
On 18/03/16 22:59, Kurt Roeckx via RT wrote:
> On Fri, Mar 18, 2016 at 01:18:04PM +0000, Matt Caswell wrote:
>>
>>
>> On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
>>> I've configured with:
>>>
>>> ./config enable-afalgeng
>&g
On 18/03/16 22:59, Kurt Roeckx via RT wrote:
> On Fri, Mar 18, 2016 at 01:18:04PM +0000, Matt Caswell wrote:
>>
>>
>> On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
>>> I've configured with:
>>>
>>> ./config enable-afalgeng
>&g
894a00c3f76c47 Mon Sep 17 00:00:00 2001
From: Matt Caswell
Date: Thu, 17 Mar 2016 10:14:30 +
Subject: [PATCH 1/3] Fix no-rc2 in the CMS test
The CMS test uses some RC2 keys which should be skipped if the RC2 is
disabled.
---
test/recipes/80-test_cms.t | 14 +-
1 file changed, 9 in
On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
> I've configured with:
>
> ./config enable-afalgeng
>
> When I run the self tests, I see:
>
> ../test/recipes/30-test_afalg.t ... skipped: test_afalg not
> supported for this build
You should not need to use enable-afalgeng at
0xF bytes
>
> e:\openssl-1.1.0-pre4\ssl\ssl_lib.c (2367):
> TestsTLS-11.exe!SSL_CTX_new() + 0x5 bytes
>
> p:\mes programmes\shared\ocrypto-11\tls.cpp (95):
> TestsTLS-11.exe!OTLS::TLSCtx::SetMinTLSVer() + 0x9 bytes
>
> p:\mes programmes\tests\_testsshared\test
What happens if you run the afalgtest directly?
$ cd test
$ ./afalgtest
Matt
On 16/03/16 13:52, noloa...@gmail.com via RT wrote:
> Working from Master on a Gentoo 13 machine, x86_64. The test was run
> as root which explains one of the failures (I don't have users or SSH
> set up yet).
>
> Ker
On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
>
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
> function. When I do this with OpenSSL from git master as of right now
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:
Auto deinit automatica
On 14/03/16 15:21, Matt Caswell via RT wrote:
>
>
> On 14/03/16 15:05, Andy Polyakov via RT wrote:
>>>>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>>>>> 32-bit tests OK.
>>>>>
>>>>> The relevant
On 14/03/16 15:21, Matt Caswell via RT wrote:
>
>
> On 14/03/16 15:05, Andy Polyakov via RT wrote:
>>>>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>>>>> 32-bit tests OK.
>>>>>
>>>>> The relevant
osix.h so that if we work out we're
>> on ppc64 then we default to ASYNC_NULL?
>
> #if defined(__APPLE__) && (defined(__ppc64__) || defined(_ARCH_PPC64))
>
>
So something like the attached?
Jeff, can you test this?
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Disp
o that if we work out we're
>> on ppc64 then we default to ASYNC_NULL?
>
> #if defined(__APPLE__) && (defined(__ppc64__) || defined(_ARCH_PPC64))
>
>
So something like the attached?
Jeff, can you test this?
Matt
>From e30be0c1c51cc7da06f103a07d6b4b9757
On 14/03/16 14:57, Andy Polyakov via RT wrote:
>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>> 32-bit tests OK.
>>
>> The relevant snippets are:
>>
>> $ make test
>> ...
>> ../test/recipes/90-test_async.t ... 1/1
>> # Failed test 'running asynctest'
>> # a
On 14/03/16 14:57, Andy Polyakov via RT wrote:
>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>> 32-bit tests OK.
>>
>> The relevant snippets are:
>>
>> $ make test
>> ...
>> ../test/recipes/90-test_async.t ... 1/1
>> # Failed test 'running asynctest'
>> # a
On 12/03/16 00:12, noloa...@gmail.com via RT wrote:
>>> What is actually running? How can I get it under a debugger?
>>
>>
>> $ ./config -d
>> $ make
>> $ make test/afalgtest
>> $ cd test
>> $ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest
>>
>
> Ooh, -d looks like a new option. Would that be
On 11/03/16 19:38, noloa...@gmail.com via RT wrote:
> On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT
> wrote:
>> Working from Master:
>>
>
> It looks like the hang is still present as of 603358d.
>
> When the following runs:
>
> ../test/recipes/30-test_afalg.t
>
> What is act
On 11/03/16 19:38, noloa...@gmail.com via RT wrote:
> On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT
> wrote:
>> Working from Master:
>>
>
> It looks like the hang is still present as of 603358d.
>
> When the following runs:
>
> ../test/recipes/30-test_afalg.t
>
> What is act
Hi Jeff
On Thu Mar 10 19:29:21 2016, noloa...@gmail.com wrote:
> Working from Master:
>
> $ git reset --hard HEAD && git pull
> HEAD is now at fb04434 In the recipe using "makedepend", make sure the
> object file extension is there
> Already up-to-date.
>
> $ ./config
> ...
> $ make depend && make
Hi Roumen
On 10/03/16 22:21, Roumen Petrov wrote:
> Hello,
>
> With new thread model in some configurations openssl hands on unload of
> engine.
I just pushed commit 773fd0bad4 to master which should hopefully resolve
this issue.
Matt
--
openssl-dev mailing list
To unsubscribe: https://mta.op
On 11/03/16 01:03, Jeffrey Walton wrote:
> Hi Everyone,
>
> Testing master on real hardware is showing some minor issues on a few
> platforms, including ARM32, ARM64, PowerPC and i686. In addition,
> there seems to be one-off issues on other combinations, like VIA's C7
> processor on Linux.
>
>
--unified has been removed and it is now the default. If you want "old"
build use --classic.
Matt
On 08/03/16 15:51, Blumenthal, Uri - 0553 - MITLL wrote:
> $ ./Configure darwin64-x86_64-cc enable-rfc3779 threads zlib
> enable-ec_nistp_64_gcc_128 shared
> --prefix=/Users/ur20980/src/openssl-1.1
On Mon Mar 07 23:02:26 2016, noloa...@gmail.com wrote:
> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present
> under Linux.
>
> $ git reset --hard HEAD
> HEAD is now at e1d9f1a Remove kinv/r fields from DSA structure.
> $ git pull
> Already up-to-date.
>
> $ ./config && make depend &&
On 07/03/16 21:49, David Benjamin wrote:
> Hi folks,
>
> So, we've by now built up a decent-sized SSL test suite in BoringSSL. I
> was bored and ran it against OpenSSL master. It revealed a number of
> bugs. One is https://github.com/openssl/openssl/pull/603. I'll be filing
> tickets shortly for
On 07/03/16 23:43, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:29 PM, Matt Caswell via RT wrote:
>> Fix already on the way.
>>
>
> Thanks. I'm not sure what's triggering it on OS X because those
> defines don't se
On 07/03/16 23:43, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:29 PM, Matt Caswell via RT wrote:
>> Fix already on the way.
>>
>
> Thanks. I'm not sure what's triggering it on OS X because those
> defines don't se
Fix already on the way.
Matt
On 07/03/16 23:28, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:02 PM, Jeffrey Walton wrote:
>> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present under
>> Linux.
>>
>> $ git reset --hard HEAD
>> HEAD is now at e1d9f1a Remove kinv/r fie
Fix already on the way.
Matt
On 07/03/16 23:28, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:02 PM, Jeffrey Walton wrote:
>> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present under
>> Linux.
>>
>> $ git reset --hard HEAD
>> HEAD is now at e1d9f1a Remove kinv/r fie
On 03/03/16 11:54, Marcus Meissner wrote:
> Hi,
>
> https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/
>
> Integer overflow in b2i_PVK_bio
>
> Have you assigned a CVE internally for that already?
>
> Ciao, Marcus
>
On 24/02/16 16:48, Gisle Vanem wrote:
> Matt Caswell wrote:
>
>> The complete patch is attached. This is currently going through review,
>> and solves the link issue.
>
> That brought MSVC-2015 back on track. Thanks!
>
This has now been committed, so hopefully
On 23/02/16 16:38, Sander Temme wrote:
> All,
>
> I toyed over the weekend with resurrecting CHIL: intermediate result
> here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT
> PROUD OF THIS but have no cycles to clean it up for at least a couple
> of days to come. It builds now
On 24/02/16 15:50, The Doctor wrote:
> As of 2106-20-24 SSL_librbary_init may not be avialable in the libssl.so .
>
> Is their a workaround for this?
>
SSL_library_init is still available in ssl.h as a compatibility macro:
#if OPENSSL_API_COMPAT < 0x1010L
# define SSL_library_init() OPENS
On 24/02/16 10:29, Gisle Vanem wrote:
> Matt Caswell wrote:
>
>> The attached seems to avoid the problem - but then for reasons I cannot
>> understand link errors result later on in the build.
>
> I too can confirm that your patch fixes MSVC-2105 compilation.
> Th
On 23/02/16 15:59, Matt Caswell wrote:
>
>
> On 23/02/16 01:55, Bill Bierman wrote:
>> The Microsoft compiler team has suggested removing the include of ssl.h
>> from srtp.h as it creates a circular reference which is likely confusing
>> the compiler.
>>
&
yed this to the
> compiler team. A senior dev there is aware of the issue and they
> are working on a fix.
The attached seems to avoid the problem - but then for reasons I cannot
understand link errors result later on in the build.
Matt
>From 68db934d65513236b6e0ffd5290d0f53b71f
On Fri Feb 19 13:58:34 2016, i...@ecsystems.nl wrote:
> openssl 1.0.2f static build with nginx 1.9.12 (development version)
>
> about
>
https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
>
> This may solve the initial issue but creates a new one:
> SSL_shutdown() fai
On 19/02/16 13:11, Jaroslav Imrich wrote:
> Hello Matt,
>
> If I don't hear from anyone I will remove these.
>
>
> I can confirm that CHIL engine is actively used with OpenSSL 1.0.* by
> the owners of nCipher/THALES nShield HSMs.
>
> I have notified vendor support about this thread.
>
Gr
On 19/02/16 13:03, Tomas Mraz wrote:
> On Pá, 2016-02-19 at 11:31 +0000, Matt Caswell wrote:
>
>
>> So it seems that for chil there may possibly be some rare use (but
>> even
>> the most recent evidence is 4 years old). However the OpenSSL dev
>> team
>>
Hi all
The ubsec and chil engines are currently disabled in 1.1.0 and do not build.
As far as ubsec is concerned I understand that this is an engine for
broadcom cards. There has been very little activity with this engine
since it was first introduced. Google brings up some very old historic
refe
Looks like the last suggested patch against this ticket was applied. No further
activity since 2008, so assuming this is resolved. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1736
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
On 18/02/16 13:59, Michel wrote:
> Yes !
> With your 2 patches applied, tls_decrypt_ticket.patch and
> fix-win-thread-stop.patch,
> (looks like I lost the first one yesterday),
> none of my tests programs using libSSL v1.1 reports leaks.
>
> I feel better. :-)
Great. I'll get those reviewed an
err.c (598):
> TestsTLS-11.exe!ERR_clear_error() + 0x5 bytes
> e:\openssl-1.1.git\ssl\statem\statem.c (279):
> TestsTLS-11.exe!state_machine()
> e:\openssl-1.1.git\ssl\statem\statem.c (222):
> TestsTLS-11.exe!ossl_statem_accept() + 0xB bytes
> e:\openssl-1.1.git\ssl\ssl_li
1 client thread.
> Both of them have OPENSSL_thread_stop() in their [pre-]exit member function.
>
> Michel.
>
> -Message d'origine-
> De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de Matt
> Caswell
> Envoyé : mercredi 17 février 2016 17:23
>
ap()
> f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): TestsTLS-11.exe!malloc()
> + 0x15 bytes
> e:\openssl-1.1.git\crypto\mem.c (138): TestsTLS-11.exe!CRYPTO_malloc() +
> 0x9 bytes
> e:\openssl-1.1.git\crypto\mem.c (158): TestsTLS-11.exe!CRYPTO_zalloc() +
> 0x11 bytes
On 16/02/16 16:17, David Woodhouse wrote:
> On Mon, 2016-02-15 at 22:17 +0000, Matt Caswell wrote:
>>
>> Maybe EVP_cleanup() and other similar explicit deinit functions should
>> be deprecated, and do nothing in 1.1.0? The auto-deinit capability
>> should handle it.
p:\mes programmes\shared\ocrypto-11\tls.cpp (1017):
> TestsTLS-11.exe!OTLS::TLSSss::DoHandshake() + 0xC bytes
> p:\mes programmes\tests\_testsshared\teststls-11-leak\clttasks.cpp (63):
> TestsTLS-11.exe!CltThread::Main() + 0xB bytes
> p:\mes programmes\shared\sthread.cpp (17):
> Tests
On 15/02/16 21:50, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote:
>> On 15/02/16 21:25, Jouni Malinen wrote:
>>> Is this change in OpenSSL behavior expected? Is it not allowed to call
>>> EVP_cleanup() and then re-init
On 15/02/16 21:25, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 10:52:27PM +0200, Jouni Malinen wrote:
>> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote:
>>>OpenSSL version 1.1.0 pre release 3 (alpha)
>
>> It looks like something in pre release 3 has changed behavior in a way
>> t
On 15/02/16 20:52, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote:
>>OpenSSL version 1.1.0 pre release 3 (alpha)
>>
>>OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 3 has now
>>been made available. For details of changes and known issues
I have just pushed to github some code that I have been working on to
implement a feature I have called "pipelining". This is still WIP,
although is fairly well advanced. I am keen to hear any feedback. You
can see the PR here:
https://github.com/openssl/openssl/pull/682
The idea is that some engi
.2 as well!
Anyway, please try the attached patch to see if that helps.
Let me know how you get on.
Thanks
Matt
>From a47094a928f56cb62d57d4b53f2e4e20f9a0a031 Mon Sep 17 00:00:00 2001
From: Matt Caswell
Date: Sat, 13 Feb 2016 23:22:45 +
Subject: [PATCH] Fix memory leaks in tls_decrypt_t
On 12/02/16 14:31, The Doctor wrote:
> Here is another fix needed:
>
> making all in ssl...
> gcc -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_EXPERIMENTAL_JPAKE
> -DOPENSSL_THREADS -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DS
On 10/02/16 16:46, Blumenthal, Uri - 0553 - MITLL wrote:
> The complete report is at https://github.com/openssl/openssl/issues/651
>
> Configuration:
>
> |$ ./Configure darwin64-x86_64-cc enable-rfc3779 enable-rc5 enable-md2
> enable-deprecated experimental-jpake threads zlib
> enable-ec_nistp_
On Wed Apr 29 05:10:28 2015, noloa...@gmail.com wrote:
> This question crops up on occasion: How do you shutdown the OpenSSL
> library. See, for example:
>
> * "How to properly uninitialize OpenSSL",
> http://stackoverflow.com/questions/29845527/how-to-properly-
> uninitialize-openssl.
> * "Order o
On 08/02/16 20:49, Rainer Jung wrote:
> The constant SSL_R_HTTP_REQUEST is still defined, but I can't find code
> that sets it and practical experiments indicate it is no longer set.
>
> In Apache land we use it to detect "HTTP spoken on HTTPS port". OpenSSL
> 1.0.2 has code in ssl23_get_client_
On 08/02/16 15:46, Viktor Dukhovni wrote:
>
>> On Feb 8, 2016, at 9:49 AM, Matt Caswell wrote:
>>
>> Actually, yes that is a good point. There could be some subtle security
>> issues there. You probably need to additionally check that you are not
>
301 - 400 of 981 matches
Mail list logo
