On 23/01/15 15:30, Daniel Kahn Gillmor wrote:
> On Fri 2015-01-23 06:19:14 -0500, Steffen Nurpmeso wrote:
>
>> And i think we are all looking forward to see what the future
>> brings. (Myself even starves for documentation [coverage]
>> improvements.)
>
> fwiw, OpenSSL documentation is pretty
On 22/01/15 22:34, Steffen Nurpmeso wrote:
> Since noone else seems to say a word.
> I personally didn't understand at all why v1.0.2 when its
> end-of-life is in sight already.
>From my personal point of view I would like all our releases to have
defined up front lifetimes, so that it is clear
Closed following offline discussion with Jeff. No action required.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Thu Jan 15 17:01:51 2015, shir...@gmail.com wrote:
> Hi all,
>
> Also, just for completeness, I want to point out I'm a fortunate case
> where I can actually touch the code and recompile it to fix the
> issue. I'm sure that other cases are not so fortunate. IMHO, when
> DTLS method is used, that
On 15/01/15 14:21, Matt Caswell wrote:
>
>
> On 15/01/15 14:13, Fedor Indutny wrote:
>> Hello!
>>
>> During the course of deprecation of stale 1024bit CA certs,
>> node.js and io.js project teams have identified the problem with
>> how OpenSSL client han
On 15/01/15 14:13, Fedor Indutny wrote:
> Hello!
>
> During the course of deprecation of stale 1024bit CA certs,
> node.js and io.js project teams have identified the problem with
> how OpenSSL client handles the server's certificate chain. It is
> quite evident that it ignores certificate store
On Thu Jan 15 14:25:54 2015, sidhpurwala.huza...@gmail.com wrote:
> Here is how to test it:
>
> openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt
> -subj \
> /CN=localhost -nodes -batch -sha256
>
> valgrind --leak-check=full openssl s_server -key localhost.key -cert \
> localho
On Thu Jan 15 10:38:58 2015, sidhpurwala.huza...@gmail.com wrote:
> Hi,
>
> I found a memory leak in s_server.c. On my x86_64 machine, this leaks 56
> bytes for each connection request.
>
> Patch is attached.
I'm not seeing this memory leak. The kctx object should be being freed in the
call to SSL
Please could you try making the following call:
SSL_CTX_set_read_ahead(ctx, 1);
Insert it immediately after these lines in your test code:
pSslContext = SSL_CTX_new(DTLSv1_server_method()); assert(pSslContext != NULL);
assert(SSL_CTX_use_certificate(pSslContext, pX509) == 1);
assert(SSL_CTX_use_P
On Wed Jan 14 21:55:17 2015, shir...@gmail.com wrote:
> Hi Matt,
>
> Here are more explanations:
>
> On my Mac OS X Yosemite, the OS provided OpenSSL version
> $ openssl version
> OpenSSL 1.0.1j 15 Oct 2014
>
> Compiling the test
> $ gcc ~/Dropbox/Public/dtls_bug.c -Wno-deprecated-declarations -lss
On Wed Jan 14 21:21:46 2015, shir...@gmail.com wrote:
> Hi all,
>
> I believe I have found a bug which is only present in the latest
> versions (1.0.1k)
>
> I have created a simple C test which does the following things in this
> order:
>
> 1. initialize the SSL library
> 2. creates an X509 key and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The OpenSSL Project are pleased to make the following announcements:
- - There will be new releases made available on Thursday 15th January for
versions 1.0.1, 1.0.0 and 0.9.8. These will be bug fix only releases to
address build problems with the cur
Hi Mark
There is a fix for this issue currently in git (see commit 56cd7404).
Closing this ticket.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi Julien
There is a fix for this issue currently in git (see commit 56cd7404).
Closing this ticket.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hi Ben
There is a fix for this issue currently in git (see commit 56cd7404).
Closing this ticket.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 13/01/15 14:27, John Foley wrote:
> Thanks for responding. Which tool chain are you using? I'm using VS
> 2013 with the ml compiler. Given this assembly is generated by a perl
> script, maybe it's a perl issue. Which perl interpreter are you using?
>
Visual Studio 2013 with Active State
On 13/01/15 14:05, John Foley wrote:
> Given the 1.0.2 release is forthcoming in the near future, it would be
> good if someone could look at this issue. It looks like there were a
> lot of changes made to sha1-586.pl in 1.0.2 to support the new Intel SHA
> extensions, which aren't available unt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/01/15 00:02, Dominyk Tiller wrote:
> Hey guys,
>
> I wanted to check the status of the two ciphers referenced in the
> subject in OpenSSL.
>
> I thought, for some reason, the ChaCha and Poly cipher support was
> landing in the 1.0.2 branch,
On 10/01/15 02:39, Guy wrote:
> Hello,
>
> Is this correct list for query; or should I write to users?
>
> I fix this problem like below, is this proper?
>
> Thank you.
>
>
> diff U3 a/openssl-0.9.8zd/crypto/cryptlib.h
> b/openssl-0.9.8zd/crypto/cryptlib.h
> --- a/openssl-0.9.8zd/crypto/cry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/01/15 07:58, Frey (Wei) Fu wrote:
> Hi Matt,
>
> I've checked the util dir in your branch and official branch, but
> the openssl-format-source script file seems unavailable. Would you
> please point out the exact location?
Did you look in the
Many thanks. Patch applied.
Regards
Matt
___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We have previously announced our intention to reformat the entire
codebase into a more consistent style (see our roadmap document here:
https://www.openssl.org/about/roadmap.html)
Since then we have been busy working towards doing that. I'd like to
ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/12/14 11:37, Yuriy Kaminskiy wrote:
> Dominyk Tiller wrote:
>> Hey Matt,
>>
>> For some reason, this email is getting flagged as a bad signature
>> by Enigmail. All of your previous emails checked out fine, but
>> this one checked in with a bi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement
contained a link to the recently published OpenSSL Release Strategy that
is available here:
https://www.openssl.org/about/releasestrat.html
I have put up a blog post on the thinkin
On Mon Dec 22 17:38:49 2014, shre...@viptela.com wrote:
> Hey Matt,
>
> Sorry, but we haven't hit this issue again in our code. I cleaned up some
> code with valgrind. Maybe that fixed some issues too. I will get back in
> touch with you if I come across this trace again.
>
Ok - thanks for the upda
No response from OP so setting this ticket to stalled.
Matt
___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
On Tue Dec 02 22:50:07 2014, luis.gar...@csr.com wrote:
> Hi,
>
> The bug list server of openssl is very slow to access, so I am not
> sure if this bug has already been filed.
>
> When using the routine ASN1_item_d2i, the pointer passed as the "in"
> variable gets modified in
Whilst slightly unexp
Hi Vijendra
There is insufficient information from your description to determine whether
this is a fault with OpenSSL or with your application. If this is still an
issue for you, please raise it on the openssl-users email list.
Since it cannot be determined that there is a problem OpenSSL itself
On Mon Dec 22 13:05:34 2014, prav...@viptela.com wrote:
> Hi Matt
>
> No, we have not hit this issue for a while now. You can close the ticket.
> Thanks for following up.
>
> Just to make sure, we won't hit these issues . . We will upgrade to the
> latest stable version.
Ok. Closing this ticket.
On Thu Nov 27 16:59:36 2014, prav...@viptela.com wrote:
> Thanks Matt. Will keep you posted on 1.
>
> Coming back to the original crash. Here is some update.
>
> Our server started seeing the crash and leaks, after our negative stress
> testing suite added some pmtu testcases. i.e., during 1000s of
On Thu Dec 18 04:54:57 2014, v.badal...@open-bs.ru wrote:
> Thanks! Great!
> 6000 calls. No crashes or leaks only messages like this in
> asterisk
> [2014-12-18 04:59:20] ERROR[31074][C-13d4] res_rtp_asterisk.c:
> DTLS
> failure occurred on RTP instance '0x298c1d68' due to reason 'digest
>
On Mon Dec 15 13:39:43 2014, v.badal...@open-bs.ru wrote:
> Got assert
> d1_both.c(296): OpenSSL internal error, assertion failed: s->init_num ==
> (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH
>
To confirm: you did retain your change to check the return value from
dtls1_output_cert_chain
977d8a9acecc0c153d7a4 Mon Sep 17 00:00:00 2001
From: Matt Caswell
Date: Fri, 12 Dec 2014 15:32:24 +
Subject: [PATCH] DTLS fixes for signed/unsigned issues
Conflicts:
ssl/d1_both.c
---
ssl/d1_both.c | 41 ++---
1 file changed, 30 insertions(+), 11 deletions
On Wed Dec 10 09:18:57 2014, v.badal...@open-bs.ru wrote:
> Looks like need add some check to return code len
I agree. Co-incidentally I already have a very similar fix for the same defect
going through the review process.
Matt
___
openssl-dev mail
On 10/12/14 16:51, The Doctor wrote:
> Now POODLE is hitting TLS
>
> http://www.computerworld.com/article/2857274/security0/poodle-flaw-tls-itbwcw.html
>
> Any fixes in the works?
>
See my response to this yesterday on openssl-users:
https://mta.opensslfoundation.net/pipermail/openssl-users/2014
OCB support has been merged in. Closing my own ticket.
Matt
___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
On 05/12/14 02:10, b_smith...@hotmail.com wrote:
> I apologize if this is not the right place to post this question but it
> seems like the best of the choices available to me. I am trying to
> understand when TLS 1.2 Suite B ECDSA will be generally available. I
> understand that this functionali
On 03/12/14 20:36, Yuriy Kaminskiy wrote:
> ... and same in cherry-picked variants in other branches:
> 05e769f269f28b649d8300a1fc3aaef19901a173 (OpenSSL_1_0_2-stable)
> 4c21e004a3738b70c7d21d6e86ca68b21577d4d0 (OpenSSL_1_0_1-stable)
>
> Appears harmless, though.
Thanks. I'll get this fixed.
On 03/12/14 05:01, Dominyk Tiller wrote:
> Hey guys,
>
> I wanted to query something I saw pop up on the Git earlier:
> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=961d2ddb4b48e0e857a704b0cc6b475d63372419
>
> Does that change imply that right now, without that commit, building
> wi
Sep 17 00:00:00 2001
From: Matt Caswell
Date: Mon, 1 Dec 2014 11:10:38 +
Subject: [PATCH] MTU fixes patch
---
apps/s_client.c| 16 +++-
apps/s_server.c| 18 -
crypto/bio/bio.h | 4 ++
crypto/bio/bss_dgram.c | 46 --
ssl/d1_both.c
On Thu Nov 27 12:54:23 2014, matt wrote:
> crash. I'm guessing some kind of memory corruption going on. Have you
> tried
> running this through valgrind? That would be a useful next step.
Any thoughts on this?
Thanks
Matt
__
Op
On Sun Nov 30 21:17:56 2014, olivier.rouss...@netaxis.be wrote:
> Hello,
>
> I am interfacing openssl with a custom version of pyca/pyopenssl.
>
> When doing cffi compilation (CentOs 6.5) it fails for srtp.h reporting
> an error to the lines using SRTP_PROTECTION_PROFILE.
>
> By adding
> #include
>
On Sun Nov 30 01:34:37 2014, matt wrote:
> On Fri Nov 28 17:40:59 2014, v.badal...@open-bs.ru wrote:
> > Full backtrace
>
> Thanks! That's a big help. I have managed to reproduce this. If when
> querying
> the underlying BIO the MTU size comes back with the ridiculously small
> value of
> 13 then t
On Fri Nov 28 17:40:59 2014, v.badal...@open-bs.ru wrote:
> Full backtrace
Thanks! That's a big help. I have managed to reproduce this. If when querying
the underlying BIO the MTU size comes back with the ridiculously small value of
13 then this problem can occur. Other ridiculously small values c
Quentin,
Please can you resubmit this patch as an attachment rather than inline? Email
has mangled it, and I am unable to review it.
Thanks
Matt
__
OpenSSL Project http://www.openssl.org
Developm
On 28/11/14 06:33, Anup Kumar wrote:
> Hi Team,
>
> Please guide me to be the part of Development group.
Hello Anup,
Thanks for your interest in OpenSSL. I have attempted to answer this
question here:
https://wiki.openssl.org/index.php/Developing_For_OpenSSL
Matt
Thanks for the report. This was fixed some while ago as a result of ticket
3244.
Closing.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@
Insufficient information to recreate. If this is still a problem then please
reopen this ticket.
Closing.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
It is unclear what the issue is here. If you are still having problems then
please send an email to openssl-users.
Closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development M
Not a bug. If there are still issues please direct questions to the
openssl-users list.
Closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed some while ago as part of fixing ticket 3253.
Closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Autom
No further information supplied in response to Kurt's request, so closing this
ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@open
Mike withdrew this ticket so closing.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Closing this ticket as Andy has provided an answer.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Steve has now fixed this.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majo
Thanks for the report. This has now been fixed.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Thanks for the report. I have applied a fix in git...a slightly different
solution to the one proposed in your patch.
Thanks
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Thu Nov 27 16:23:04 2014, prav...@viptela.com wrote:
> *My approach*
>
> global_ssl = SSL_new(ctx);
>
> In Server call back function
>
> ret = DTLSv1_listen(global_ssl, client_addr);
> if ret <= 0 return;
> else socket,
> bind,
> connect (more specific) and
> migrate the global_ssl to this peer
Adding info from Steve on how to do this on one go and reclosing this ticket:
On 25/11/14 16:02, Dr. Stephen Henson wrote:
> I'm curious: I've not seen the private key version before, where is it used?
>
> You can actually perform the encode and digest operation all in one go using
> the ASN1_item
Patch applied.
Many thanks,
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager m
On Tue Nov 25 09:38:33 2014, shre...@viptela.com wrote:
> Version : 1.0.1j
> Platform : mips64
>
> The client is trying to reach a server that does not exist. And we are
> trying to free the ssl peer. It has probably tried a retransmission after 1
> second and SSL_connect returned ERR_WANT. Any hel
Resend this time including r...@openssl.org...sorry for the noise on
openssl-dev...
On 27/11/14 02:54, Praveen Kariyanahalli via RT wrote:
>> The purpose of DTLSv1_listen is to listen for incoming datagrams from
>> anyone. If it receives a ClientHello without a cookie it immediately
>> responds wi
On 27/11/14 02:54, Praveen Kariyanahalli via RT wrote:
>> The purpose of DTLSv1_listen is to listen for incoming datagrams from
>> anyone. If it receives a ClientHello without a cookie it immediately
>> responds with a HelloVerifyRequest containing a cookie. The client is
>> expected to respond w
On 25/11/14 23:20, Praveen Kariyanahalli wrote:
> Hi Matt
>
> Trying out your patch. Will keep you posted. In meanwhile we ran into
> more valgrind issues .. on the server end. Can you please comment on them?
>
> ==621== 8,680 (1,488 direct, 7,192 indirect) bytes in 62 blocks are
> definitely l
On 25/11/14 23:20, Praveen Kariyanahalli wrote:
> Hi Matt
>
> Trying out your patch. Will keep you posted. In meanwhile we ran into
> more valgrind issues .. on the server end. Can you please comment on them?
>
> ==621== 8,680 (1,488 direct, 7,192 indirect) bytes in 62 blocks are
> definitely l
Dmitry has reported that this has been fixed by this commit:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8a35dbb6d89a16d792b79b157b3e89443639ec94
Closing this ticket
Matt
__
OpenSSL Project
On 26/11/14 18:06, Dmitry Sobinov via RT wrote:
> Hi,
>
> Matt, looks like your last commit fixed the memory leak from PR#3572. I've
> tested with valgrind with the test application and no more leaks reported.
> Thanks!
Thanks for letting us know Dmitry - I will close that ticket.
Matt
_
Thanks for the report. This has now been fixed.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
OP reports this now working. Closing ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Thanks for your submission. However Steve Henson has already commited a similar
patch, therefore closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
OpenSSL is currently not supported under Cygwin64.
There is a port:
http://sourceforge.net/p/cygwin-ports/cygwin64-openssl/ci/master/tree/1.0.1-cygwin64.patch
You may wish to submit this defect there.
Closing this ticket.
Matt
___
On Thu Nov 20 21:35:45 2014, phil...@redfish-solutions.com wrote:
> Can the following function please be added:
>
> int RSA_public_digest(const RSA* key, const EVP_MD *type, unsigned
> char *md, unsigned int *len);
>
> which would use “type” to generate a digest over the DER encoding of
> the publi
track down why its not being correctly set. If you get another
crash with this patch applied, then please capture the core and let me know
what you find out.
Thanks
Matt
>From 90e37eb304a697e37ebd857ea5456435fa236bc9 Mon Sep 17 00:00:00 2001
From: Matt Caswell
Date: Tue, 25 Nov 2014 13:36:00
On Sat Nov 22 13:19:13 2014, v.badal...@open-bs.ru wrote:
> Find this:
> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=987158
> http://openssl.6102.n7.nabble.com/AES-cbc-encrypt-amp-aesni-cbc-
> encrypt-length-parameter-td52370.html
> http://www.hardening-consulting.com/en/posts/20140
On Sun Nov 23 19:09:46 2014, prav...@viptela.com wrote:
> This happens when the server is unreachable. The client when it is trying
> to resend the client_hello is barfing on fragment->frag value. Is this
> known issue ? Let me know if you need any more info.
>
> Not consistently reproducible. Plea
On 24/11/14 13:45, Philip Bellino wrote:
> Yes I am.
> I have seen in other posting about using EVP instead, but I am a bit unclear
> on how to get there from here.
> Thanks.
Some sample code here:
https://wiki.openssl.org/index.php/EVP_Message_Digests
Matt
__
As per Hubert's note, either usage seems correct to me.
Closing this ticket.
Matt
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1
mQENBFGALsIBCADBkh6zfxbewW2KJjaMaishSrpxuiVaUyvWgpe6Moae7JNCW8ay
hJbwAtsQ69SGA4gUkyrR6PBvDMVYEiYqZwXB/3IErStESjcu+gkbmsa0XcwHpkE3
iN7I8aU66yMt710nGEmcrR5E4u4N
On Mon Nov 24 09:40:37 2014, aliosa.janko...@gmail.com wrote:
> The connection to www.vehicleenquiry.service.gov.uk fails with openssl
> 1.0.1j even if it works well in IE and Google Chrome. This is actually a
> regression because it works well even in openssl 1.0.0o version. I
> discovered the iss
On 18/11/14 17:22, Indtiny S wrote:
> Hi,
> Sorry,, I am bit new to ECC , I Need to just prove the below thing
>
> Ca.Sa.G) = Sa.Ca.G) .
>
> * Client *:- private = Ca , public= Ca,G and *Server*:- private=Sa, pub
> = Sa.G
>
> When I read ECC tutorial, its defined that public key = Q (where Q=
On 18/11/14 17:04, Indtiny S wrote:
> Hi,
> Thanks for the reply .
>
> Now below code is working fine. But is there any straight way get the
> public key also?
>
> void handleErrors(void){
>
> printf("\n Error ");
> }
>
>
> void myPrint( BIGNUM * x, char * t ) {
>char * s = BN_bn2dec( x
On 18/11/14 16:25, Indtiny S wrote:
> Dear All,
>
> I have written below code to generate a ECC based private and public key .
>
> But I am missing logic , my keys are not generated .
>
> My goal is to generate , Client :- private = Ca , public= Ca,G and
> Server:- private=Sa, pub = Sa.G
>
>
Unfortunately I don't think it is as simple as that. If I understand the
previous change correctly, Emilia has deliberately removed the error message as
part of work to protect against timing attacks. The very act of adding an error
to the error queue could introduce a measurable timing difference
On 13/11/14 16:15, Indtiny S wrote:
> Hi,
> I need to write code which can generate ECC based public key and private
> key using openssl ..
> can somebody suggest what apis I should use to generate the keys using
> C/C++ ...
See:
https://wiki.openssl.org/index.php/EVP_Key_and_Parameter_Generat
On Thu Nov 13 01:15:10 2014, esado...@eniks.com wrote:
> Matt,
>
> It is not just my problem. Google that error and you will find plenty
> of other
> people having this issue as far back as 5 years ego. I already have
> solution
> in place and I do not require any fixing but all the people on Windo
On Thu Nov 06 10:38:23 2014, v.badal...@open-bs.ru wrote:
> HI all
>
> CentOS x86_64 release 6.6 (Final)
>
> OpenSSL> version
> OpenSSL 1.0.1e-fips 11 Feb 2013
>
> # rpm -qa | grep openssl
> openssl-devel-1.0.1e-30.el6_6.2.x86_64
> openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64
> openssl-1.0.1e-30.el6_
I think this is more of a problem with your git config than with OpenSSL.
>From an OpenSSL git repo on Windows try this:
git config core.autocrlf false
git config core.eol lf
git checkout .
Matt
__
OpenSSL Project
Many thanks. Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5211e094dec9486a540ac480f345df1a8d2b2862
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Many thanks for the report and patch. Applied here:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ae64fb528ecc1bc0452842c5217e5989df1177ad
Matt
__
OpenSSL Project http://www.openssl.org
Many thanks for the report.
Fixed in this commit:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e04d426bf98ebb22abf0f15b6f09d333a6e8b2ad
Matt
__
OpenSSL Project http://www.openssl.org
D
We have no plans to change this.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager maj
That link just asks me to log in?
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager ma
On 10/11/14 12:38, Kurt Roeckx wrote:
> I would also like to get rid of SSL_OP_NO_SSLv2 and instead have a
> way to specify the minimum and maximum supported version by those
> methods, because that's really what people want to do as far as I
> know.
The default should assume the maximum support
On 05/11/14 13:16, Philip Bellino wrote:
> Matt,
> Thank you very much for the response.
>
> I am under image size constraints with my application, so would it be
> possible for you to show me how me to change the 1.0.1j code to rebuild
> heartbeat as it was in 1.0.1h for use in my Linux envir
On 04/11/14 13:18, Philip Bellino wrote:
> In openssl-1.0.1h, we were able to build/execute the heartbeat_test as is.
>
> In Openssl-1.0.1j, we are now required to add a Configure option
> “enable-unit-test” to use the heartbeat_test.
>
> Also, the heartbeat_test executable in 1.0.1h was abou
On 20/10/14 20:30, Andrew Felsher (afelsher) wrote:
> I’m guessing this patch (or part of it) was incorporated into 1.0.1j,
> because this error, and the causal code, showed up after we synced to
> 1.0.1j. The problem is that both SSL_R_INAPPROPRIATE_FALLBACK (added in
> this patch) and SSL_R_RFC
On 17 October 2014 04:44, Alex Weber wrote:
> Not much else to say about this. :)
Hi Alex
Please can you submit patches to "r...@openssl.org"? They automatically
get copied to this list too. That way we can track them properly.
Patches sent directly to this list will have a tendency to be
lost/f
On 17/10/14 06:15, wr...@rowe-clan.net wrote:
> How did C 'inline' become a mandatory feature, particularly as a
> security release?
It isn't - there is no change in policy here, just a known issue with
the release. "inline" is (supposed to be) used only if the compiler
supports it. See:
http://ma
On 15/10/14 14:43, nicolas@free.fr wrote:
> Hi,
>
> there's a workaround here :
> https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
>
> it aims to forbid protocol downgrade, except for interoperability
> however I don't know when draft will be accepted and included to
> TLS prot
Patch applied to master, 1.0.2, 1.0.1 and 1.0.0:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e0fdea3e49e7454aa76bd5ecf3a3747641354c68
Many thanks for the contribution
Matt
__
OpenSSL Project
On 24 September 2014 10:03, Michael Menge <
michael.me...@zdv.uni-tuebingen.de> wrote:
> Hi,
>
> Last week i asked on openssl-user Mailinglist about an SIGSEGV
> in Cyrus-Imapd 2.4.17 which seems to be received in ssl3_get_message
> or a function called by ssl3_get_message, but received no reply.
701 - 800 of 981 matches
Mail list logo