Hey guys,
1.0.2-stable and master are currently broken when building with
-DOPENSSL_NO_SRTP.
Attached patches fix that.
Best regards,
Piotr Sikora
OpenSSL_1_0_2__Fix-build-with-DOPENSSL_NO_SRTP.patch
Description: Binary data
OpenSSL_master__Fix-build-with-DOPENSSL_NO_SRTP.patch
Description:
Advance to the next state variant when reusing messages.
Previously, state variant was not advanced, which resulted in state
being stuck in the st1 variant (usually "_A").
This broke certificate callback retry logic when accepting connections
that were using SSLv2 ClientHello (hence reusing the m
Hey Andy,
> Some kind of deja vu here. I remember I was looking at this and drew
> some conclusion... I think it was addressed and commit
> b77b58a398c8b9b4113f3fb6b48e162a3b8d4527 actually mentions this ticket.
> Can you confirm?
Yes, it's been fixed by this commit.
Best regards,
Piotr Sikora
Hello,
after moving from OpenSSL-1.0.1e to OpenSSL-1.0.2-5ff68e8 our nginx
instances started crashing (very rarely, but still...) with backtraces
pointing to either "sha1_block_data_order_avx" or
"sha1_block_data_order_ssse3", depending on machine. This is happening
when nginx is acting as a client
Hey guys,
could you please look into it? Right now, this is show-stopper for
adding ALPN support for nginx.
Attached patches against current master and OpenSSL_1_0_2-stable branch.
Best regards,
Piotr Sikora
Fix-compilation-with-no-nextprotoneg-master.patch
Description: Binary data
Fix-compi
Hey Steve,
>> While it cannot be enabled via ./config options,
>
> Why not? The standard way to include such options is via config or Configure
> and some platforms (e.g. Windows) require this.
Actually, it turns out that I was wrong, so please ignore that part.
For the reference:
What I meant i
Hello,
attached patch fixes build with OPENSSL_NO_NEXTPROTONEG.
While it cannot be enabled via ./config options, compiling OpenSSL
with this define turned out to be extremely useful while adding ALPN
support to 3rd-party software (i.e. to make sure that nothing in the
added ALPN support relies on
Hello,
it looks that the RSAZ assembly broke build on OSX.
clang:
/opt/local/bin/perl5 asm/rsaz-x86_64.pl macosx > rsaz-x86_64.s
clang -c -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include
-DDSO_DLFCN -DHAVE_DLFCN_H -g -arch x86_64 -O3 -DL_ENDIAN -Wall
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_
Hello,
attached patch fixes the issue with dropped support for EC cipher
suites in software that uses SSL_OP_SINGLE_ECDH_USE after upgrading to
OpenSSL-1.0.2+.
As far as I can tell, the public key isn't necessary to set TLS EC
curve_id and removing this requirement is safe.
Best regards,
Piotr Si
