On 18/10/2014 3:07 AM, Arthur Ramsey wrote:
Hello,
I want to disable SSLv3 for a tomcat / tcnative deployment on
Windows. Tomcat lacks the ability to disable SSLv3 while retaining
TLSv1.1 and TLSv1.2, so I'm attempting to disable SSLv3 at build time
with no-ssl3. This was successful on
On 5/07/2014 9:12 AM, Kurt Roeckx wrote:
On Sat, Jul 05, 2014 at 08:13:04AM -0400, Eric Covener wrote:
On Sat, Jul 5, 2014 at 7:37 AM, Kurt Roeckx k...@roeckx.be wrote:
Does anybody have an idea why it's trying to do that, and why we
shouldn't just do SO_REUSEADDR the first time? Was there
On 5/07/2014 2:14 PM, Kurt Roeckx wrote:
On Sat, Jul 05, 2014 at 12:45:37PM -0400, Tim Hudson wrote:
If you have SO_REUSEADDR set and a listener already in place you will
start a new listener
No you won't. You will get a bind() error:
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
On 5/07/2014 1:06 PM, hmbrand via RT wrote:
I think it is highly thinkable that the dev-team does not have access to
proprietary OS's like HP-UX or AIX. Personally I give a shit about AIX,
but I value HP-UX a lot and I might be the only one left still releasing
software-depots (what HP uses
Some google engineering (search) will show the the variety of
confusion that this causes in cross-platform code.
Start here for some interesting reading -
http://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t
You will find
I am closing this item as it is not actually a defect (although we do
appreciate getting rapid feedback on the roadmap).
The discussion in terms of platform strategy should continue on the openssl-dev
mailing list as we work through tackling platform related issues.
Separately I'm looking
Closing this item - see #3434 which is an overlapping (and more detailed
replacement).
Further discussions on AES wrapping should be added into that ticket and/or
continue on openssl-dev.
Thanks,
Tim.
__
OpenSSL Project
On 30/06/2014 10:23 PM, Salz, Rich wrote:
Feel free to re-open :)
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-
d...@openssl.org] On Behalf
On 8/06/2014 11:40 AM, Kurt Roeckx via RT wrote:
On Sun, Jun 08, 2014 at 12:01:28AM +0200, Tim Hudson via RT wrote:
Already fixed in the 1.0.1 stable branch so it is already included in
1.0.1h onwards and 1.0.1m is the current recommended version.
[...]
Can you re-run parfait against
On 7/06/2014 4:02 AM, Dr. Stephen Henson wrote:
On Fri, Jun 06, 2014, Mike Bland wrote:
__func__ is defined in C99. What version of the SGI C compiler are you
using? According to the following, as of version 7.4, the -c99 flag
should enable this to compile:
On 7/06/2014 7:10 PM, Jenny Yung via RT wrote:
Hello,
We ran parfait on OpenSSL and found the following errors in openssl-1.0.1g:
1. Error: Uninitialised memory (CWE 456)
Possible access to uninitialised memory 'num'
at line 267 of
On 24/05/2014 11:06 PM, Krzysztof Kwiatkowski via RT wrote:
Hello,
This patch implements request for ticket 2578. I've also created pull
request in github that you can find here:
https://github.com/openssl/openssl/pull/108
Why is there a crypto/objects/obj_xref.h change mixed in with this
Re-opening item.
See https://rt.openssl.org/Ticket/Display.html?id=3345
This patch introduced an uninitialised read.
A num=0 initialisation is required prior to the for loop.
__
OpenSSL Project
On Tue May 06 05:13:42 2014, arthurm...@gmail.com wrote:
Coverity run has uncovered the following use of uninitialized local
variable in b64_read(). This applies to both 1.0.1g and master branch:
See https://rt.openssl.org/Ticket/Display.html?id=3289 which is the patch which
introduced this
On 6/05/2014 1:13 PM, Arthur Mesh via RT wrote:
Coverity run has uncovered the following use of uninitialized local
variable in b64_read(). This applies to both 1.0.1g and master branch:
Arthur - what version of the coverity analysis tools are you running?
I don't see this in the current
On 5/05/2014 6:04 PM, Marcus Meissner wrote:
On Mon, May 05, 2014 at 02:00:32AM +0200, Tim Hudson via RT wrote:
966577 Resource leak
The system resource will not be reclaimed and reused, reducing the future
availability of the resource.
In init_client_ip: Leak
coverity issues 966593-966596
966593 Uninitialized scalar variable The variable will contain an arbitrary
value left from earlier computations. In SRP_create_verifier: Use of an
uninitialized variable
__
OpenSSL Project
966597 Uninitialized scalar variable
The variable will contain an arbitrary value left from earlier computations.
In d2i_SSL_SESSION: Use of an uninitialized variable
__
OpenSSL Project
966577 Resource leak
The system resource will not be reclaimed and reused, reducing the future
availability of the resource.
In init_client_ip: Leak of memory or pointers to system resources
__
OpenSSL
On 2/05/2014 11:49 PM, Salz, Rich wrote:
Steve, have you considered trimming the DEFAULT cipher list?
It's currently...
#define SSL_DEFAULT_CIPHER_LIST ALL:!aNULL:!eNULL:!SSLv2
I wonder how many of these ciphers are actually ever negotiated in
real-world use.
I'm forwarding a bit of
The two echo commands are different values (being different actual echo
programs) and hence have different digests.
As a user:
macbuild:~ tjh$ echo -n 12345 | od -x 000 3231 3433 0035 005
As root:
echo -n 12345 | od -x 000 6e2d 3120 3332 3534 000a 011
The root echo is one
On Fri May 03 19:05:13 2013, burton.sm...@williams.com wrote:
Thanks, but after playing with this puzzle for a while I combined the
configuration options that were supposed to correct it individually.
It worked.
Closed as resolved.
On Tue Mar 04 16:03:58 2014, dominik.stras...@onespin-solutions.com wrote:
Hi all,
the top level Makefile has a small with quoting when CC has an argument.
The attached mini-patch fixes the problem
Closing item s resolved as SteveH checked in a fix for this in master, 1.0.1
stable and 1.0.2
Note: PR#3274 is a duplicate of this issue just closed.
Closing this item too as resolved as SteveH checked in a fix for this in
master, 1.0.1 stable and 1.0.2 stable after the issue was reported.
https://github.com/openssl/openssl/commit/24e20db4aa18ff8a6f67ae7faf80cf2b99f8b74a
On Wed Apr 02 19:22:14 2014, e...@pobox.com wrote:
Fixing one of my own bugs, there since SSLeay days I belive :-)
Closing item as resolved.
SteveH committed the fix across all branches ...
https://github.com/openssl/openssl/commit/10378fb5f4c67270b800e8f7c600cd0548874811
On Wed Apr 16 14:25:34 2014, s...@pdflib.com wrote:
Am 15.04.14 20:00, schrieb Stephen Henson via RT:
I've just added a fix (and to two other cases in the same file). Let
me know of any problems.
Closed as resolved.
SteveH committed changes across all branches.
On Mon Feb 03 15:16:14 2014, steve wrote:
...
I've just committed a fix. Let me know of any problems.
Closed as resolved.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Leaving issue open.
Note: SteveH checked in a partial fix adding in a getter function -
SSL_CTX_get_ssl_method
https://github.com/openssl/openssl/commit/ba168244a14bbd056e502d7daa04cae4aabe9d0d
Tim.
__
OpenSSL Project
On Tue Jan 07 09:26:25 2014, rainer.j...@kippdata.de wrote:
File test/testssl in branches 0.9.8 and 1.0.0 contains the line
if [ $protocol == SSLv3 ] ; then
Closed as resolved.
SteveH committed fixes.
https://github.com/openssl/openssl/commit/080ae6843299c873808c04487d4ccf51624fe618
Tim
Marking issue as resolved.
SteveH checked in fixes.
https://github.com/openssl/openssl/commit/2911575c6e790541e495927a60121d7546a66962
Tim.
__
OpenSSL Project http://www.openssl.org
Development
Closed as resolved.
SteveH committed fix.
https://github.com/openssl/openssl/commit/44314cf64d1e51c7493799e77b14ae4e94a4c8cf
Tim.
__
OpenSSL Project http://www.openssl.org
Development Mailing
Closed as resolved.
SteveH committed patch.
https://github.com/openssl/openssl/commit/c8919dde09d56f03615a52031964bc9a77b26e90
Tim.
__
OpenSSL Project http://www.openssl.org
Development Mailing
Closed item as resolved.
SteveH committed patch.
https://github.com/openssl/openssl/commit/ed77017b594754240013c378b4f7c10440c94d7a
Tim.
__
OpenSSL Project http://www.openssl.org
Development
On Fri Jun 07 20:12:54 2013, fr...@baggins.org wrote:
This patch is the first submission of what is planned to be a regular
series of patches. It represents the collected updates made to the pod
documentation published on the openssl wiki:
Closed as resolved. Patch was committed.
Tim
On Mon Jun 06 17:23:48 2011, tm...@redhat.com wrote:
There is code error in s3_srvr.c function ssl3_get_cert_verify().
The bug was found by Coverity scan.
Closing as resolved.
Andy committed fix across all branches.
Closing item as resolved.
SteveH committed patches across all branches.
Tim
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
On Tue Jun 04 17:53:41 2013, rob.stradl...@comodo.com wrote:
The Safari browser on OSX versions 10.8 to 10.8.3 advertises support for
several ECDHE-ECDSA ciphers but fails to negotiate them.
Closing as resolved.
Ben committed fixes across all branches.
Closing item as resolved.
Tim.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
On 26/04/2014 11:04 PM, Kurt Roeckx via RT wrote:
Libressl has a patch for this at:
http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=cb8b51bf2f6517fe96ab0d20c4d9bba2eef1b67c
I believe that patch is not really the correct fix.
My understanding is that tot is what is
On 26/04/2014 11:04 PM, Kurt Roeckx via RT wrote:
Libressl has a patch for this at:
http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=cb8b51bf2f6517fe96ab0d20c4d9bba2eef1b67c
I believe that patch is not really the correct fix.
My understanding is that tot is what is
Gregory BELLIER wrote:
I added a cipher in OpenSSL and NSS. I would like to send an email with
SMTPs from a modified Thunderbird (because of NSS) to a postfix.
The TLS negociation is between NSS and OpenSSL.
[snip]
Do you have any hint in what could be wrong?
Use the -state -debug flags for
I kicked off some builds last night as I was curious as to the answer to
the question - 0.9.8d fails in make test, 0.9.8k passes in make test.
The 1.0.0 beta 3 fails with the SHA1 asm code and in the AES asm code.
I haven't had a chance to look into this in any detail - just noting that the
Peter Volkov wrote:
CC'ing openssl developers for their opinions, since I think this
behavior better to have consistent or configurable. Description of the
problem is here:
Placing this in context - connect with internet explorer or firefox to
https://metasploit.com/ and you will see that
William Estrada wrote:
i2d_RSAPublicKey( RSA, NULL ) is to be used to get the size of an RSA
structure.
Yes it can and it does. It returns the value for the *public* key - the rest of
your code is looking at the *private* key.
Change the line:
Len = i2d_RSAPublicKey( My_RSA, NULL );
To
The Doctor wrote:
That being said, how do you get openssl to compile with FIPS
and be backwards compatable at the same time?
That is what the FIPS mode is for - the library built supports all algorithms
and when in FIPS mode it disables the use of non-approved algorithms.
A single
Paul Bouché wrote:
I would like to know what the bit length of the public and private keys
for the test executed with openssl speed rsa
The keys are 512bit, 1024bit, 2048bit, 4096bit as stated in the output from the
program.
The actual keys are in the header file testrsa.h in the apps
Brad Smith via RT wrote:
We are running on SLES 10 SP2. Some of our processes need to enable and
disable FIPS multiple times within its execution. The following code worked on
openssl-fips-1.1.1 but appears to be broken in 1.1.2:
// this works
int rc = FIPS_mode_set( 1 );
// and this
Trent Nelson wrote:
Hi,
I tried to build 0.9.8g with Visual Studio 2008 x64 vi 'perl Configure
VC-WIN64A'. The resulting nt.mak and ntdll.mak files had 'bufferoverflowU.lib'
added to LFLAGS, courtesy of a few lines in util/pl/VC-32.pl that look like
this:
$ex_libs.='
biswatosh chakraborty wrote:
Hi Gurus,
My application server crashes giving the following core dump. It goes
for ssl negotiation ( using openssl) and dumps core on solaris8. Any clues please?
That stack trace back tends to indicate a threaded application.
The following FAQ and document
There are a few UMRs and one FIU in the current OpenSSL-0.9.8g code base.
The attached patch fixes this with minimal code changes.
A better solution would be to use a BN_init call on each of the local BN
variables being used which would be a trivial adaptation of this patch.
Without this patch
50 matches
Mail list logo