[openssl-dev] [openssl.org #3915] BUG/PATCH: ssl_sess.c no longer compiles when no-tlsext is specified

>From ticket 2720, it seems the official position is that "no-tlsext" is NOT >supported. However, for those who still try to use it, the recent fixes for >CVE-2015-1791 seem to have introduced more problems for the 0.9.8 code base >(and maybe others - not sure). This report can be added to RT#

[openssl.org #3365] Wrong parameter types in SSL_set_msg_callback[_arg] man page

SSL_CTX_set_msg_callback.pod lists the first parameter to the SSL_set_msg_callback[_arg] functions as type "SSL_CTX *" when they are, in fact, "SSL *". Geoff - Geoff Lowe Principal Engineer McAfee, Inc. __ OpenSSL Project

[openssl.org #3037] [PATCH] so 1.0.1e will build with "no-tlsext" option specified

These patches primarily move around a few #ifdefs so that 1.0.1e will compile when the "no-tlsext" option is specified. Note that when "no-tlsext" is specified, "no-srtp" is forced now too in addition to "no-srp" and "no-heartbeats". I'm not 100% confident in these changes, so I'd appreciate so

[openssl.org #3013] Sending SCSV when TLS extensions are disabled

Don't send SCSV if TLS extensions are disabled. Applies to 1.0.1e also. Also see Ticket #2788. (I did not investigate item #2 in that Ticket though.) system:lowe/FIXED/openssl-0.9.8y/ssl 28% diff -p ~/working/openssl-0.9.8y/ssl/ssl_lib.c ./ssl_lib.c *** /home/lowe/working/openssl-0.9.8y/ssl/s

[openssl.org #2999] Incomplete fix to remove SSL3_RECORD->orig_len

On 0.9.8 branch: ssl/t1_enc.c tls1_mac() approximately line 771: #ifdef OPENSSL_FIPS if (!send && FIPS_mode()) tls_fips_digest_extra( ssl->enc_read_ctx, hash,