On 10/07/15 19:34, R C Delgado wrote:
> Hello,
>
> One further question. Can you please confirm that the alternative
> certificate chain feature is enabled by default? It seems to be implied
> in all emails regarding this matter, and I'm assuming the Advisory email
> would have mentioned it othe
> During certificate verification, OpenSSL (starting from version 1.0.1n and
> 1.0.2b) will attempt to find an alternative certificate chain if the first
> attempt to build such a chain fails. An error in the implementation of this
> logic can mean that an attacker could cause certain checks on unt
Hello,
One further question. Can you please confirm that the alternative
certificate chain feature is enabled by default? It seems to be implied in
all emails regarding this matter, and I'm assuming the Advisory email would
have mentioned it otherwise.
I've searched the OpenSSL code and seen that
> Is it planned to tackle the warnings, for example by checking the involved
> code lines and (carefully) replace them by explicit casting to achieve clean
> compiles when using stricter warnings?
Yes.
Timetable TBD.
___
openssl-users mailing list
To un
Hello,
I just compiled with openssl-1.0.2c with "-Wextra -Wconversion
-Wno-unused-parameter" and a got many (1251) -Wconversion-related
warnings. I checked few source code lines but haven't found something
mentionable. Still -Wconversion-warnings can be an indicator of conversion
bugs, which could
Hi,
I apologize if this is the wrong place for this email - it seemed to be the
most suitable of the mailing lists.
I wanted to suggest that when notifying of new vulnerabilities, in addition to
the severity level, information is also provided about how widespread the issue
is expected to be.
Hello.
OpenSSL already multiple operations like ECDSA_METHOD_set_sign or
ECDSA_METHOD_set_sign_setup that facilitate the work of creating Engines
for ECDSA operations.
Could you provide a way to do the same thing with ECDH ? Or at least,
providing the definition of ecdh_method in public headers,
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich
> Sent: Thursday, July 09, 2015 15:29
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Old "RSA_NET" key format
>
> > Because both methods confirm your prior decisions, you therefore
> conclude
Thank you very much. It really helps.
On Fri, Jul 10, 2015 at 2:32 PM, Matt Caswell wrote:
>
>
> On 10/07/15 13:09, R C Delgado wrote:
> > Hello,
> >
> > With regards to CVE-2015-1793, I've seen the example in
> verify_extra_test.c.
> > How deep does the certificate chain have to be?
> > If I ha
On 07/10/2015 09:32 AM, Matt Caswell wrote:
On 10/07/15 13:09, R C Delgado wrote:
Hello,
With regards to CVE-2015-1793, I've seen the example in verify_extra_test.c.
How deep does the certificate chain have to be?
If I have 2 self-signed CA certificates, and a non-CA certificate is
received fo
On 10/07/15 13:09, R C Delgado wrote:
> Hello,
>
> With regards to CVE-2015-1793, I've seen the example in verify_extra_test.c.
> How deep does the certificate chain have to be?
> If I have 2 self-signed CA certificates, and a non-CA certificate is
> received for verification, will this hit the
>How deep does the certificate chain have to be?
It does not matter.
>If I have 2 self-signed CA certificates, and a non-CA certificate is received
>for verification, will this hit the problem?
>Also, is it a condition of the bug that both CA certificates have to have the
>same subject names an
Hello,
With regards to CVE-2015-1793, I've seen the example in verify_extra_test.c.
How deep does the certificate chain have to be?
If I have 2 self-signed CA certificates, and a non-CA certificate is
received for verification, will this hit the problem?
Also, is it a condition of the bug that bo
Hi,
I have been trying to transfer SSL connections (that are in accept state
with handshake completed and some data already sent/received prior to the
transfer) from one process to another so that it would allow me to
seamlessly receive and send over the SSL connection (from an SSL Client)
once it
14 matches
Mail list logo