Re: [Openvpn-devel] build against openssl 1.1.0

hel-abi-compatibility 3 - https://access.redhat.com/security/updates/backporting 4 - https://access.redhat.com/support/policy/updates/errata -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republi

Re: [Openvpn-devel] fuzz testing by google ?

security critical bits" It still results in a denial of service. Yes, far less severe than private key leak or remote code execution, but a severe vulnerability none the less. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r

[Openvpn-devel] [PATCH 1/2] ocsp_check - signature verification and cert staus results are separate

routines:OCSP_basic_verify:signer certificate not found:ocsp_vfy.c:85: ca/cert.pem: good This Update: Sep 23 12:12:28 2014 GMT will be accepted as being trustworthy. Note that "Response verify OK" is printed on stderr, so it can't be discarded. Signed-off-by: Hubert Kario <hka...@redhat.com&

[Openvpn-devel] [PATCH 2/2] ocsp_check - double check if ocsp didn't report any errors in execution

in case the reposnses are too old, ocsp tool can return text like this: Response verify OK ca/cert.pem: WARNING: Status times invalid. 139990703290240:error:2707307D:OCSP routines:OCSP_check_validity:status expired:ocsp_cl.c:358: good This Update: Sep 21 12:12:48 2014 GMT Next

[Openvpn-devel] OCSP_check.sh fixup

://github.com/OpenVPN/openvpn/pull/17 -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hka...@redhat.com Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic