On Friday, 2002-09-20 at 09:18:44 +0200, Bjarne Østby wrote: > /home/bjarne# ./ssl-test xxx.xxx.xxx.31 > xxx.xxx.xxx.31 443 PATCHED: detects small overflow, but crashes (0.9.6e)
> I checked the apache prosess on the server after I ran the test. It had not > crashed. > Is it only the child prosess that terminates? It is the connection that crashes, i.e. is not properly shut down with the SSL protocol. 0.9.6g does that. > According to the the makers of openssl-sslv2-master the version returned > is guessed from how the server responds to the probe. Does this mean > that 0.9.6c-2.woody.1 -> 0.9.6e? 0.9.6c-2.woody.1 behaves like 0.9.6e in this by terminating the connection hard instead of sending an error message. > On a side note. > I wonder about curl-ssl and libssl09. Are they made redundant by libssl0.9.6? For libssl09, I found no packages in sarge that depend on it. And curl-ssl's Description in sarge says: Description: Pseudopackage for migration from Debian 2.2 (potato). I checked woody, same situation. So unless you are running potato, you can remove both packages. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." |