Attention: The .asc file I downloaded directly from openssl.org for the
1.0.1g tarball was signed with a key NOT authorized by the
fingerprints.txt file distributed in previous tarballs, nor by the
(unverifiable) fingerprints.txt available from
http://www.openssl.org/docs/misc/
Specifically, it was signed by a PGP key purporting to belong to Dr.
Henson, but with a different identifier and a different e-mail address
than the authorized key listed for him in fingerprints.txt.
I suspect this is just a mixup at your end, but one cannot feel too
sure without a valid file signature consistent with the securely
distributed signature list.
For now, I will have to avoid installing this critical security update
and try the workaround instead.
On 4/7/2014 7:38 PM, OpenSSL wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
OpenSSL version 1.0.1g released
===============================
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.1g of our open source toolkit for SSL/TLS. For details
of changes and known issues see the release notes at:
http://www.openssl.org/news/openssl-1.0.1-notes.html
OpenSSL 1.0.1g is available for download via HTTP and FTP from the
following master locations (you can find the various FTP mirrors under
http://www.openssl.org/source/mirror.html):
* http://www.openssl.org/source/
* ftp://ftp.openssl.org/source/
The distribution file name is:
o openssl-1.0.1g.tar.gz
Size: 4509047
MD5 checksum: de62b43dfcd858e66a74bee1c834e959
SHA1 checksum: b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c
The checksums were calculated using the following commands:
openssl md5 openssl-1.0.1g.tar.gz
openssl sha1 openssl-1.0.1g.tar.gz
Yours,
The OpenSSL Project Team.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJTQtiiAAoJENNXdQf6QOniC/EQALRkau9Gx+qzyp1nx1FDTJI1
ox93n7SKC3QIjX4veVuFjpaPymNQXVRM8IbgET5tE4GPT5w+PrscpyGSJJr8yvWN
TKy48JSKl13GVMODnEC6nEffsS/sci5o2PHXhDYa7aC+xRF6UUSMa8tqXnhGJP7e
uv7a1tYjtgE8Ix9tdoK32UkPOM0Z1qr11lPFDdG0GrIs+mbjPirdKSgvQm22w4IU
jyn5AmmReA6ZnIpffOHGQY5OgpGTg4yg+aaFKenisOfIL80raNZlVuWrzDkTUS9k
+gikqtBRg1pFMd1UGpl0S7sIXZNm01yv4K4aO3a9aykXqPQLOc8WmvfDgf99+8HR
zUrowh7Xf1CvHsgIs4s0XaggZdXhkXpMpSWdWpVh7ZVm/TPInoPWwyj8Zp/TL8XF
N/GrNHRLuWvSgCuyA7qhkee33FmtCblnYTHSLyGQrVpfq/cVEzvpznsZnObjFG+/
4Gss0qUVQZ0LJUUKZHx5cGvHliXYEeZQaBz/VLJ7J8fvy6Fsp0vKFjbrobG6srB6
pa6NYQKjHhobx+eEW380j3r60iBiz1GjdMSOdLvnSOA9dOcWmXFxl5GLcASnM+F0
kGtZBjLXsaImnp749V50sme+bNgQ/ErUvikTLXefk0rtUnfjCmJec44Kn5Gh7J1k
iI/CjhJrI2B83C48m2kE
=lxo1
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Announcement Mailing List openssl-annou...@openssl.org
Automated List Manager majord...@openssl.org
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org