On Apr 9, 2014 7:30 PM, "Jakob Bohm" <jb-open...@wisemo.com> wrote: > > Attention: The .asc file I downloaded directly from openssl.org for the 1.0.1g tarball was signed with a key NOT authorized by the fingerprints.txt file distributed in previous tarballs, nor by the (unverifiable) fingerprints.txt available from > > http://www.openssl.org/docs/misc/ > > Specifically, it was signed by a PGP key purporting to belong to Dr. Henson, but with a different identifier and a different e-mail address > than the authorized key listed for him in fingerprints.txt. > > I suspect this is just a mixup at your end, but one cannot feel too > sure without a valid file signature consistent with the securely distributed signature list. > > For now, I will have to avoid installing this critical security update > and try the workaround instead.
Not great timing. Dustin > > On 4/7/2014 7:38 PM, OpenSSL wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> >> OpenSSL version 1.0.1g released >> =============================== >> >> OpenSSL - The Open Source toolkit for SSL/TLS >> http://www.openssl.org/ >> >> The OpenSSL project team is pleased to announce the release of >> version 1.0.1g of our open source toolkit for SSL/TLS. For details >> of changes and known issues see the release notes at: >> >> http://www.openssl.org/news/openssl-1.0.1-notes.html >> >> OpenSSL 1.0.1g is available for download via HTTP and FTP from the >> following master locations (you can find the various FTP mirrors under >> http://www.openssl.org/source/mirror.html): >> >> * http://www.openssl.org/source/ >> * ftp://ftp.openssl.org/source/ >> >> The distribution file name is: >> >> o openssl-1.0.1g.tar.gz >> Size: 4509047 >> MD5 checksum: de62b43dfcd858e66a74bee1c834e959 >> SHA1 checksum: b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c >> >> The checksums were calculated using the following commands: >> >> openssl md5 openssl-1.0.1g.tar.gz >> openssl sha1 openssl-1.0.1g.tar.gz >> >> Yours, >> >> The OpenSSL Project Team. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQIcBAEBCAAGBQJTQtiiAAoJENNXdQf6QOniC/EQALRkau9Gx+qzyp1nx1FDTJI1 >> ox93n7SKC3QIjX4veVuFjpaPymNQXVRM8IbgET5tE4GPT5w+PrscpyGSJJr8yvWN >> TKy48JSKl13GVMODnEC6nEffsS/sci5o2PHXhDYa7aC+xRF6UUSMa8tqXnhGJP7e >> uv7a1tYjtgE8Ix9tdoK32UkPOM0Z1qr11lPFDdG0GrIs+mbjPirdKSgvQm22w4IU >> jyn5AmmReA6ZnIpffOHGQY5OgpGTg4yg+aaFKenisOfIL80raNZlVuWrzDkTUS9k >> +gikqtBRg1pFMd1UGpl0S7sIXZNm01yv4K4aO3a9aykXqPQLOc8WmvfDgf99+8HR >> zUrowh7Xf1CvHsgIs4s0XaggZdXhkXpMpSWdWpVh7ZVm/TPInoPWwyj8Zp/TL8XF >> N/GrNHRLuWvSgCuyA7qhkee33FmtCblnYTHSLyGQrVpfq/cVEzvpznsZnObjFG+/ >> 4Gss0qUVQZ0LJUUKZHx5cGvHliXYEeZQaBz/VLJ7J8fvy6Fsp0vKFjbrobG6srB6 >> pa6NYQKjHhobx+eEW380j3r60iBiz1GjdMSOdLvnSOA9dOcWmXFxl5GLcASnM+F0 >> kGtZBjLXsaImnp749V50sme+bNgQ/ErUvikTLXefk0rtUnfjCmJec44Kn5Gh7J1k >> iI/CjhJrI2B83C48m2kE >> =lxo1 >> -----END PGP SIGNATURE----- >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Announcement Mailing List openssl-annou...@openssl.org >> Automated List Manager majord...@openssl.org >> > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com > Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org