On Thu, Jan 7, 2021 at 1:53 PM Jan Just Keijser <janj...@nikhef.nl> wrote:
> On 06/01/21 21:57, Michael Wojcik wrote: > > > > The same way you'd track down an intermittent cause of Undefined > Behavior in any other program: some combination of dynamic monitoring, > symbolic execution, static code analysis, source code review, testing > variants, tracing, fuzzing, post-mortem analysis, and so on. This isn't > specific to OpenSSL. > > > > But you're asking the wrong question. The correct question is: Why are > you using an outdated version of OpenSSL? > > possibly because: > > $ cat /etc/redhat-release && openssl version > CentOS Linux release 7.9.2009 (Core) > OpenSSL 1.0.2k-fips 26 Jan 2017 > > ? > > > Yes, using this openssl version coming with the OS.