I'm not terribly familiar with the openssl universe, but have an
integration that uses DTLS with the Asterisk project.
Seeing a frequent crash that appears to originate from within
dtls1_do_write.
Not sure if there's not another implementation issue here, but I've
attached a backtrace of the
On Wed, Aug 06, 2014, arun11299 wrote:
Hello Folks,
I am experiencing a hard to debug crash in openssl crypto library within our
process.
We have a client and server which communicates using SSL with NULL
encryption. The client when it connects to the server sends a Certificate
signing
Thanks Stephen for your reply. I am doing OpenSSL_add_all_digests in
one of my class initialization routine, so it gets called whenever an
instance of this class gets created (I am now building my code with
this removed). But I am not removing digests/algorithm as you mention,
I am just adding
On Thu, Aug 07, 2014, Arun Muralidharan wrote:
Thanks Stephen for your reply. I am doing OpenSSL_add_all_digests in
one of my class initialization routine, so it gets called whenever an
instance of this class gets created (I am now building my code with
this removed). But I am not removing
hmm...Will update you on this once I get it tested with the latest build.
Thanks again.
-Arun
On Thu, Aug 7, 2014 at 4:49 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Thu, Aug 07, 2014, Arun Muralidharan wrote:
Thanks Stephen for your reply. I am doing OpenSSL_add_all_digests in
one
Hi OpenSSL release team,
I'm just curious if there is a CVE missing inside the OpenSSL 0.9.8
Branch Release notes from last night. I came across commit
fc4bd2f287582c5f51f9549727fd5a49e9fc3012 (CVE-2014-3511) that is not
listed for the 0.9.8 branch in the security advisotry or the release
On Thu, 7 Aug 2014 15:07:44 +0200 Alexander Bergmann wrote:
Is CVE-2014-3511 TLS protocol downgrade attack also affecting the
0.9.8/1.0.0 branches?
The issue is described as downgrade *to* TLS 1.0, which is the highest
version supported by OpenSSL before 1.0.1.
--
Tomas Hoger / Red Hat
On Aug 7, 2014, at 15:07 , Alexander Bergmann abergm...@suse.com wrote:
Hi OpenSSL release team,
I'm just curious if there is a CVE missing inside the OpenSSL 0.9.8
Branch Release notes from last night. I came across commit
fc4bd2f287582c5f51f9549727fd5a49e9fc3012 (CVE-2014-3511) that is
Hi,
during the review of OpenSSL commits I found this one:
https://github.com/openssl/openssl/commit/22a10c89d7c3f951339c385d57cc8fd23c0a800b
There is unfortunately not much detail in the commit message. Could this
be a possible security issue? Can you please clear that up?
Thanks,
--
Tomas
Hi
As OpenSSL is a library, it should only ever use exit in the case of sever
problems and not just for mere run-time problems.
OPENSSL_config() is documented to be strongly recommended but yet it calls
exit(1) if it fails to parse the config file. I find it much too fragile and
makes it
On Thu, Aug 07, 2014 at 07:33:55PM +0200, Daniel Stenberg via RT wrote:
Hi
As OpenSSL is a library, it should only ever use exit in the case of sever
problems and not just for mere run-time problems.
OPENSSL_config() is documented to be strongly recommended but yet it calls
exit(1) if
On Thu Aug 07 19:33:55 2014, dan...@haxx.se wrote:
Hi
As OpenSSL is a library, it should only ever use exit in the case of
sever
problems and not just for mere run-time problems.
OPENSSL_config() is documented to be strongly recommended but yet it
calls
exit(1) if it fails to parse the
On Thu Aug 07 20:35:50 2014, steve wrote:
The whole point of OPENSSL_config() is that it is a minimal function
that just
tries to load configuration modules and is better than nothing if the
application cannot include appropriate error handling. It has no idea
what an
application considered
On Thu, Aug 07, 2014, Tomas Mraz wrote:
Hi,
during the review of OpenSSL commits I found this one:
https://github.com/openssl/openssl/commit/22a10c89d7c3f951339c385d57cc8fd23c0a800b
There is unfortunately not much detail in the commit message. Could this
be a possible security issue? Can
On Thu, 7 Aug 2014, Stephen Henson via RT wrote:
I would like OPENSSL_config() to not call exit.
The whole point of OPENSSL_config() is that it is a minimal function that
just tries to load configuration modules and is better than nothing if the
application cannot include appropriate error
On Thu, 7 Aug 2014, Stephen Henson via RT wrote:
I would like OPENSSL_config() to not call exit.
The whole point of OPENSSL_config() is that it is a minimal function that
just tries to load configuration modules and is better than nothing if the
application cannot include appropriate error
On Thu Aug 07 23:31:24 2014, dan...@haxx.se wrote:
I can't agree with that since I believe exit() is not a business a
library
should do almost no matter what, but clearly you think otherwise.
I'm just explaining the logic behind that behaviour. It was written over 10
years ago and some
17 matches
Mail list logo
