On 06/11/2014 02:26 PM, Salz, Rich wrote:
What kinds of operations are protected by read locks?
Looking at almost any of the global data structures, such as error tables, OID
tables, and so on.
Often, RW locks aren't a win because maintaining just the read locks (without
any writers)
Please correct me if I'm wrong, but the ERR/OID structures only need locking because they are loaded dynamically ?.
Preload them all at startup with a global lock held, delete them at shutdown with a global lock held. If all the other access is 'read' the structures don't need a lock between
Ø Preload them all at startup with a global lock held, delete them at shutdown
with a global lock held. If all the other access is 'read' the structures don't
need a lock between times.
Ø Might be something to consider putting on the to do list. I can understand
things being done like that
On 06/12/2014 01:28 PM, Salz, Rich wrote:
Since the patch for CVE-2014-0224 I've so far received 2 reports about people getting the
error: ccs received early.
So they kiddies can read. We thought so, but good to have confirmation.
Thanks!
What do you mean? As far as I can tell, this is
For your information, I've just applied this to my 1.0.1 and 1.0.2
trees and am going through tests.
In message 001301cf81cd$4f41b9e0$edc52da0$@com on Fri, 6 Jun 2014 23:21:41
+0200, Zoltan Arpadffy z...@polarhome.com said:
zoli Hi,
zoli
zoli after some testing the new release I realized that
I just stumbled on problems with MAYLOSEDATA3 while looking at other
stuff... and I wonder, what exactly is it? Sorry, I've been out of
it for quite a while, and I haven't dug through all talks there may
have been, so I may be missing something.
Thing is, looking at the docs for the latest
Hi Richard,
I could not find much more information about either, but on IA64
platform HP C V7.3-020 on OpenVMS IA64 V8.4 produces such warnings.
Please check the following logs
http://www.polarhome.com/openssl/BUILD100.LOG for 1.0.0m
Please, advice how to solve this issue.
Thank you,
Z
Hi,
I'm on the OpenSSL_1_0_2-stable branch, commit d85a772, and compilation
fails for darwin64-x86_64-cc with the error reported at the bottom. The
commit that introduced the compilation issue is
70fddbe32a7b3400a6ad0a9265f2c0ed72988d27.
If instructed, I can try to help by running more tests.
I am pleased to announce some changes to the OpenSSL team (see
https://www.openssl.org/about/):
Andy Polyakov has been added to the core team
Tim Hudson has been added to the dev team
Viktor Dukhovni has been added to the dev team
We anticipate some more additions in the near future.
It seems that duplicating the check on the existence of MAYLOSEDATA3
in the other building .com files would be the way to go. As it stands
now, this is only done in ssl/ssl-lib.com... At least in 1.0.2, where
this seems to have proliferated further than in all other branches.
In message
On Thu, Jun 12, 2014 at 02:06:53PM +0200, Florian Weimer wrote:
On 06/12/2014 01:28 PM, Salz, Rich wrote:
Since the patch for CVE-2014-0224 I've so far received 2 reports about
people getting the error: ccs received early.
So they kiddies can read. We thought so, but good to have
Hi,
I put a couple of fixes as pull requests into github, but haven't seen any
movement (eg. reviews). In case it's simply because no one noticed here's a
link:
https://github.com/openssl/openssl/pulls/richmoore
Both are pretty trivial fixes (not security fixes).
Cheers
Rich.
Steve;
Thanks for replying. I am using the instructions from section 4.3.1 of
UserGuide-2.0.pdf that I found at http://www.openssl.org/docs/fips/. That
appears to be the latest one dated September 2013. If I should be using
something else, please let me know; thanks!
-Original
Hi,
I'm on the OpenSSL_1_0_2-stable branch, commit d85a772, and compilation
fails for darwin64-x86_64-cc with the error reported at the bottom. The
commit that introduced the compilation issue is
70fddbe32a7b3400a6ad0a9265f2c0ed72988d27.
If instructed, I can try to help by running more tests.
- Original Message -
From: Richard Moore r...@kde.org
To: openssl-dev@openssl.org
Sent: Thursday, June 12, 2014 1:55:41 PM
Subject: Minor fixes to openssl ocsp
Hi,
I put a couple of fixes as pull requests into github, but haven't seen any
movement (eg. reviews). In case it's
On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote:
Hi,
The Net-SSLeay perl module failed its testsuite after 1.0.1g - 1.0.1h
update.
The code looks like this:
... create more X509 certificate stuff ...
is(Net::SSLeay::X509_NAME_print_ex($name), O=Company
Name,C=UK,CN=Common name text
On 12/06/14 12:55, Richard Moore wrote:
Hi,
I put a couple of fixes as pull requests into github, but haven't seen
any movement (eg. reviews). In case it's simply because no one noticed
here's a link:
https://github.com/openssl/openssl/pulls/richmoore
Both are pretty trivial fixes
Dear Team,
I have a Client (C# .Net) connects to Server (C++ application), a running
process using OpenSSL.
All these days, we were running the server on a Unix platform - we were
receiving few Broken Pipe and Conn Reset by Peer error - But in a very small
number.
Now we have moved this
Hi Richard,
It seems that duplicating the check on the existence of MAYLOSEDATA3 in
the other building .com files would be the way to go.
I totally agree.
I would even suggest to merge back the changes to the 1.0.1 and even to the
1.0.0 branch too.
Thanks,
Z
I believe the OpenSSL FIPS Object Module 2.0 is only for OpenSSL 1.0.1? See
UserGuide-2.0.pdf, top of page 11.
Andrew Schmidt
On Thu, Jun 12, 2014 at 6:13 AM, Swenson, Ken_S. (IS) ken.swen...@ngc.com
wrote:
Steve;
Thanks for replying. I am using the instructions from section 4.3.1
of
I am running my gevent socketio server on port 8081. My django website is
running on port 8443 through https which is accessed by user from port 8080.
I want to use proxy SSL connection for socketio server through mod_proxy.
Below is what I am trying but when I access socketio URL , it gives me
Ok, thanks Steve. I didn't realize this problem was a user error.
Unfortunately I have old code using OpenSSL that needs some of the FIPS
calls -- I realize this not FIPS compliant. I maybe stuck figuring out how
to get these unsupported 0.9.8 builds working e.g. easier than the correct
solution
When I compile Postfix against OpenSSL 1.0.2-beta or earlier, and
configure the SMTP server to not have any certificates, the Postfix
client and server happily negotiate a suitable aNULL ciphersuite
(e.g. AECDH-AES256-SHA).
When I compile against master, with the same configuration, I get
on the
On Thu, Jun 12, 2014, Viktor Dukhovni wrote:
When I compile Postfix against OpenSSL 1.0.2-beta or earlier, and
configure the SMTP server to not have any certificates, the Postfix
client and server happily negotiate a suitable aNULL ciphersuite
(e.g. AECDH-AES256-SHA).
When I compile
Fixed.
I have made the following commit to master and 1.0.2:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d84ba7ea23b386f3fe56c4fe7a7aa8ece2e0c356
And this one to 1.0.0 and 0.9.8:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d663f506dc43752b64db58e9169e2e200b3b4be6
Many
This version number refers to the ABI version of the library.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
On Thu, Jun 12, 2014 at 08:59:27PM +0200, Dr. Stephen Henson wrote:
When I compile against master, with the same configuration, I get
on the server:
SSL3 alert write:fatal:handshake failure
SSL_accept:error in SSLv3 read client hello C
error:1408A0C1:SSL
On Thu, Jun 12, 2014, Viktor Dukhovni wrote:
On Thu, Jun 12, 2014 at 08:59:27PM +0200, Dr. Stephen Henson wrote:
When I compile against master, with the same configuration, I get
on the server:
SSL3 alert write:fatal:handshake failure
SSL_accept:error in SSLv3 read
The following error occurs using the 20140612 snapshot on the 1.0.2
trunk. The host is a 64-bit CentOS system. Is this a known issue?
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-Wa,--noexecstack -m64 -DL_ENDIAN
On 12 June 2014 17:34, Hubert Kario hka...@redhat.com wrote:
- Original Message -
I put a couple of fixes as pull requests into github, but haven't seen
any
movement (eg. reviews). In case it's simply because no one noticed
here's a
link:
Thanks Kurt
I found ssl/t1_lib.c
but not ssl/d1_both.c, ssl/s3_enc.c, ssl/sll_ciph.c, ssl/ssl_sess.c
in pull request #131
Didier
Le 10.06.2014 23:49, Kurt Roeckx a écrit :
On Tue, Jun 10, 2014 at 11:29:02PM +0200, dcrue...@qualitesys.com
wrote:
Hello
In version openssl-1.0.h
In case of
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many thanks for your contribution.
Matt
On 12/06/14 22:43, Otto Moerbeek wrote:
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many thanks for your contribution.
Matt
Hi,
Just a comment on the release notes. On the Vulnerabilities page for
Openssl.org, it is noted that CVE-2014-0198 is fixed in 1.0.0m and 1.0.1h, but
this is not mentioned in the release notes for those versions.
Thanks,
ScottN
On Thu, Jun 12, 2014 at 11:49:39AM +0200, Dimitrios Apostolou wrote:
The options start out clear by default.
Are you positive on that? I'm quite sure that SSL_OP_LEGACY_SERVER_CONNECT
is on for example.
I was not sure, looking at the code for SSL_CTX_new() in the master
development branch I
On Fri, Jun 13, 2014 at 03:53:07AM +, Viktor Dukhovni wrote:
For now, don't clear SSL_OP_NO_TICKET if
it is already set unless you've provided your own session tickets.
That is your own session ticket keys.
--
Viktor.
37 matches
Mail list logo