On 08/13/2014 09:59 AM, at the end of a long message I wrote:
[.]
I will rewrite my patch code accordingly. It will take me a
little while to do this and test it.
This is now done. The improved patch can be found at
http://www.av8n.com/openssl/leading-dot-better.diff
The patch
On 08/13/2014 08:27 AM, Erwann Abalea wrote in part:
the question isn't should we tolerate it?, but what do the sacred
scriptures ask compliant implementation to do?
What sacred scriptures are we talking about here? I'm not an
expert, so correct me if I'm wrong, but I thought RFC stood
for
I have found a bug in the openssl req -verify .
It is present in 101i as well as a couple older versions. I have not gone on a
testing spree. This may be a semantic discussion, as it accurately verifies if
the signature is correct, based on the data, but not if the data is correct.
The CSR
Hi Rich,
On 13.08.2014 22:59, Salz, Rich wrote:
Is anyone willing to step up and maintain the Netware port?
If not, then we will probably remove it after the next release.
please dont do that! I maintained it in the past (and try to do in
future as my time permits), and currently it still
Hi,
I was working a lot with Netware some 10-15 years ago.
I wonder if you have some recent install media with ev. licence to
donate to polarhome.com
I am building up a jenkins farm with polarhome servers that would
build OpenSSL, Vim and other opensource projects and follow up CI.
That
please dont do that! I maintained it in the past (and try to do in future as
my
time permits), and currently it still builds (except for asm support were ich
Okay. Thanks for your efforts.
The NETWARE port is really messy, with about 130 #ifdef flags in 70 files. It
would be great if we
I can reproduce this issue using the version from master branch.
Interestingly, it doesn't happen if I set it to use SSLv3 only.
Below are the traces from universal ClientHello and from SSLv3 only one.
$ openssl s_client -connect courtapps.utcourts.gov:443 -msg -debug
These are good poitns. Merging this into RT1665 for general crypto doc cleanup.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
we're not going to fix this.
SSLv2 is now like the Monty Python comment: This is not a wine for drinking,
this is a wine for laying down and avoiding
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Hi,
OpenSSL 1.1.0-dev comes with DTLS 1.2 support by adding
DTLSv1_2_*_method() and DTLS_*_method() (that supports both DTLS 1.0
and 1.2).
But it only has DTLS timeout related functions for DTLS 1.0:
DTLSv1_get_timeout( )
DTLSv1_handle_timeout( )
Is it safe to use them when the method is
As announced on the openssl-testing list, I'm happy to report early,
promising success in my Makefile refactoring experiment. Here's the
short link to the Google Doc containing all of the details:
http://goo.gl/yhvCno
Feedback welcome. Regardless of the ultimate judgment of the
experiment, I'm
Hi Richard,
I absolutely welcome the idea, that the build needs to be improved on
OpenVMS.
You have my full support and I'll help as much I can appreciate time-wise.
Currently, I am struggling to include OpenVMS architectures into a jenkins
farm that would at least warn for anomalies as soon
You probably figured this out years ago, but the library order should be -lssl
-lcrypto
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development
old release, can't reproduce, closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Hello,
maybe I miss something ...
But there seems to be no way to change the initial timeout
duration for DTLSv1. It's value is set to one second, and it's
hard-coded in d1_lib.c in function dtls1_start_timer.
The problem is I need to set a higher value, because in a project,
I am working on,
Last update, a decade ago, pointed to user issues.
Closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On 14 Aug 2014, at 20:27, Tobias Herre 7...@mail.ru wrote:
Hello,
maybe I miss something ...
But there seems to be no way to change the initial timeout
duration for DTLSv1. It's value is set to one second, and it's
hard-coded in d1_lib.c in function dtls1_start_timer.
The problem is I
On 14.08.2014 22:05, Michael Tuexen wrote:
Isn't this a problem of the client which has to be fixed anyway?
The client is a Cisco AP. I don't think, Cisco would fix that for me,
because
their APs work fine with their own controllers.
Best regards
Tobias
Have you considered moving to CMake? It makes lots of the issues you discuss
in the document just go away. cmake should work on the vast majority of
supported operating systems, if not all of them ...
-Original Message-
From: owner-openssl-...@openssl.org
This particular set of issues has been resolved.
We need to run with -Wall, etc., flags regularly.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Urgent need for a response by 29 Julye 2005... oops :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
seems to be a browser setup issue, closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Thu, Aug 14, 2014 at 4:32 PM, Tim Hollebeek tholleb...@trustwave.com wrote:
Have you considered moving to CMake? It makes lots of the issues you discuss
in the document just go away. cmake should work on the vast majority of
supported operating systems, if not all of them ...
Nope;
Rich,
On 14.08.2014 16:19, Salz, Rich wrote:
Okay. Thanks for your efforts.
The NETWARE port is really messy, with about 130 #ifdef flags in 70 files.
It would be great if we could reduce that impact.
perhaps its possible to introduce some macros and then kill some code
paths - but since a
On 22 Jul 2014, at 23:32, Brian Hassink via RT r...@openssl.org wrote:
OpenSSL: 1.0.1e
OS: Red Hat Enterprise Linux Server release 6.5
(Santiago)
Hello,
We recently did some negative testing against OpenSSL 1.0.1e, with a focus on
DTLS,
On 22 Jul 2014, at 23:32, Brian Hassink via RT r...@openssl.org wrote:
OpenSSL: 1.0.1e
OS: Red Hat Enterprise Linux Server release 6.5
(Santiago)
Hello,
We recently did some negative testing against OpenSSL 1.0.1e, with a focus on
DTLS,
This will be fixed in post-1.0.2 release.
In -www mode, s_server escapes the three special charactersby writing
their entities
isntead.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Thanks for the info!
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On 08/14, Tim Hollebeek wrote:
Have you considered moving to CMake? It makes lots of the issues
you discuss in the document just go away. cmake should work on the
vast majority of supported operating systems, if not all of them ...
Cmake has disadvantages. I haven't actually used it enough
Just a comment. the OpenSSL build already depends on Perl and Perl already
has a Make of it's own .
That would at least relieve some of the problems with being dependent on
lowest common denominator features common to the various platform makes.
I'll admit, I have no idea whether the Perl variant
Just a comment. the OpenSSL build already depends on Perl and Perl already
has a Make of it's own .
Ooh, that could be interesting. What's the perl make thing called? A web
search for perl make was too voluminous...
/r$
--
Principal Security Engineer
Akamai Technologies,
It would break downstream users. Just for consistency. Closing this ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
We don't package the manpages separately and search engines are pretty good
nowadays
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development
After a decade of silence, time to face facts that global library cleanup isn't
a high priority, and does have
some concerns/drawbacks (see Pete's note in the RT). We're nog going to address
this unless someone
on the team, or someone with a patch, re-opens the ticket.
--
Rich Salz, OpenSSL dev
On 08/14, Salz, Rich wrote:
Just a comment. the OpenSSL build already depends on Perl and Perl already
has a Make of it's own .
Ooh, that could be interesting. What's the perl make thing called?
A web search for perl make was too voluminous...
Hm ... maybe some of my Google-fu can come
Fixed a long time ago; adding *8 to convert RSA_size() from bytes to bits.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
The assembly code seems to have been included already.
The platforms we want are included already.
I think we've got the 'good bits' from this; if not, please
open a new ticket to cover it. thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
More then 10 years; not going to get around to this.
(MinGW cross-compiler target BTW)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development
SO_REUSEADDR is done.
The discussion about DSA key and sig verificdation: I think that's now also
done as part of EVP_DigestSign.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
SRP is in opensls
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
That's essentially correct.
Any IBM contributions from me have been dealt already, just to save time if
you hit more.
Thanks
Peter
From: Rich Salz via RT r...@openssl.org
To: Peter Waltenberg/Australia/IBM@IBMAU
Cc: openssl-dev@openssl.org
Date: 15/08/2014 12:27 PM
Subject:
PSK support is in openssl; thanks for your work.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
__
OpenSSL Project http://www.openssl.org
Development Mailing
DrH applied the patches, VMS is supported and others are working on the build
stuff.
Closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
We support SHA-2 for signatures.
We support SHA-256, etc., where defined in TLS
Nothing extra for openssl to do.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Yes, can't specify a date beyond 2038 :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Local gcc config/install issue, not an openssl issue.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
We're working on clarifying and updating everything in the distribution, as far
as licenses go. But it is a slow complicated procedure. Until then, the only
information available is in the files themselves.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
Seems to be a local gcc config issue. Can't reproduce, closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This is fixed post-1.0.2
If you specify the -sha256 (or other digest) after -serial or -cert, which have
the side effect
of setting the digest to sha1, then an error message is displayed.
Can't be tested by look at rsalz-monolith branch on akamai/openssl on github.
--
Rich Salz, OpenSSL dev team;
Can't reproduce on current releases or current version of the mac platform
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Someone already fixed this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Old versions, not enough information to reproduce, closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Very old platform, not supported, we can't reproduce this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Can';t reproduce this issue with rt.openssl.org
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Yes, in CBC mode you cannot have short blocks. User error, closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
old snapshot; current ones should work.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
old snapshot; things should work now. or at least build :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
58 matches
Mail list logo