I'm sure this would resolve the issue. The problem exists in 1.0.1, but not
1.0.2. Here's the entry in the 1.0.1 libeay.num:
Fixed. It was a mistake to remove engine_rsax, and I just reverted that.
Should show up in the snapshots within an hour
El 27/01/15 a las 08:30, Hanno Böck escribió:
Hello,
On Fri, 23 Jan 2015 19:11:35 +
Salz, Rich rs...@akamai.com wrote:
OPENSSL_NO_BUF_FREELISTS
As far as I remember the post-heartbleed discussions this disables an
openssl-own memory management which in the case of heartbleed
On 27/01/15 12:02, david.ll...@fsmail.net wrote:
Hi,
Quick note about this (or could you refer me to the discussion that I
missed). Although I have no problems with explicitly patented code being
included with OpenSSL, shouldn't the default for such code be off with an
explicit
It is no longer an option to build OpenSSL without SHA, so closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hello,
On Fri, 23 Jan 2015 19:11:35 +
Salz, Rich rs...@akamai.com wrote:
OPENSSL_NO_BUF_FREELISTS
As far as I remember the post-heartbleed discussions this disables an
openssl-own memory management which in the case of heartbleed
circumvented memory protection measures like address
On Monday 26 January 2015 10:03:30 Brian Smith wrote:
Hubert Kario hka...@redhat.com wrote:
Actually it does not introduce it as OpenSSL does send the notification as
TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not the extension.
On Sunday 30 November 2014 20:36:20 Richard Moore wrote:
That
Hi,
Quick note about this (or could you refer me to the discussion that I missed).
Although I have no problems with explicitly patented code being included with
OpenSSL, shouldn't the default for such code be off with an explicit
enable-ocb?
Added support for OCB mode. OpenSSL has been
On 27/01/15 12:02, david.ll...@fsmail.net wrote:
Hi,
Quick note about this (or could you refer me to the discussion that I
missed). Although I have no problems with explicitly patented code being
included with OpenSSL, shouldn't the default for such code be off with an
explicit
Why? We have an explicit licence enabling its use - so why shouldn't it
be on?
Matt
You do, but I don't, and other users of OpenSSL don't either. According to my
legal advice at least - your Lawyer may disagree. The linked pdf doesn't solve
the problem apparently.
That there is an
On 27/01/15 13:12, david.ll...@fsmail.net wrote:
Why? We have an explicit licence enabling its use - so why shouldn't it
be on?
Matt
You do, but I don't, and other users of OpenSSL don't either. According to
my legal advice at least - your Lawyer may disagree. The linked pdf
The answer to that is in the OpenSSL licence:
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO
What's the plan here? Replace openssl's own memory management by
default with standard memory management calls or is the plan to disable
the possibility to have standard memory management at all?
If the latter I'd vote against removing that flag.
We use using only malloc and free. We are no
On Thu Jan 15 17:21:35 2015, matt wrote:
In response to your previous documentation question it is
(unfortunately)
undocumented. :-(
The best I can offer you is the source code:
int read_ahead; /* Read as many input bytes as possible * (for non-
blocking
reads) */
With regards to your
El 27/01/15 a las 08:30, Hanno Böck escribió:
Hello,
On Fri, 23 Jan 2015 19:11:35 +
Salz, Rich rs...@akamai.com wrote:
OPENSSL_NO_BUF_FREELISTS
As far as I remember the post-heartbleed discussions this disables an
openssl-own memory management which in the case of heartbleed
On 15/01/15 17:06, Fedor Indutny wrote:
Matt,
Thank you for reply.
May I ask you when do you think your patch may land in 1.0.2 or whatever?
If this is something of your long term goals and not going to land
anywhere soon. Could you please tell me about issues in my patch (either
On Thu Dec 18 15:31:48 2014, fe...@indutny.com wrote:
In situations like [0] the server may provide alternative certificate
chain, which is no longer valid in the current certificate store. In
fact the issuer of the leaf (or some intermediate) cert is known and
trusted, but the alternative
Thank you!
On Tue, Jan 27, 2015 at 6:02 PM, Matt Caswell m...@openssl.org wrote:
On 15/01/15 17:06, Fedor Indutny wrote:
Matt,
Thank you for reply.
May I ask you when do you think your patch may land in 1.0.2 or whatever?
If this is something of your long term goals and not
It looks like the Windows export symbols may need updating now that the
rsax engine has been removed (yesterday). Here's the error from the log...
link /nologo /subsystem:console /opt:ref /debug /dll /out:out32dll\libeay32.dll
/def:ms/LIBEAY32.def
From: Dr. Matthias St. Pierre m...@ncp-e.com
Add missing forward declarations and export declarations for DHparams
and EC[PK]PARAMETERS.
Add public functions to convert between EC_GROUP objects and EC[PK]PARAMETERS
objects: EC_GROUP_new_from_ec[pk]parameters(), EC_GROUP_get_ec[pk]parameters().
It is no longer an option to build OpenSSL without SHA, so closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
It looks like the Windows export symbols may need updating now that the
rsax engine has been removed (yesterday). Here's the error from the log...
If you remove the reference to it from util/libeay.num does that fix the build?
--
Principal Security Engineer, Akamai Technologies
IM:
I'm sure this would resolve the issue. The problem exists in 1.0.1, but
not 1.0.2. Here's the entry in the 1.0.1 libeay.num:
ENGINE_load_rsax 4652 EXIST::FUNCTION:ENGINE
And here's the entry in the 1.0.2 flavor of libeay.num:
ENGINE_load_rsax 4652 NOEXIST::FUNCTION:
You just need to to make
Oh, I thought it was in master!
In 1.0.1 it was a mistake to remove eng_rsax. And a commit to fix that will be
submitted shortl.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
___
openssl-dev mailing
Thanks for the update. I was curious why it was removed from 1.0.1. It
seemed to be beyond the scope of a bug fix. Given 1.0.2 has now been
released, should eng_rsax been removed there too?
On 01/27/2015 01:06 PM, Salz, Rich wrote:
Oh, I thought it was in master!
In 1.0.1 it was a mistake
This is an implementation of an IETF draft that expired seven years ago. Is
anyone using it?
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
___
openssl-dev mailing list
To unsubscribe:
Signed-off-by: Gustavo Zacarias gust...@zacarias.com.ar
---
tools/c_rehash.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index 887e927..1df2fab 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -15,7 +15,7 @@ my
I'm sure this would resolve the issue. The problem exists in 1.0.1, but not
1.0.2. Here's the entry in the 1.0.1 libeay.num:
Fixed. It was a mistake to remove engine_rsax, and I just reverted that.
Should show up in the snapshots within an hour
Please submit patches to r...@openssl.org.
Matt
On 27/01/15 16:15, Dr. Matthias St. Pierre wrote:
From: Dr. Matthias St. Pierre m...@ncp-e.com
Add missing forward declarations and export declarations for DHparams
and EC[PK]PARAMETERS.
Add public functions to convert between EC_GROUP
On Tue 2015-01-27 11:15:37 -0500, Dr. Matthias St. Pierre wrote:
Add missing forward declarations and export declarations for DHparams
and EC[PK]PARAMETERS.
Add public functions to convert between EC_GROUP objects and EC[PK]PARAMETERS
objects: EC_GROUP_new_from_ec[pk]parameters(),
Hi,
I want to connect with different SSL servers. So I need to load different
Server CA certs into SSL Context.
Is it possible to load different server CA certs of different SSL servers in a
single SSL Context?
If yes, when I am connecting with SSL server, SSL client can traverse all the
From: openssl-dev On Behalf Of satish.kumarya...@cognizant.com
Sent: Wednesday, January 28, 2015 00:08
This is a basic user question, not dev.
I want to connect with different SSL servers. So I need to load different
Server CA certs into SSL Context.
If the servers are (or may be) using
31 matches
Mail list logo