On 16/09/15 16:15, John Foley wrote:
> Is the "Async support" you have listed the same code that Intel
> developed for Cave Creek? Or is the Intel contribution planned for a
> follow-on release?
It is all new code. However I have been developing it in collaboration
with Intel.
Matt
On 17/09/15 19:34, Ian McFadries (imcfadri) wrote:
> I see this fix will be in 1.0.1q. Do you know when 1.0.1q will be released?
We don't have a fixed timetable for bug fix releases. It is normally
driven by what ever security issues we have to respond to - so
unfortunately I don't know when
Hmmm. I cannot reproduce this. Is anyone else seeing this?
Matt
On 17/09/15 20:15, Blumenthal, Uri - 0553 - MITLL wrote:
> $ apps/openssl$ openssl version
> OpenSSL 1.1.0-dev xx XXX
> $ make test
> testing...
> make[1]: Entering directory `/media/uri/Src/openssl/test'
> make[2]: Entering
I've just opened a github pull request to show recent work I have been
doing on rewriting the OpenSSL state machine (for version 1.1.0). See:
https://github.com/openssl/openssl/pull/394
My objectives for the rewrite were:
- Remove duplication of state code between client and server
- Remove
On 12/09/15 11:22, Kurt Roeckx wrote:
> On Sat, Sep 12, 2015 at 12:20:52AM +0100, Matt Caswell wrote:
>> Dependant on the preceding messages we
>> might need to have a CertificateVerify next. So transitions are actually
>> "guarded" - there is logic which determ
On 30/09/15 10:22, Alessandro Ghedini via RT wrote:
> On Wed, Sep 30, 2015 at 02:01:54am +, Rich Salz via RT wrote:
>> We fixed this in a slightly different way. We made BIO_new_file and
>> BIO_s_file
>> return an alternate implementation that returns run-time failures. Almost all
>> of the
On 30/09/15 16:06, Haiyang Yin via RT wrote:
> Hello, I am using memory-based bio to handle dtls sessions. Crash
> happened after close notify received and SSL was cleaned up ? OpenSSL
> version is 1.0.2d. If more detailed information required, pls. let me
> known.
Your gdb output is impossible
I've just pushed a partial fix for this issue. The TLS tests should now
pass for you in the latest master version in git. The new TLS test proxy
we are using does not support compression, but was failing to switch it
off if OpenSSL is configured for it.
However, this one is a different problem:
On 18/09/15 20:46, Richard Levitte wrote:
> In message on Fri, 18 Sep 2015 19:23:09
> +, "Blumenthal, Uri - 0553 - MITLL" said:
>
> uri> On 9/18/15, 15:15 , "Richard Levitte" wrote:
> uri>
> uri> >Did you apply the
On 25/09/15 17:05, Alessandro Ghedini via RT wrote:
> On Fri, Sep 25, 2015 at 03:02:27pm +, Hubert Kario via RT wrote:
>> On Friday 25 September 2015 14:51:17 Alessandro Ghedini via RT wrote:
>>> As a matter of test I changed the ssl_get_message() in
>>> ssl3_get_client_hello() to use
On 25/09/15 20:19, Kurt Roeckx wrote:
> On Fri, Sep 25, 2015 at 04:23:27PM +, Hubert Kario via RT wrote:
>>
>> Given that TLSv1.3 has a 1RTT mode planned (so Client Key Exchange ends
>> up as an extension, possibly multiple ones), and that quantum computing
>> resistant algorithms usually
On 18/09/15 23:23, Blumenthal, Uri - 0553 - MITLL wrote:
> I compiled with
>
> ./config threads shared zlib
>
> Should I drop zlib and try again...?
Yes please.
Thanks
Matt
___
openssl-dev mailing list
To unsubscribe:
On 18/09/15 21:24, Blumenthal, Uri - 0553 - MITLL wrote:
> On 9/18/15, 15:54 , "Matt Caswell" <m...@openssl.org> wrote:
> Received server packet
> Packet length = 1113
> Processing flight 1
> Record 1 (server -> client)
> Content type: HANDSHAKE
>
On 25/09/15 11:25, Hubert Kario via RT wrote:
>
> A Finished message is always sent immediately after a change
> cipher spec message to verify that the key exchange and
> authentication processes were successful.
This is perhaps the key statement. It could do with being more
On 25/09/15 11:25, Hubert Kario via RT wrote:
> On Friday 25 September 2015 10:47:42 Matt Caswell wrote:
>> However, I have some concerns with the wording of the RFC. It seems to
>> place no limits whatsoever on when it is valid to receive app data in
>> the handshake. By t
ed is processed that we verify the
handshake data MAC - and yet we could already have acted upon app data
received. I assume the intent was to allow the interleaved app data only
up until the point that the CCS is received. I have attached a patch for
1.0.2 that implements that logic.
Matt
From
ou get on.
Thanks
Matt
From 07315256ab0a97e1172304a098c262a845833206 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@openssl.org>
Date: Fri, 4 Dec 2015 10:18:01 +
Subject: [PATCH] Fix EAP FAST in the new state machine
The new state machine code missed an allowed transition when resumi
On 04/12/15 15:41, Adam Eijdenberg wrote:
> On Thu, Dec 3, 2015 at 9:47 PM Viktor Dukhovni
> > wrote:
>
> On Fri, Dec 04, 2015 at 03:05:28AM +, Adam Eijdenberg wrote:
>
> > When I'm preparing a patch I've gotten myself
On 04/12/15 13:08, Jouni Malinen wrote:
> On Fri, Dec 04, 2015 at 10:27:48AM +0000, Matt Caswell wrote:
>> EAP-FAST is very strange. Normally you know whether you are resuming a
>> session or not based on the session id returned from the server. However
>> that's not the cas
On 03/12/15 19:10, Quanah Gibson-Mount wrote:
> make[5]: *** No rule to make target `../../include/openssl/idea.h',
> needed by `e_idea.o'. Stop.
Hmmm. I don't get that. Can you post your build steps?
Matt
___
openssl-dev mailing list
To
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Due to an error in the release process the original distribution
downloads were failing to build. New downloads have now been made
available on the website. Corrected checksums are given below.
OpenSSL version 1.0.0t released
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Due to an error in the release process the original distribution
downloads were failing to build. New downloads have now been made
available on the website. Corrected checksums are given below.
OpenSSL version 1.0.1q released
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Due to an error in the release process the original distribution
downloads were failing to build. New downloads have now been made
available on the website. Corrected checksums are given below.
OpenSSL version 0.9.8zh released
On 03/12/15 19:28, Quanah Gibson-Mount wrote:
> --On Thursday, December 03, 2015 7:18 PM +0000 Matt Caswell
> <m...@openssl.org> wrote:
>
>>
>>
>> On 03/12/15 19:10, Quanah Gibson-Mount wrote:
>>> make[5]: *** No rule to make target `../../includ
Hi all
I've had some emails recently from Derek at OSTIF who has been talking
to me about their plans to do an audit (separate to the current CII one)
of OpenSSL next year. OSTIF is not associated or affiliated with
OpenSSL, but if you're interested you can learn more here:
https://ostif.org/
On 06/01/16 06:14, Zi Lin wrote:
> Hi Matt,
>
> thanks for your time. I am glad to see the big efforts done to make
> OpenSSL code better in the master branch (and v1.1.0+). I will find a
> way to start working on the master branch. A quick glance into the
> master branch state machine: the
On 05/01/16 22:44, Zi Lin wrote:
> Hi OpenSSL devs,
>
> I want to propose a patch that makes OpenSSL compatible with
> asynchronous session lookup during session resumption. Currently, the
> session lookup expects the session callback to return immediately with
> success or failure. Now consider
On 23/12/15 17:21, Viktor Dukhovni wrote:
> On Wed, Dec 23, 2015 at 04:48:20PM +0000, Matt Caswell via RT wrote:
>
>> The problem is that the server has been configured to allow client auth. The
>> CertificateRequest message coming from the server seems very lo
On 23/11/15 17:49, Nico Williams wrote:
> [Resend, with slight edits.]
>
> [Viktor asked me for my advice on this issue and bounced me the post
> that I'm following up to. -Nico]
>
> The summary of what I've to say is that making libcrypto and libssl need
> -lpthread is something that does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2e, 1.0.1q, 1.0.0t and 0.9.8zh.
These releases will be made available on 3rd December between
On 23/11/15 21:56, Paul Dale wrote:
> Somewhat tangentially related to this is the how thread locking in
> OpenSSL is slowing things up.
Alessandro has submitted an interesting patch to provide a much better
threading API. See:
https://github.com/openssl/openssl/pull/451
I'm not sure what the
On 24/11/15 15:16, Jonathan Larmour wrote:
> On 23/11/15 20:34, Matt Caswell wrote:
>> On 23/11/15 17:49, Nico Williams wrote:
>>
>>> Still, if -lpthread avoidance were still desired, you'd have to find an
>>> alternative to pthread_key_create(), pthread_getsp
On 08/06/16 11:25, Hubert Kario wrote:
> On Tuesday 07 June 2016 19:22:00 Matt Caswell via RT wrote:
>> On Sat Apr 02 14:05:50 2016, sebast...@breakpoint.cc wrote:
>>> A TLS1.2 connetion with openssl server and gnutls-cli using a
>>> SECP384R1
>>> key ends
On 10/06/16 10:00, Matt Hart wrote:
> Hi,
>
> I took the CAPI engine and extended it to give preference to NCrypt,
> otherwise to revert to Crypto API. Implemented for RSA so far (no DSA or ECC
> support though BoringSSL have done some ECC work for Windows I could look
> at). Tested with RSA,
On 03/06/16 10:52, Alfred E. Heggestad wrote:
> Hi Matt,
>
> thanks for the suggested API and code. Please find below a suggested
> patch that implements this new callback.
>
>
> the patch is based on 1.0.2-dev from GIT:
>
> url: git://git.openssl.org/openssl.git
> branch:
On 15/06/16 13:09, Salz, Rich via RT wrote:
> So are we still fixing SSLv2 bugs? Or are they too low on the priority list?
They're certainly low priority, but we are still fixing them.
Matt
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 15/06/16 16:31, Daniel Kahn Gillmor wrote:
> On Wed 2016-06-15 09:51:37 -0400, Salz, Rich wrote:
>> I think OpenSSL needs to decide if SSLv2 bugs will be getting fixed.
>> Matt and I disagree :)
>
> Isn't the existence of SSLv2 a bug? ;)
Fixed in OpenSSL 1.1.0 :-)
Matt
--
openssl-dev
On 28/05/16 16:49, sav...@ukr.net wrote:
>
>
> --- Исходное сообщение ---
> От кого: "Matt Caswell" <m...@openssl.org>
> Дата: 27 мая 2016, 18:03:50
>
> > 2. Results for some tests using MSVC there are:
> >
> > skipped: TLSPro
On 27/05/16 11:07, Mick Saxton via RT wrote:
> Hi Matt
>
> The test program runs against our major new development so I cannot share it
> as is.
>
> I will try to produce a skeleton version which I could let you have.
>
> - But that will be end if next week as I am away for a few
On 27/05/16 15:58, sav...@ukr.net wrote:
>
>
> --- Исходное сообщение ---
> От кого: "Matt Caswell via RT" <r...@openssl.org>
> Дата: 27 мая 2016, 17:45:28
>
> The "make test" hang issue on mingw should now be resolved in the head of
>
On 02/06/16 14:33, Alfred E. Heggestad wrote:
>
>
> On 01/06/16 13:58, Matt Caswell wrote:
>>
>>
>> On 01/06/16 11:15, Alfred E. Heggestad wrote:
>>> hi,
>>>
>>> we are using DTLS from OpenSSL to implement DTLS-SRTP in our
>>> prod
On 26/05/16 22:48, TJ Saunders wrote:
>
>
>>> I'm currently working on updating proftpd and its various modules to
>>> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is
>>> to determine the SSL protocol version, given an SSL_SESSION pointer.
>>>
>>> Using OpenSSL-1.0.x, I
On 26/05/16 22:27, TJ Saunders wrote:
>
> I'm currently working on updating proftpd and its various modules to
> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is
> to determine the SSL protocol version, given an SSL_SESSION pointer.
>
> Using OpenSSL-1.0.x, I currently
On 01/06/16 11:15, Alfred E. Heggestad wrote:
> hi,
>
> we are using DTLS from OpenSSL to implement DTLS-SRTP in our
> product (Wire.com) .. The code and implementation works really well
> and is very robust. We are using OpenSSL version 1.0.2g
>
>
> since our product is deployed globally on
On 11/01/16 18:29, Viktor Dukhovni wrote:
>
>> On Jan 11, 2016, at 5:23 AM, Tomas Mraz wrote:
>>
>> On Po, 2016-01-11 at 01:09 +, Peter Waltenberg wrote:
>>> The point of using accessor FUNCTIONS is that the code doesn't break
>>> if the structure size or offsets of
On 24/06/16 22:28, Jouni Malinen wrote:
> On Mon, May 23, 2016 at 01:15:45PM +, Salz, Rich wrote:
>> ... in case you haven't noticed :) Our announced release date for 1.1 has
>> come and gone.
>>
>> We want to close many more bugs before we release it. In the meantime,
>> please test
On 27/06/16 21:56, Timothy B. Terriberry wrote:
>> Did you see BIO_meth_set_write etc ?
>
> I did. I also saw that exactly no code in OpenSSL itself uses this API.
Not strictly true. s_server uses it as does asynciotest.
We also use the similar RSA_METHOD functions and DSA_METHOD functions in
On 27/06/16 21:56, Timothy B. Terriberry wrote:
> Because I am writing a library, which I
> intend to be re-entrant, but which does not have any explicit threading
> support (or dependencies), I don't have any convenient global place to
> cache it. I haven't needed one for anything else.
You
On 08/02/16 15:46, Viktor Dukhovni wrote:
>
>> On Feb 8, 2016, at 9:49 AM, Matt Caswell <m...@openssl.org> wrote:
>>
>> Actually, yes that is a good point. There could be some subtle security
>> issues there. You probably need to additionally check th
On 08/02/16 12:11, Rainer Jung wrote:
> I'm adding support for OpenSSL 1.1.0 to the Apache web server.
>
> I struggle to migrate the renegotiation code in the case wehere we want
> the client to send a client cert. The current code works like explained in
>
>
On 08/02/16 12:34, Matt Caswell wrote:
>
>
> On 08/02/16 12:11, Rainer Jung wrote:
>> I'm adding support for OpenSSL 1.1.0 to the Apache web server.
>>
>> I struggle to migrate the renegotiation code in the case wehere we want
>> the client to send a client
On 06/02/16 04:24, Fedor Indutny via RT wrote:
> On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote:
>
>>
>>
>> On 05/02/16 22:42, Fedor Indutny wrote:
>>> Matt,
>>>
>>> I have looked through the APIs. Will have t
On 08/02/16 13:41, Catalin Vasile wrote:
> I'm trying to compile a custom OpenSSL library to work with nginx.
> nginx requires that the SSL library have version data included in the .so
> files, so I'm using this patch[1] for this.
> The problem is that if I set the library versiont to 1.0.1
On 08/02/16 14:36, Viktor Dukhovni wrote:
>
>> On Feb 8, 2016, at 9:26 AM, Matt Caswell <m...@openssl.org> wrote:
>>
>> SSL_renegotiate(ssl);
>> SSL_do_handshake(ssl);
>> do {
>>read_some_app_data();
>>if(no_client_cert_yet())
On 08/02/16 13:45, Tomas Mraz wrote:
> On Po, 2016-02-08 at 12:34 +0000, Matt Caswell wrote:
>>
>> On 08/02/16 12:11, Rainer Jung wrote:
>>>
>> Renegotiation isn't entirely within the control of the server. A
>> server
>> can request that a renegot
On 04/02/16 05:49, Rich Salz via RT wrote:
> currently in master, planned for 1.1 scheculed for april 2017
That would be April 2016!!
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 04/02/16 06:34, Salz, Rich via RT wrote:
> It’s late and my response was incomplete.
> The other part has already landed in master, and that's the "async engine"
> support.
See:
https://www.openssl.org/docs/manmaster/crypto/ASYNC_start_job.html
On 12/02/16 14:31, The Doctor wrote:
> Here is another fix needed:
>
> making all in ssl...
> gcc -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_EXPERIMENTAL_JPAKE
> -DOPENSSL_THREADS -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM
; On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org
> <mailto:r...@openssl.org>> wrote:
>
> Thank you very much, Matt, Rich.
>
> I will read through these docs tomorrow.
>
> On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT <r.
On 08/02/16 20:49, Rainer Jung wrote:
> The constant SSL_R_HTTP_REQUEST is still defined, but I can't find code
> that sets it and practical experiments indicate it is no longer set.
>
> In Apache land we use it to detect "HTTP spoken on HTTPS port". OpenSSL
> 1.0.2 has code in
well!
Anyway, please try the attached patch to see if that helps.
Let me know how you get on.
Thanks
Matt
>From a47094a928f56cb62d57d4b53f2e4e20f9a0a031 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@openssl.org>
Date: Sat, 13 Feb 2016 23:22:45 +
Subject: [PATCH] Fix memory lea
On 28/01/16 16:40, John Foley wrote:
> I just cloned the OpenSSL git repo at
> git://git.openssl.org/openssl.git. Looking at the OpenSSL_1_0_1-stable
> branch, the fix for CVE-2015-3197 still isn't in the repo. The most
> recent commit is:
>
> foleyj@hobknob:~/gitsync/ossl/openssl$ git log
>
On 02/02/16 21:34, Rainer Jung wrote:
> Hi there,
>
> reading the last advisory again, I noticed, that there's one logical
> inconsistency.
>
> First:
>
> OpenSSL before 1.0.2f will reuse the key if:
> ...
> - Static DH ciphersuites are used. The key is part of the certificate
> and so it
On 03/02/16 19:43, Salz, Rich via RT wrote:
>> The diff works perfectly on master, but exposed a new bug (bare snprintf).
>> The following patch fixes it. I can make a PR (or add it to my existing PR
>> #512)
>> if you'd like.
>
> Please do as a separate PR. Thanks.
I think Richard is
On 24/02/16 10:29, Gisle Vanem wrote:
> Matt Caswell wrote:
>
>> The attached seems to avoid the problem - but then for reasons I cannot
>> understand link errors result later on in the build.
>
> I too can confirm that your patch fixes MSVC-2105 compila
On 24/02/16 15:50, The Doctor wrote:
> As of 2106-20-24 SSL_librbary_init may not be avialable in the libssl.so .
>
> Is their a workaround for this?
>
SSL_library_init is still available in ssl.h as a compatibility macro:
#if OPENSSL_API_COMPAT < 0x1010L
# define SSL_library_init()
On 24/02/16 16:48, Gisle Vanem wrote:
> Matt Caswell wrote:
>
>> The complete patch is attached. This is currently going through review,
>> and solves the link issue.
>
> That brought MSVC-2015 back on track. Thanks!
>
This has now been committed, so hopefully
On 23/02/16 16:38, Sander Temme wrote:
> All,
>
> I toyed over the weekend with resurrecting CHIL: intermediate result
> here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT
> PROUD OF THIS but have no cycles to clean it up for at least a couple
> of days to come. It builds now
513236b6e0ffd5290d0f53b71f56c9 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@openssl.org>
Date: Tue, 23 Feb 2016 15:27:05 +
Subject: [PATCH] Workaround for VisualStudio 2015 bug
VisualStudio 2015 has a bug where an internal compiler error was occurring.
By reordering the DEFINE_STACK_
On 23/02/16 15:59, Matt Caswell wrote:
>
>
> On 23/02/16 01:55, Bill Bierman wrote:
>> The Microsoft compiler team has suggested removing the include of ssl.h
>> from srtp.h as it creates a circular reference which is likely confusing
>> the compiler.
>>
&
On 21/01/16 16:53, Tom Kacvinsky wrote:
> I ran into this problem with the OpenSSL 1.0.1e I built from source on a
> Debian based system (Ubuntu):
>
> libssl.so.1.0.0: no version information available (required by python)
>
> Found this page:
>
>
On 21/01/16 17:57, Viktor Dukhovni wrote:
> On Thu, Jan 21, 2016 at 05:33:51PM +, Howard Chu wrote:
>
>> In OpenLDAP we've been using
>> CRYPTO_add(>references, 1, CRYPTO_LOCK_SSL_CTX)
>> to manage our own SSL_CTXs but this is not possible with current 1.1. Making
>> the structures opaque
I have just pushed to github some code that I have been working on to
implement a feature I have called "pipelining". This is still WIP,
although is fairly well advanced. I am keen to hear any feedback. You
can see the PR here:
https://github.com/openssl/openssl/pull/682
The idea is that some
On 15/02/16 20:52, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote:
>>OpenSSL version 1.1.0 pre release 3 (alpha)
>>
>>OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 3 has now
>>been made available. For details of changes and known
On 15/02/16 21:25, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 10:52:27PM +0200, Jouni Malinen wrote:
>> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote:
>>>OpenSSL version 1.1.0 pre release 3 (alpha)
>
>> It looks like something in pre release 3 has changed behavior in a way
>>
On 15/02/16 21:50, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote:
>> On 15/02/16 21:25, Jouni Malinen wrote:
>>> Is this change in OpenSSL behavior expected? Is it not allowed to call
>>> EVP_cleanup() and then re
p:\mes programmes\shared\ocrypto-11\tls.cpp (1017):
> TestsTLS-11.exe!OTLS::TLSSss::DoHandshake() + 0xC bytes
> p:\mes programmes\tests\_testsshared\teststls-11-leak\clttasks.cpp (63):
> TestsTLS-11.exe!CltThread::Main() + 0xB bytes
> p:\mes programmes\shared\sthread.cpp (17):
> Tests
On 16/02/16 16:17, David Woodhouse wrote:
> On Mon, 2016-02-15 at 22:17 +0000, Matt Caswell wrote:
>>
>> Maybe EVP_cleanup() and other similar explicit deinit functions should
>> be deprecated, and do nothing in 1.1.0? The auto-deinit capability
>> should handle it.
> f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): TestsTLS-11.exe!malloc()
> + 0x15 bytes
> e:\openssl-1.1.git\crypto\mem.c (138): TestsTLS-11.exe!CRYPTO_malloc() +
> 0x9 bytes
> e:\openssl-1.1.git\crypto\mem.c (158): TestsTLS-11.exe!CRYPTO_zalloc() +
> 0x11 bytes
>
hread.
> Both of them have OPENSSL_thread_stop() in their [pre-]exit member function.
>
> Michel.
>
> -Message d'origine-
> De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de Matt
> Caswell
> Envoyé : mercredi 17 février 2016 17:23
> À :
err.c (598):
> TestsTLS-11.exe!ERR_clear_error() + 0x5 bytes
> e:\openssl-1.1.git\ssl\statem\statem.c (279):
> TestsTLS-11.exe!state_machine()
> e:\openssl-1.1.git\ssl\statem\statem.c (222):
> TestsTLS-11.exe!ossl_statem_accept() + 0xB bytes
> e:\openssl-1.1.git\ssl\ssl_
On 18/02/16 13:59, Michel wrote:
> Yes !
> With your 2 patches applied, tls_decrypt_ticket.patch and
> fix-win-thread-stop.patch,
> (looks like I lost the first one yesterday),
> none of my tests programs using libSSL v1.1 reports leaks.
>
> I feel better. :-)
Great. I'll get those reviewed
Hi all
The ubsec and chil engines are currently disabled in 1.1.0 and do not build.
As far as ubsec is concerned I understand that this is an engine for
broadcom cards. There has been very little activity with this engine
since it was first introduced. Google brings up some very old historic
On 19/02/16 13:11, Jaroslav Imrich wrote:
> Hello Matt,
>
> If I don't hear from anyone I will remove these.
>
>
> I can confirm that CHIL engine is actively used with OpenSSL 1.0.* by
> the owners of nCipher/THALES nShield HSMs.
>
> I have notified vendor support about this thread.
>
On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
>
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
> function. When I do this with OpenSSL from git master as of right now
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:
Auto deinit
On 14/03/16 14:57, Andy Polyakov via RT wrote:
>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>> 32-bit tests OK.
>>
>> The relevant snippets are:
>>
>> $ make test
>> ...
>> ../test/recipes/90-test_async.t ... 1/1
>> # Failed test 'running asynctest'
>> #
rk out we're
>> on ppc64 then we default to ASYNC_NULL?
>
> #if defined(__APPLE__) && (defined(__ppc64__) || defined(_ARCH_PPC64))
>
>
So something like the attached?
Jeff, can you test this?
Matt
>From e30be0c1c51cc7da06f103a07d6b4b9757838867 Mon Sep 17 0
On 11/03/16 01:03, Jeffrey Walton wrote:
> Hi Everyone,
>
> Testing master on real hardware is showing some minor issues on a few
> platforms, including ARM32, ARM64, PowerPC and i686. In addition,
> there seems to be one-off issues on other combinations, like VIA's C7
> processor on Linux.
>
On 12/03/16 00:12, noloa...@gmail.com via RT wrote:
>>> What is actually running? How can I get it under a debugger?
>>
>>
>> $ ./config -d
>> $ make
>> $ make test/afalgtest
>> $ cd test
>> $ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest
>>
>
> Ooh, -d looks like a new option. Would that be
Hi Roumen
On 10/03/16 22:21, Roumen Petrov wrote:
> Hello,
>
> With new thread model in some configurations openssl hands on unload of
> engine.
I just pushed commit 773fd0bad4 to master which should hopefully resolve
this issue.
Matt
--
openssl-dev mailing list
To unsubscribe:
On 11/03/16 19:38, noloa...@gmail.com via RT wrote:
> On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT
> wrote:
>> Working from Master:
>>
>
> It looks like the hang is still present as of 603358d.
>
> When the following runs:
>
>
On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
> I've configured with:
>
> ./config enable-afalgeng
>
> When I run the self tests, I see:
>
> ../test/recipes/30-test_afalg.t ... skipped: test_afalg not
> supported for this build
You should not need to use enable-afalgeng
894a00c3f76c47 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@openssl.org>
Date: Thu, 17 Mar 2016 10:14:30 +
Subject: [PATCH 1/3] Fix no-rc2 in the CMS test
The CMS test uses some RC2 keys which should be skipped if the RC2 is
disabled.
---
test/recipes/80-test_cms.t | 14 +
0xF bytes
>
> e:\openssl-1.1.0-pre4\ssl\ssl_lib.c (2367):
> TestsTLS-11.exe!SSL_CTX_new() + 0x5 bytes
>
> p:\mes programmes\shared\ocrypto-11\tls.cpp (95):
> TestsTLS-11.exe!OTLS::TLSCtx::SetMinTLSVer() + 0x9 bytes
>
> p:\mes programmes\tests\_testsshared
On 18/03/16 22:59, Kurt Roeckx via RT wrote:
> On Fri, Mar 18, 2016 at 01:18:04PM +0000, Matt Caswell wrote:
>>
>>
>> On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
>>> I've configured with:
>>>
>>> ./config enable-afalgeng
>>>
On 14/03/16 15:21, Matt Caswell via RT wrote:
>
>
> On 14/03/16 15:05, Andy Polyakov via RT wrote:
>>>>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>>>>> 32-bit tests OK.
>>>>>
>>>>> The relevant
On 27/03/16 00:16, Jeffrey Walton wrote:
> Is this a supported configuration (no-ui and apps)?
Co-incidentally, Richard has a patch for no-ui that fixes these problems
that is currently in review.
Matt
>
> There's a fair number of warnings when configuring with no-ui:
>
>
On 23/03/16 16:00, Suarez, Miguel wrote:
> Hi
>
>
>
> Can you tell me when 1.0.1t release or later will be made available with
> fixes for the following issues (see below).
1.0.1t does not currently have a planned release date. Releases are
scheduled on an as-needed basis, typically
What happens if you run the afalgtest directly?
$ cd test
$ ./afalgtest
Matt
On 16/03/16 13:52, noloa...@gmail.com via RT wrote:
> Working from Master on a Gentoo 13 machine, x86_64. The test was run
> as root which explains one of the failures (I don't have users or SSH
> set up yet).
>
>
On 07/03/16 21:49, David Benjamin wrote:
> Hi folks,
>
> So, we've by now built up a decent-sized SSL test suite in BoringSSL. I
> was bored and ran it against OpenSSL master. It revealed a number of
> bugs. One is https://github.com/openssl/openssl/pull/603. I'll be filing
> tickets shortly
201 - 300 of 930 matches
Mail list logo