On 09/05/17 01:22, Zubin Mevawalla wrote:
> I was curious if these were real null pointer dereference issues?
>
> CodeAi, an automated repair tool being developed at Qbit logic,
> suggested a couple of if-guards as fixes.
>
> The first was in crypto/async/async_wait.c on line 157. `prev` is
>
On 18/05/17 06:32, Jayalakshmi bhat wrote:
> Please can any one let me know the release date or time line for OpenSSL
> 1.1.1?
We have not set a date as yet. At the very least we will not be able to
release until the IETF takes TLSv1.3 out of draft status - which is not
in our control.
Matt
On 09/05/17 15:03, Salz, Rich via openssl-dev wrote:
>> doesn't test for whether this is set. I think the shlibloadtest should only
>> test
>> the dlclose() return value on if OPENSSL_USE_NODELETE is set.
>
> Please see https://github.com/openssl/openssl/pull/3399
>
>> 2) crypto/init.c at
On 26/06/17 21:18, Kurt Roeckx wrote:
>> “Recommendation for Random Number Generation Using Deterministic Random
>> Bit Generators”
>> http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
>>
>> That design may look complicated, but if you think you can
>> leave out some of the
On 26/06/17 19:57, Salz, Rich via openssl-dev wrote:
> I was asked off-list why we're doing this. A reasonable question. :)
>
> There are many complains about the OpenSSL RNG. For started:
> https://github.com/openssl/openssl/issues/2168
>
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2l and 1.1.0f.
These releases will be made available on 25th May 2017 between
approximately 1200-1600 UTC.
Note: These are bug-fix only
On 02/06/17 11:00, Emeric Brun wrote:
> Hi,
>
> I'm working on an ASYNC engine designed to offload crypto on multiple thread
> for monoproc applications.
>
> No issue on asymetric crypto part but i'm facing a problem concerning ciphers:
>
> When an SSL_read operation perform a do_cipher
On 02/06/17 15:20, Emeric Brun wrote:
>
> I've just read the code and I see it is not possible.
>
> I'm disappointed because i think that a lot of applications which are using
> openssl in asynchronous mode
> also uses SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER and have
> ephemeral/reused/circular
On 16/06/17 10:25, Matt Caswell wrote:> Possibly a bad clang-3.9
update?? Any ideas?
After this command in the logs:
$ sudo -E apt-get -yq --no-install-suggests --no-install-recommends
--force-yes install clang-3.9
Failing builds look like this:
After this operation, 262 MB of additional d
I'm seeing some weird Travis failures:
LD_LIBRARY_PATH=.: clang-3.9 -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG
-DOPENSSL_THREADS -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSL_PIC
-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DOPENSSLDIR="/usr/local/ssl"
-DENGINESDIR="/usr/local/lib/engines-1.1" -Wall -O3 -pthread
Hi all
OpenSSL 1.1.1, when it is released, will support TLSv1.3 and it will be
binary and source compatible with OpenSSL 1.1.0. If your application
already supports 1.1.0 then, in theory, all you need to do to support
TLSv1.3 is to drop in the new OpenSSL version. However there are various
issues
Just a reminder about our code health Tuesday event this week. Please
see the details below.
Matt
Forwarded Message
Subject: Code Health Tuesday - old issues
Date: Thu, 27 Apr 2017 08:43:18 +0100
From: Matt Caswell <m...@openssl.org>
To: openssl-dev@openssl.org <op
Just to let you all know that we managed to close 58 old tickets as a
result of this event. Fantastic!
Thanks
Matt
On 27/04/17 08:43, Matt Caswell wrote:
>
>
> Hi all
>
> Our next "Code Health Tuesday" event will be on Tuesday 2nd May.
>
> This time we wou
ymas.com
>Director, Highland Sun http://highlandsun.com/hyc/
>Chief Architect, OpenLDAP http://www.openldap.org/project/
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
--
Matt Caswell <m...@openssl.org>
An update on the TLS1.3 middlebox issue posted to the TLS WG list which
may be of interest to the openssl-dev group.
Matt
Forwarded Message
Subject:[TLS] Update on TLS 1.3 Middlebox Issues
Date: Fri, 6 Oct 2017 13:16:37 -0700
From: Eric Rescorla
To:
On 03/10/17 16:15, Benjamin Kaduk via openssl-dev wrote:
> Hi all,
>
> Doing some testing with a snapshot of master (s_client with -tls1_2 and
> optionally a cipherspec that prefers ECDHE ciphers), we're running into
> a sizeable number of servers that are sending extension 0xa (formerly
>
On 03/10/17 18:51, Robin H. Johnson wrote:
> On Tue, Oct 03, 2017 at 09:45:43AM +0200, Tomas Mraz wrote:
>> On Tue, 2017-10-03 at 08:23 +0100, Matt Caswell wrote:
>>>
>>>> 1.2. This also opens the path to stronger key derivation (PBKDF2)
>>>> 2. During
Issue 4283 (https://github.com/openssl/openssl/issues/4283) has caused
me to take a close look at QUIC. This seems to have been getting a *lot*
of attention just recently. See the IDs below for details:
https://tools.ietf.org/html/draft-ietf-quic-transport-05
On 27/09/17 15:32, Byrne, Andrew wrote:
> I’m working on testing some lattice based algorithms in openSSL for the
> establishment of a TLS channel. I’ve investigated the potential for
> developing an engine to support this as it would mean I don’t need to
> touch the core openSSL code. However,
On 02/10/17 15:00, Blumenthal, Uri - 0553 - MITLL wrote:
> Moving to openssl-dev, because I think OpenSSL-1.0.2 needs a fix.
>
>
>
> To be more specific, the following get methods are missing in 1.0.2:
>
>
>
> - EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *, …)
>
> -
On 02/10/17 20:20, Robin H. Johnson wrote:
> Commit f8547f62c212837dbf44fb7e2755e5774a59a57b (documented in
> 9e8b6f042749ded556380227c9f2db7ffad9a3aa), changed the default digest
> for the 'enc' utility from MD5 to SHA256.
>
> While I do strongly encourage getting away from MD5, this has the
>
On 29/08/17 10:45, Dr. Matthias St. Pierre wrote
> Currently, the OpenSSL core members seem to be reluctant to make the
> API public, at least at this early stage. I understand Rich Salz's
> viewpoint that this requires a thorough discussion, because a public
> interface can't be easily changed
On 01/09/17 18:05, Hubert Kario wrote:
> When openssl sends a second Client Hello message, it modifies it quite
> extensively, not only client_random is changed but also advertised cipher
> suites.
>
> see https://github.com/openssl/openssl/issues/4292
>
> That makes it non-compliant with
On 03/09/17 22:18, Blumenthal, Uri - 0553 - MITLL wrote:
> MacOS 10.12.6, Xcode-8.3.3. Current Github master:
>
> Test Summary Report
> ---
> ../test/recipes/70-test_clienthello.t(Wstat: 256 Tests: 1
> Failed: 1)
> Failed test: 1
> Non-zero exit status: 1
>
On 01/09/17 23:42, Blumenthal, Uri - 0553 - MITLL wrote:
>
>
> Begin forwarded
>
>> *Subject:* *openssl 1-1-0-stable fails*
>>
>> OpenSSL_1_1_0-stable current Github
>>
>> Test Summary Report
>> ---
>> ../test/recipes/80-test_cms.t(Wstat: 256 Tests: 4 Failed: 1)
On 29/08/17 15:02, Salz, Rich via openssl-dev wrote:
>
> dev asap. If there are problems with it we can always revert it before
> it makes it into a release.
>
> Someone on the OMC called that “flip-flopping” and seemed to be against this
> kind of thing.
>
> If we are going to have
On 27/09/17 15:44, Ma chunhui wrote:
> Hi,
>
> I met one problem when using OpenSSL1.1.0f with protocol TLSv1.
> In brief, when using TLSv1, after server side received encrypted data,
> and after function tls1_enc finished, the decrypted data is not put in
> result buffer, after another
On 23/10/17 12:51, APOB83 wrote:
> Hi,
>
> I've noticed the following statement in another thread here...
>
> *May I suggest you have a look at the GOST engine? It does implement
> the algorithm entirely in the engine. The only things added in the
> OpenSSL code are the OIDs (not strictly
On 02/11/17 13:01, Ma chunhui wrote:
> Hi, Openssl team
> After we upgrade openSSL from 1.0.2 to 1.1.0f, we met an error which
> might be a bug.
Does this fix it:
https://github.com/openssl/openssl/pull/4685 (master)
https://github.com/openssl/openssl/pull/4686 (1.1.0)
Matt
--
openssl-dev
On 07/12/17 15:16, Randall S. Becker wrote:
> For HPE NonStop J-Series: Builds passed. Previous version was 1.0.2m.
>
> New breakage:
> ../util/shlib_wrap.sh ./fatalerrtest ../apps/server.pem ../apps/server.pem
> SSL_accept() failed -1, 1
> 1827815872:error:140800FF:SSL
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.0g and 1.0.2m.
These releases will be made available on 2nd November 2017 between
approximately 1300-1700 UTC.
This is a bug-fix release. It
On 25/10/17 16:19, Tomas Mraz wrote:
>> |However libssl currently does not have a way to apply some policy such
>> |as using just protocol TLS1.2 or better system-wide with a possibility
>> |for sysadmin to configure this via some configuration file. Of course
>> |it would still be up to
On 30/10/17 13:50, Matt Caswell wrote:
> Forthcoming OpenSSL releases
>
>
> The OpenSSL project team would like to announce the forthcoming release
> of OpenSSL versions 1.1.0g and 1.0.2m.
>
> These releases will be made available on 2nd
Today I have had great pleasure in attending the Real World Crypto 2018
conference in Zürich in order to receive the Levchin prize on behalf of
the OpenSSL team. More details are available in my blog post here:
https://www.openssl.org/blog/blog/2018/01/10/levchin/
Matt
--
openssl-dev mailing
On 16/01/18 19:44, Michael Richardson wrote:
>
> Matt Caswell <m...@openssl.org> wrote:
> >> a) when the existing FD is connect(2) any future traffic to the bound
> >> port will get rejected with no port. So the application really has to
&g
On 16/01/18 15:32, Michael Richardson wrote:
>
> a) when the existing FD is connect(2) any future traffic to the bound port
>will get rejected with no port. So the application really has to open a
>new socket first.
>The application can do this two ways: it can open a new socket on
On 17/01/18 16:34, Michael Richardson wrote:
>
> > It seems like a fairly simple solution could solve this. Currently we
> > have BIO_dgram_get_peer() which returns the peer's address for the last
> > message read from a BIO. You could imagine a new call being introduced
> > to
On 19/01/18 16:32, Michael Richardson wrote:
> Matt Caswell <m...@openssl.org> wrote:
> > Please raise a separate PR for this work. It *must* be portable though
> > and work across all our platforms (e.g. including VisualC etc). My
> > suggestion is that y
On 02/02/18 11:18, Atul Gupta wrote:
> I want to add GCM support to afalg engine and have the patch tested with
> apache and s_server/s_client. Can I submit the patch for review? Any
> suggestion?
A patch would be most welcome. All patches should be submitted through
github. Please make sure
Hi
I have encountered a problem whilst building the HTML documentation. All
appears to build successfully, however when I view the file
crypto/crypto.html and click on the link dsa, this takes me to
apps/dsa.html instead of the expected crypto/dsa.html.
Interestingly the documentation on
Hello
The openssl EC library is a fantastic resource which provides an
extensive set of functions for performing work with elliptic curves.
Unfortunately the documentation available is somewhat minimalistic.
The documentation is not in the standard openssl pod format (it is
instead in doxygen
On 25/08/12 22:48, Andrey Kulikov wrote:
Does this behavior a bug, or somewhere documented convention?
I've studied FIPS 180-3, SP 800-57 and SEC 1: Elliptic Curve
Cryptography but didn't find any indications of such conventions.
Maybe I overlooked something?
By convention the key size for
On 26/08/12 14:50, Andrey Kulikov wrote:
By convention the key size for ECC is given as the number of bits in
the order.
E.g. see table 3 in SEC 1.
Could you please provide a reference to document, defining this
convention?
Unfortunatelly table 3 in section B.2.1 of SEC 1 (both v1 and v2)
On 26/08/12 16:15, Andrey Kulikov wrote:
For ECC the key size is stated to be size of n in bits (where n is
the order).
'n' is an order of base point 'G' on EC - i.e. size of private key
(what should be in range [1; n-1]), not public.
Thus, I understand that it is a size of EC private key
On 26/08/12 16:51, Andrey Kulikov wrote:
Talking about the bit-length of the public key data is not particularly
helpful because it depends on whether it is in compressed format or not.
Sorry, but size of public key does not depends on size of it's
representation.
It can be compressed,
Hello
When using OpenSSL-1.0.1e-fips a call to PEM_write_bio_PrivateKey
silently fails and produces a corrupt pem file when using an
EVP_PKEY_EC key and a binary curve. The same function works fine when
not using a FIPS capable OpenSSL. I suspect the same problem will
affect any ASN.1 routines
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote:
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a
before the patch:
Sign Success
140173552527040:error:0A071003:dsa routines:DSA_do_verify:BN lib:dsa_ossl.c:454:
Verify Failed
Output after patch:
Sign Success
Verify Failed
Matt
From 48a66681367f80016360c5bff47744fff4132ed3 Mon Sep 17 00:00:00 2001
From: Matt Caswell fr...@baggins.org
Date: Fri
Fixed in this commit:
https://github.com/openssl/openssl/commit/23f5908ac753b176af2a0690e0ebb53c95ef192b
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in this commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a141effa7b2c731fe6e099334be5ded050f965ea
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e5676b8328a486565fc3c7f408a40beb4d47cd08
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
This patch looks like a bit of a kludge to me. Release a buffer only to then
immediately set it up again. Compare with this commit on master:
https://github.com/openssl/openssl/commit/3ef477c69f2fd39549123d7b0b869029b46cf989
I think a backport of this might be more appropriate.
Matt
Resolved in this commit:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=16ba70746b3bd9d1bd17cf7135c00ff1e47dfcfe
Also, simiilar commits in 1.0.2, 1.0.1 and 1.0.0 branches.
Many thanks for your contribution.
Matt
__
Closing this ticket as per Steve's comments.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
This patch changes the output of pkg-config --libs libssl from:
-L/usr/local/ssl/lib -lssl -lcrypto
to:
-L/usr/local/ssl/lib -lssl
Arguably this is the strictly correct approach. However in practice I suspect
many build scripts will rely on this behaviour and break as a result of this
change. I'm
As per comments in PR#3332
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
As per comments by Viktor on the dev list, this is by design:
On 27 April 2014 17:10, Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Sun, Apr 27, 2014 at 01:04:13PM +0200, sch_m via RT wrote:
I was playing around with openssl and found a minor bug which
makes possible to put the end date
This ticket has been reopened. Given the current discussion on this topic, I
will leave this for a week to give people some time to air their views, and
then I will revisit the decision.
__
OpenSSL Project
Setting this ticket as resolved:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8bbfd94e36559ceb7187d4d8a63e950713b93e0d
Above for master branch. Similar commits for 1.0.2, and 1.0.1 (the first branch
with SRP support).
Matt
Hi David
Many thanks for your report. I can confirm that I have recreated your results,
and have applied the following fix:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2d2e0479eb758dddb4b5236aa6e3288f2682b279
Similar commits have been applied to the 1.0.2, 1.0.1 and 1.0.0 branches.
Thanks Tim. Patch applied
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b6e69d284b79097d0d9e39996cbe59eae6bb36e2
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e94fadd0b79491714401d89b338db27211b9819
Similar commits on 1.0.2, 1.0.1 and 1.0.0 branches.
This also fixes
On 12 May 2014 11:36, Ajit Menon via RT r...@openssl.org wrote:
I think this is the right change. However, I see that there is another
len-tot in the following conditional block
#if !defined(OPENSSL_NO_MULTIBLOCK) EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
This is within the same function. I wonder
Nice catch - thanks!
I've committed Kurt's revised patch to all appropriate branches.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I promised to look at this again after a week. Including myself and Mike I have
had 5 people express an opinion on this (one of those privately to me).
Of those:
3 have spoken in favour of the patch
2 have spoken in favour of the status quo
My concern was that this fix might break existing
Committed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ab6577a46ecee670b640f0ee49e2ebef80ad18a7
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Committed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c4f522f49eb54a61bada6d39a8b137b6751f01
Thanks for your contribution,
Matt
__
OpenSSL Project http://www.openssl.org
Development
Committed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2af071c0bc3f5573574ccf8927dbf60f47c81df5
Thanks for your contribution,
Matt
__
OpenSSL Project http://www.openssl.org
Development
Hi Jeff
Hmmm, I cannot reproduce this. Using the attached as a test case I see the
following output (i.e. no crashes):
Test one
Return code 0
Test two
NULL 1 (0x1)
Return code 1
Test three
Return code 0
Test four
1 (0x1)
Return code 1
The NULL bio should be checked ultimately in BIO_write
Closing this ticket. Problem was with ubuntu package.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Hi Jeff
Do you have an update on this, as per my last message?
Thanks
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
This is a pretty cool patch!
Martin sent me some instructions on how to get this working with wireshark,
which I have reproduced for reference at the end. This worked for me using
Wireshark 1.10.6
With regards to the patch itself, it is the idiom of many of the OpenSSL
command line apps to take
I've discussed this one with Steve who tells me that this is a known bug. The
current fix is to not have expired certificates in the trust store.
It can be fixed but it has some complex consequences which need to be explored.
Probably needs revision of the verification algorithm which is
Steve has committed the following fixes:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f719f063cff50cc2f2f25fa55c0d2384eea08fb
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=558c94efc00ce15a9fcc9370598d8841392ff0f3
Closing this ticket.
Matt
Hi Luiz
Thanks for the patch. I've reviewed it and it looks good. With regards to your
comments around X509_V_ERR_PERMITTED_VIOLATION vs
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, I think you did it right.
Therefore:
Hi Martin
Thanks for your contribution. I have applied your updated patch:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=189ae368d91d2c9de5ed1fa21e993f5c83fc4445
Matt
__
OpenSSL Project
Patch applied:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c5f0b9bd8650a92eac1ef2fa28c726bbbc272904
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Fixed.
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=955376fde3c60999b27deeebb41d82ad17dca3da
Thanks for the report.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing
Fixed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=15658d0cbf51ae32f7c9d0d3dc1eac36e220a167
Thanks for the report.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing
Thanks for the feedback. I have changed tack slightly:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3d9243f1b614640f3dcbba0d7de89f363581e8e0
I think this is a better approach anyway, and resolves your issue with trailing
data after the END marker.
Matt
Dmitry has confirmed that this is not a defect, so closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Dmitry has confirmed that this is not a defect, so closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Patch applied:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=028bac0670c167f154438742eb4d0fbed73df209
Many thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Hi Libor
Many thanks for your submission. Please could your resubmit this with a
separate ticket for each item?
Having a single ticket for multiple issues makes it quite difficult for us to
track and manage - they may not all be reviewed at the same time, or by the
same person.
Thanks
Matt
Hi Hubert
The title for this request is slightly misleading as this was actually 3
commits only one of which was regards to an example in ciphers(1).
Taking the 3 commits in turn:
fix example with DH cipher suites:
I don't agree that the man page implies anything about anonymous ECDH when it
Steve Henson has comitted this here:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4fdf917
Thanks
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Hi David
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d1e1aee
Many thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing
On Thu May 29 08:28:24 2014, noloa...@gmail.com wrote:
Matt -
I have not forgot about this I can't find the machine I wrote the
code on (my place probably looks a lot like your place - different
computers and laptops with different OSes all over the place).
My place does look a bit like
This pull request appears to be closed. Is this ticket still valid?
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e3231642b89332fa56ed2b6f501e28722e2048e
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Hi Lubu
Thanks for your submission. However this is intentional and won't be changed.
Closing this ticket.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On Thu Jun 05 20:40:49 2014, rainer.j...@kippdata.de wrote:
File ssl/s3_pkt.c uses INT_MAX since May 19th. This macro is defined in
limits.h which is not included in s3_pkt.c.
+#include limits.h
#include stdio.h
#include limits.h
Hmmmlook two lines down from where you've added an
On 05/06/14 20:08, Rainer Jung wrote: One correction to self: no problem for
1.0.1, which had been fixed in
commit 8ca7d124304502158fba780eed293c4e3c5c1c71 Fixed Windows
compilation failure.
But 1.0.0 and 0.9.8 lack tha addition.
I have back ported the commit to 1.0.0 and 0.9.8
Matt
Hi Mike
On Sun Apr 27 13:04:20 2014, vap...@gentoo.org wrote:
It's a standard setting that other build systems use.
Can you explain why you need this?
@@ -217,6 +217,7 @@ BUILDENV= PLATFORM='$(PLATFORM)'
PROCESSOR='$(PROCESSOR)' \
MAKEDEPEND='{TOP}/util/domd {TOP} -MD
On Thu Jun 05 20:41:05 2014, k...@roeckx.be wrote:
This is probably related to me not exporting those symbols as they are
marked local.
Kurt
Is this related to the way you build the Debian packages? We are likely to see
a lot more like this as Mike's test team get going. In unit testing its
On Thu Jun 05 23:42:31 2014, k...@roeckx.be wrote:
We are likely to see
a lot more like this as Mike's test team get going. In unit testing
its okay
to access internal symbols.
But then you shouldn't link to the shared library. The static
library probably works.
Any chance you can
Patch merged:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7be1d8764d30d2f04696d7f834df349bc4bffd73
Thanks for the contribution
Matt
__
OpenSSL Project http://www.openssl.org
Hi Quanah
Thanks for the submission. The problem with correcting this is that technically
it forms part of the public API (since the macro is defined in asn1.h). I guess
there's probably not a huge risk in changing it, as I can't imagine there's too
many people relying on that define being there,
Hi Hubert
Nice patch!
A couple of comments:
* aNULL also includes some SRP based ciphersuites
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(256) Mac=SHA1
SRP-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=None Enc=3DES(168) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=None Enc=AES(128) Mac=SHA1
* The
Merged.
Thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Hi Pieter
Can you confirm that this resolves your problem:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5a0d057e49a6f7b5ee5ff6f8af5ae395abc7b918
Thanks
Matt
__
OpenSSL Project
401 - 500 of 930 matches
Mail list logo