The tool looks good, but either you didn't find the right link, or it's got
bugs. Of the four symbols you found, ASN1_STRING_clear_free(),
SRP_user_pwd_free(), and SRP_VBASE_get1_by_user() all exist; only
ENGINE_load_rsax() was removed.
--
Senior Architect, Akamai Technologies
Member,
I guess the dashboard is only picking up incremental differences, then,
so the four missing symbols is just for 1.0.1u to 1.0.2 (no letter); any
symbols that were added to both 1.0.1 and 1.0.2 letter releases (e.g.,
for CVE fixes) would show up as "removed" since they weren't in the
initial 1.0.2
OpenSSL is correct to expect the extension as an IA5STRING. The
netscape-comment extension is defined with the OID
2.16.840.1.113730.1.13 and should be an IA5STRING.
Some references (It's not in any RFC afaik):
https://docs.oracle.com/cd/E19957-01/816-5533-10/ext.htm#1043093
[moving from github to -dev]
On 01/27/2017 07:36 AM, mattcaswell wrote:
>
> 1.0.2 is the software version.
> The numbers on the end of lbssl.so.1.0.0 refer to the ABI version -
> which is different. Software version 1.0.2 is a drop in replacement
> for 1.0.1, which is a drop in replacement for
On 27/01/17 16:54, Benjamin Kaduk via openssl-dev wrote:
> [moving from github to -dev]
>
> On 01/27/2017 07:36 AM, mattcaswell wrote:
>>
>> 1.0.2 is the software version.
>> The numbers on the end of lbssl.so.1.0.0 refer to the ABI version -
>> which is different. Software version 1.0.2 is a
Hi,
SRP_VBASE_get1_by_user() was ADDED to 1.0.2g 1 march 2016 [CVE-2016-0798].
I remember it very well !
;-)
Michel
-Message d'origine-
De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de
Salz, Rich via openssl-dev
Envoyé : vendredi 27 janvier 2017 19:49
À : Kaduk,