[openssl-users] OpenSSL F2F
Sorry, we didn't think to put this out earlier... The OpenSSL dev team is having a face-to-face meeting this week in Berlin, co-located with LinuxCon. If you're in the area, feel free to stop by. In particular, on Tuesday from 16:50-17:40 - "Members of the openssl development team will be available to help with porting applications to 1.1.0, help guide how people can contribute to the project, and be available to discuss other technical issues. Downstream distributions and embedded applications developers should also stop by to introduce themselves" If you're not available during that time, but want to chat, please let us know. /r$ -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] calloc vs kssl_calloc
On 10/01/2016 03:32 PM, Geoffrey Coram wrote: > On 09/30/2016 09:29, "Salz, Rich"wrote: >>> Is there something more I should do on this issue? I recall the >> OpenSSL terms of use strongly discouraged people from the US from >> helping, due to US export restrictions. >> >> That's kinda outdated. > > That didn't answer my question. I reported a bug, I'm not a developer > / on the developer list; will someone else take this, or is there some > bug database that I should enter an issue into? The general question has been answered already. In this specific case, the best thing for you to do would be to test https://github.com/openssl/openssl/pull/1622 , which I submitted after making the claim that the calloc usage was "just a bug". -Ben -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL and sourc'ing countries (was: calloc vs kssl_calloc)
On 01/10/2016 23:01, Jeffrey Walton wrote: Is there something more I should do on this issue? I recall the OpenSSL terms of use strongly discouraged people from the US from helping, due to US export restrictions. That's kinda outdated. However there are very many OpenSSL users (myself included) who rely on the legal status of OpenSSL/SSLeay as having no US origin parts. If this has changed, it needs a big red banner at the top of the www.openssl.org, every affected source file with the original EAY copyright boilerplate or its OpenSSL clone etc. That's kind of interesting. Are you saying there are countries where you can source and import your crypto from some countries, but not other countries? I'm not sure about that either. Part of my point is that when *exporting* or *reexporting* products that include OpenSSL code, the various filings (including DoC/BIS as it happens) tend to include declarations related to the country of origin of the cryptographic software. Therefore (and for other reasons) it is very disconcerting if a project such as OpenSSL, which is actually famous for its non-US origin, silently changes its country of origin. As I understand the US procedures from working with DoC and BIS, you don't need an import license (only an export license). But I'd be interested in hearing how some countries are trying to control the crypto from the import side of the equation. More humorously, does import versus export even matter? The crypto genie is out of the bottle. It can't be put back. Unfortunately, governments tend to disagree, and we can't all afford to ignore ill-conceived laws. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] calloc vs kssl_calloc
On 01/10/2016 23:18, Salz, Rich wrote: However there are very many OpenSSL users (myself included) who rely on the legal status of OpenSSL/SSLeay as having no US origin parts. If this has changed, it needs a big red banner at the top of the www.openssl.org, every affected source file with the original EAY copyright boilerplate or its OpenSSL clone etc. As of 1.1.0 every single file has modifications by US Citizens because I globally changed the copyright. Really, I thought the US team dealt exclusively with the FIPS bureaucracy acting as "cutouts" between US government interests and the non-US developers, never actually touching the code. We are NOT going to mark US/non-US contributions, sorry. OpenSSL and SSLeay has always had US contributions, it's just that we were done indirectly. For example, "git show eb64730" which was early 2000. This fact was *not* published widely enough to be seen by everyone concerned. It was certainly not published as widely as the fact that SSLeay was created and maintained entirely outside the US, and that this was one of its major attractions. Basically that internal checkin (which I have no idea what is, since I only see the released tarballs) or any earlier US code changes would have been a watershed change. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] calloc vs kssl_calloc
> This fact was *not* published widely enough to be seen by everyone > concerned. It was certainly not published as widely as the fact that SSLeay > was created and maintained entirely outside the US, and that this was one of > its major attractions. > > Basically that internal checkin (which I have no idea what is, since I only > see > the released tarballs) or any earlier US code changes would have been a > watershed change. Well, I can't go back to 2000 and change things. You'll have to decide what you want to do now. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users