RE: TLS unknown_ca alert number 48

2010-12-02 Thread jason.ting
According to that, your client cert isn't self-signed. It is apparently signed by the same company, which isn't the same thing; in X.509 and SSL, self-signed means that the cert Subject and Issuer,and specifically the subject KEY and the issuing/signing KEY, are EXACTLY the same. What

SSL shutdown

2010-12-02 Thread Aarno Syvänen
Hi List, I have problem with SSL_shutdown. Advice seems to be to call it again, if the return value is 0. However, this means that shutdown can hang forever. Can I just call SSL_shutdown and go on ? regards aarno __ OpenSSL

OpenSSL 1.0.0c released

2010-12-02 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0c of our open source

OpenSSL security advisory

2010-12-02 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [2 December 2010] OpenSSL Ciphersuite Downgrade Attack = A flaw has been found in the OpenSSL SSL/TLS server code where an old bug workaround allows malicous clients to modify the stored

OpenSSL 0.9.8q released

2010-12-02 Thread OpenSSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8q released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8q of our open source

RE: OpenSSL 1.0.0c released

2010-12-02 Thread Erik Tkal
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the other two. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From:

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Dr. Stephen Henson
On Thu, Dec 02, 2010, Erik Tkal wrote: Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the other two. http://www.openssl.org/news/secadv_20101202.txt Steve. -- Dr Stephen N. Henson.

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Mounir IDRASSI
http://www.openssl.org/news/secadv_20101202.txt -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/2/2010 9:03 PM, Erik Tkal wrote: Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the

Re: OpenSSL 1.0.0c released

2010-12-02 Thread Victor Duchovni
On Thu, Dec 02, 2010 at 03:03:02PM -0500, Erik Tkal wrote: Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the other two. 1.0.0c contains important non-security bug fixes for 1.0.0b, so you

Re: SSL shutdown

2010-12-02 Thread David Schwartz
On 12/2/2010 2:36 AM, Aarno Syvänen wrote: Hi List, I have problem with SSL_shutdown. Advice seems to be to call it again, if the return value is 0. However, this means that shutdown can hang forever. Can I just call SSL_shutdown and go on ? You can go do other things and try to shut the