Am 2016-04-26 um 17:04 schrieb Stuart Henderson:
When will that bug be fixed for the ftp program?
Well, it's a tricky area - OpenSSL introduced a vulnerability when they
fixed it in their code (post-libressl-fork). So it won't be fixed until
libressl people find a sane way to do it.
What vulnerability did they introduce? I am still heavily relying on
OpenSSL since not all my planned OpenBSD systems are in productive use yet.
Will it be sufficient to subscribe to [email protected] in order
to receive a message when libressl should be as far as to accept any
descendants of intermediate certificates?
btw.: do you know since what version that is enabled for OpenSSL?
