On 25.02.2010 22:36, William A. Rowe Jr. wrote:
I'd like to move ahead and catch up to OpenSSL 0.9.8m which was released today,
and that requires a 2.2 release.
Let's start a three day clock to the tag, and I'll tag Sunday about noon CST.
That gives folks friday, and weekend warriors time Saturday to catch up with
final important bugfix backports, and testers can pick this up Sunday afternoon
or anytime Monday/Tuesday.
WDYAT?
Isn't 0.9.8m by default still allowing unsafe renegs? So updated clients
will be safe, but the server doesn't enforce the safetyness (and reject
unsafe client).
trunk already contains a patch by Joe that allows the admin to decide,
whether he wants to reject unsafe reneg or not.
The revisions of the patch and some additiona to it are:
906039
906057
906067
906116
906454
906485
906491
906493
908015
I guess backporting is pretty straightforward. Wouldn't it be nice to
already support this with 2.2.15?
Joe, do you already have a candidate, or should I suggest a backport
patch myself?
Regards,
Rainer
