With the announcement of OpenSSL 1.0.0 on the way, may I attempt to get
some attention on this issue for which:
* a patch exists
* a test case exists (that exposes the problem, that verifies the fix
doesn't break anything)
* multiple users have shared their concern over the years (some
publicly some privately)
* which have be brought up and reported to openssl-dev a number of
times requesting attention
I'm happy to answer questions and concerns on the issue, please tell the
list publicly what more can be done on the issue.
My own feeling is that there does not seem to be any module ownership
for the SSL directory and libssl.so amongst the developers; or that the
current ownership doesn't have sufficient time to address community
needs even when all the hard work has been already done for them.
If there is no module owner for SSL/libssl could one be appointed please
so at least there is an official point of contact for this part of the
library to address matters to.
The rest of OpenSSL has worked well with various committers happy to
examine patches for modules they are confident in progressing.
My best openssl-dev posts to the issues have been:
http://www.mail-archive.com/openssl-dev@openssl.org/msg24105.html
[recently]
The patch:
http://marc.info/?t=115154004000001&r=1&w=2 [1st followup contains patch]
Darryl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org