Hi, There was recently a FIPS capable openssl-1.0.1-stable release (link below released).
ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-2011MMDD.tar.gz Can you advise if 1.0.1-stable would have the relevant patches or its best to checkout 1.0.0-stable and apply #2550 and #2555?. Thanks, -Yogi On Fri, Jul 8, 2011 at 12:05 AM, Robin Seggelmann <seggelm...@fh-muenster.de> wrote: > Hi Yogesh, > > The patch was created for the development version in the CVS, you can't use > this patch for 1.0.0d without at least patch #2506 previously applied. So you > either have to check out the 1.0.0-stable repository and apply the not yet > applied patches #2550 and #2555 or you can use the cumulative patch for > 1.0.0d from our website sctp.fh-muenster.de, which includes all patches since > the last release. > > I hope 1.0.0e will be released anytime soon, with the latest patches > included. Makes things a lot easier. > > Best regards > Robin > > > On Jul 6, 2011, at 11:29 PM, Yogesh Chopra wrote: > >> Hi, >> I am using openssl-1.0.0d and have been applying patches provided >> earlier and was able to apply this patch cleanly but it fails >> compilation. The "listen" comes up as a undeclared identifier. Can >> you recheck the patch?. >> >> Thanks, >> -Yogi >> >> On Wed, Jul 6, 2011 at 11:41 AM, Robin Seggelmann via RT <r...@openssl.org> >> wrote: >>> This patch fixes that the server increases the expected handshake sequence >>> number while listening for new connections, although its supposed to not >>> change its state. The server also reflects the record sequence numbers of >>> ClientHellos in its HelloVerifyRequest and ServerHello messages now to >>> remain stateless, as described in >>> http://tools.ietf.org/html/draft-ietf-tls-rfc4347-bis-06. >>> >>> Thanks to Yogesh Chopra for providing hints! >>> >>> Best regards >>> Robin >>> >>> >>> >>> >>> --- ssl/d1_srvr.c 25 May 2011 14:29:55 -0000 1.20.2.18 >>> +++ ssl/d1_srvr.c 6 Jul 2011 10:06:25 -0000 >>> @@ -167,6 +167,8 @@ >>> s->in_handshake++; >>> if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); >>> >>> + s->d1->listen = listen; >>> + >>> if (s->cert == NULL) >>> { >>> SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); >>> @@ -276,6 +278,12 @@ >>> >>> s->init_num=0; >>> >>> + /* Reflect ClientHello sequence to remain stateless >>> while listening */ >>> + if (listen) >>> + { >>> + memcpy(s->s3->write_sequence, >>> s->s3->read_sequence, sizeof(s->s3->write_sequence)); >>> + } >>> + >>> /* If we're just listening, stop here */ >>> if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) >>> { >>> >>> >>> >>> >>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List openssl-dev@openssl.org >> Automated List Manager majord...@openssl.org > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
