On Fri, Jun 14, 2013, Bodo Moeller wrote:

> On Thu, Jun 13, 2013 at 6:39 PM, Ben Laurie <b...@links.org> wrote:
> 
> It is therefore suggested that I pull this patch:
> >
> >
> > https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
> 
> 
> The behavior change applies only if new option
> SSL_OP_SAFARI_ECDHE_ECDSA_BUG is used (part of SSL_OP_ALL), as is standard
> for interoperability bug workarounds, so while it is very unfortunate that
> we'd need to do this, I'm in favor of accepting this patch.

Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set it:
they'd all need to be recompiled.

Possibly alternative is to reuse one of the existing *ancient* flags. Does
anyone really care about compatibility with a bug in SSLeay 0.80 for example?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to