On 14/06/13 14:31, Dr. Stephen Henson wrote:
The behavior change applies only if new option
SSL_OP_SAFARI_ECDHE_ECDSA_BUG is used (part of SSL_OP_ALL), as is standard
for interoperability bug workarounds, so while it is very unfortunate that
we'd need to do this, I'm in favor of accepting this patch.
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set it:
they'd all need to be recompiled.
Yep, but 0x400 is the only currently unallocated bit.
Possibly alternative is to reuse one of the existing *ancient* flags. Does
anyone really care about compatibility with a bug in SSLeay 0.80 for example?
I'd wondered about that. If you're happy to reallocate one of the
ancient flags, please do!
Senior Research & Development Scientist
COMODO - Creating Trust Online
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager majord...@openssl.org