On Fri, 06 Nov 2015 22:07:25 +0100, Kurt Roeckx wrote:
> On Fri, Nov 06, 2015 at 09:22:04PM +0200, Niko Tyni wrote:
> > As discussed on IRC, it looks to me like there's no code support for
> > HTTPS_VERSION in 0.73_04 anymore. It seems to be just a leftover in
> > the docs.
> >
> > The upstream
On Fri, Nov 06, 2015 at 05:48:32PM +0100, gregor herrmann wrote:
> I have to admit that I'm still not completely sure if/how this
> affects us packaging-wise. My current understanding is, that the
> library would allow to set SSLv3 via HTTPS_VERSION which will fail
> now on Debian but that it
On Tue, 03 Nov 2015 22:35:10 +0100, Kurt Roeckx wrote:
> On Tue, Nov 03, 2015 at 10:33:21PM +0100, Kurt Roeckx wrote:
> > On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote:
> > > At a quick glance this looks good, since there's only
> > > SSLv23_client_method() left. What confuses
On Fri, Nov 06, 2015 at 05:48:32PM +0100, gregor herrmann wrote:
> On Tue, 03 Nov 2015 22:35:10 +0100, Kurt Roeckx wrote:
>
> > On Tue, Nov 03, 2015 at 10:33:21PM +0100, Kurt Roeckx wrote:
> > > On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote:
>
> > > > At a quick glance this
On Fri, Nov 06, 2015 at 09:22:04PM +0200, Niko Tyni wrote:
> On Fri, Nov 06, 2015 at 05:48:32PM +0100, gregor herrmann wrote:
>
> > I have to admit that I'm still not completely sure if/how this
> > affects us packaging-wise. My current understanding is, that the
> > library would allow to set
Source: libcrypt-ssleay-perl
Version: 0.58-1
Severity: serious
Hi,
Your package has code in SSLeay.xs that does:
if(ssl_version == 23) {
ctx = SSL_CTX_new(SSLv23_client_method());
}
else if(ssl_version == 3) {
ctx =
On Tue, 03 Nov 2015 20:50:43 +0100, Kurt Roeckx wrote:
> You really only ever want to use SSLv23_client_method() since that
> is the only one that supports multiple versions. I suggest you
> modify your nossl2.patch to just replace all of the above by:
> ctx =
On Tue, Nov 03, 2015 at 10:33:21PM +0100, Kurt Roeckx wrote:
> On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote:
> > On Tue, 03 Nov 2015 20:50:43 +0100, Kurt Roeckx wrote:
> >
> > > You really only ever want to use SSLv23_client_method() since that
> > > is the only one that
On Tue, Nov 03, 2015 at 09:56:36PM +0100, gregor herrmann wrote:
> On Tue, 03 Nov 2015 20:50:43 +0100, Kurt Roeckx wrote:
>
> > You really only ever want to use SSLv23_client_method() since that
> > is the only one that supports multiple versions. I suggest you
> > modify your nossl2.patch to
9 matches
Mail list logo