Thanks for the suggestion.
The workaround does work, and creates (essentially) the same certificate,
but one that does not fail verification with the new libressl.
I did notice the option of not have the leading "20" for dates before 2050,
but I did not know enough to try doing t
On Mon, Apr 08, 2024 at 05:53:47PM -0500, Ted Wynnychenko wrote:
> Thanks for the suggestion.
> The workaround does work, and creates (essentially) the same certificate,
> but one that does not fail verification with the new libressl.
> I did notice the option of not have the
> On Apr 8, 2024, at 5:44 AM, Theo Buehler wrote:
>
> On Sun, Apr 07, 2024 at 04:57:24PM -0500, Ted Wynnychenko wrote:
>> Hello,
>>
>> I recently updated to -current (about a week ago).
>>
>> I see that Libressl is at 3.9.1 just now, but I hope th
On Sun, Apr 07, 2024 at 04:57:24PM -0500, Ted Wynnychenko wrote:
> Hello,
>
> I recently updated to -current (about a week ago).
>
> I see that Libressl is at 3.9.1 just now, but I hope that won't be an issue
> (I did not see anything in the release notes that would
Hello,
I recently updated to -current (about a week ago).
I see that Libressl is at 3.9.1 just now, but I hope that won't be an issue
(I did not see anything in the release notes that would impact my question).
---
$ openssl version
LibreSSL 3.9.0
---
Over the years, I have made certificates
hi dears ;^)
I have self RootCA and Middle(Intermediate,Subordinate)CA.
Then, I create the Certificate file.
Now I want to install/remove the Certificate to System.
Almost always. I use the
trust anchor ${_cert_file_} / trust anchor --remove ${_pkcs11_id_}
but, Libressl could not work
On Wed, Jun 14, 2023 at 03:30:10PM +0300, S V wrote:
> can somebody explain why this doesn't work
Yes. The answer to this kind of question is always the same: somebody
has to write some code to support it. What is supported in 3.7.2 is the
cryptographic primitive. More plumbing has to be added
can somebody explain why this doesn't work or how to fix it ? (LibreSSL on
OpenBSD 7.3)
openssl genpkey -algorithm ED25519 > my.key
openssl req -new -out my.csr -key my.key
with this error
101242121864:error:10FFF08A:elliptic curve routines:CRYPTO_internal:invalid
digest type:/usr/src/
a
> python version that is incompatible with LibreSSL?
3.10 from packages works well with LibreSSL. There are some small local
patches to disable a couple of things which aren't supported and are not
at all widely used.
Python's policy for 3.10+ is essentially "don't go out of the wa
:
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl'
module is compiled with LibreSSL 3.7.2. See:
https://github.com/urllib3/urllib3/issues/2168
The included github link mentions that older versions of SSL are no longer
usable with the urllib library but makes no mention
e
> about 3.10 being the new default so I ran pkg_add -u which updated python to
> 3.10 and now the same scripts fail but with this error:
>
> ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl'
> module is compiled with LibreSSL 3.7.2. See:
> https://github
to 3.10 and now the same scripts fail but with this error:
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the
'ssl' module is compiled with LibreSSL 3.7.2. See:
https://github.com/urllib3/urllib3/issues/2168
The included github link mentions that older versions of SSL
Hi,
yet another typo fix.
Cheers,
Alex
Index: releases.html
===
RCS file: /cvs/www/libressl/releases.html,v
retrieving revision 1.98
diff -u -p -r1.98 releases.html
--- releases.html 16 Mar 2023 08:28:17 - 1.98
On Fri, 2022-01-28 at 21:18 +, Stuart Henderson wrote:
> On 2022-01-28, Laura Smith wrote:
> > ‐‐‐ Original Message ‐‐‐
> >
> > On Friday, January 28th, 2022 at 14:43, dansk puffer
> > wrote:
> >
> > > Are there any major securit
> On Jan 28, 2022, at 11:53 AM, Laura Smith
> wrote:
>
> ‐‐‐ Original Message ‐‐‐
>
>> On Friday, January 28th, 2022 at 14:43, dansk puffer
>> wrote:
>>
>> Are there any major security differences between libressl and openssl
>
On 2022-01-28, Laura Smith wrote:
> ‐‐‐ Original Message ‐‐‐
>
> On Friday, January 28th, 2022 at 14:43, dansk puffer
> wrote:
>
>> Are there any major security differences between libressl and openssl
>> nowadays? From what I read the situation for open
On Fri, 28 Jan 2022 14:43:04 +, dansk puffer wrote:
> Are there any major security differences between libressl and openssl
> nowadays? From what I read the situation for openssl improved and
> some Linux distros switched back to openssl again with mostly?
> OpenBSD rema
> On Jan 28, 2022, at 9:46 AM, dansk puffer wrote:
>
> Are there any major security differences between libressl and openssl
> nowadays? From what I read the situation for openssl improved and some Linux
> distros switched back to openssl again with mostly? OpenBSD r
Are there any major security differences between libressl and openssl nowadays?
From what I read the situation for openssl improved and some Linux distros
switched back to openssl again with mostly? OpenBSD remaining to use libressl.
; >
> > > As the subject reads, I am suddenly unable to decrypt a file that I
> > > encrypted
> > >
> > > with LibreSSL. When I try, I get the following message:
> > >
> > > bad decrypt
> > >
> > > 11957684617984:error:06FFF
On Wed, Jan 12, 2022 at 08:56:19PM +, Ricky Cintron wrote:
> As the subject reads, I am suddenly unable to decrypt a file that I encrypted
> with LibreSSL. When I try, I get the following message:
>
> bad decrypt
> 11957684617984:error:06FFF064:digital envelope routines:
On 2021-09-30, Sebastian Benoit wrote:
> An errata patch for LibreSSL has been released for OpenBSD 6.8 and
> OpenBSD 6.9.
>
> Compensate for the expiry of the DST Root X3 certificate. The use of an
> unnecessary expired certificate in certificate chains can cause validation
>
An errata patch for LibreSSL has been released for OpenBSD 6.8 and
OpenBSD 6.9.
Compensate for the expiry of the DST Root X3 certificate. The use of an
unnecessary expired certificate in certificate chains can cause validation
errors.
Binary updates for the amd64, i386 and arm64 platform
Hi Ben -
thanks for replying :)
...on Mon, Aug 23, 2021 at 09:48:16AM -0400, b...@0x1bi.net wrote:
> Try compiling lighthttpd by hand from the ports tree with
> debug flags and run it with ktrace to see what's happening.
I fear that might be more effort than I'm able to invest right now,
Hello, Alex;
Try compiling lighthttpd by hand from the ports tree with
debug flags and run it with ktrace to see what's happening.
I'd recommend switching to the builtin httpd if the problem
persists.
Ben Raskin
: 1 error:06FFF064:digital envelope
> routines:CRYPTO_internal:bad decrypt
> mod_openssl.c.3095) SSL: 1 error:1404C119:SSL routines:ST_OK:decryption
> failed or bad record mac
Is there any known incompatibility between lighttpd-1.4.59 and the version
of LibreSSL in OpenBSD 6.9?
Alex.
There appears to be a bit of confusion out there. To be clear:
1. The two bugs that were fixed in OpenSSL 1.1.1k [1] were introduced
well after the fork, so LibreSSL is not affected. OpenSSL have
kindly given us advance access to their fixes.
2. The bug fixed in LibreSSL 3.2.5 [2] is our
On 2021-02-26, Michael W. Lucas wrote:
> Hi,
>
> Should LibreSSL and OpenSSL be strictly command line compatible?
>
> The reason I ask is: using OpenSSL, I can use openssl s_client to
> connect to a site like so:
>
> $ openssl s_client -crlf www:443
>
> LibreS
Hi,
Should LibreSSL and OpenSSL be strictly command line compatible?
The reason I ask is: using OpenSSL, I can use openssl s_client to
connect to a site like so:
$ openssl s_client -crlf www:443
LibreSSL requires I add the -connect
$ openssl s_client -crlf -connect www:443
Thanks,
==ml
Hi,
the date of release should be updated.
Cheers,
Alex
Index: libressl/index.html
===
RCS file: /cvs/www/libressl/index.html,v
retrieving revision 1.104
diff -u -p -r1.104 index.html
--- libressl/index.html 16 Jun 2020 02:06:47
Stuart Henderson writes:
> The same happens with 6.7 and -current.
>
> Hopefully this will be improved in libressl, but libressl clients
> aren't the only ones who will have problems with this - if you're in
> contact with the server admins I would recommend they remove the
>
rhaps the issue described was also present in LibreSSL
> (on my 6.6 system this is LibreSSL 3.0.2). Although removing the expired
> certificate is easy, it doesn't seem to me that it should be
> necessary. If LibreSSL is behaving as intended here, please let me know.
>
> Will try to get a
ify return code: 0 (ok)).
So, I thought perhaps the issue described was also present in LibreSSL
(on my 6.6 system this is LibreSSL 3.0.2). Although removing the expired
certificate is easy, it doesn't seem to me that it should be
necessary. If LibreSSL is behaving as intended here, please l
What would you suggest to keep private key material in a safe place?
There are rumors that even material stored as not extractable in Nitrokey Pro
still can be extracted by side channels like electromagnetic emission.
Would running all Internet communication end points on low powered Cortex A7
Some time ago Google bought 2000qbit version from D-wave and confirmed it is a
quantum computer bla bla bla... but cluster consists of eight qbit blocks to
build advertised capacity if I understand googles papers right.
My question was about decrypting currently generated and accumulated
On Sat, May 9, 2020 at 1:05 PM Kevin Chadwick wrote:
> Careful of what sources you trust! If a processor was storing the keys used,
> non
> volatile then people would have found out. Software encryption wouldn't save
> you
> either. If there is a back door it won't have anything to do with
On 2020-05-09 16:25, i...@aulix.com wrote:
> Note: Since these MS / U.S. government keys are deeply sticking in Intel XEON
> processor hardware, it doesn’t play a role, what other OS you install or boot
> afterwards: Debian/UBUNTU Linux, OpenBSD, … If your software uses Intel
> AES-NI hardware
Though I am a very noob in understanding crypto from a mathematical point of
view (not just as an user of some ready program) IMHO following message can
contain some truth about insecurity and intentional flaws of hardware crypto in
X86 CPUs:
On 2020-05-09 14:34, i...@aulix.com wrote:
> D-waves has too uncoupled qubits if I understand it correctly, it is nothing
> to do about qubits quantity as we used to think about it. Like a "cluster" of
> completely isolated hosts (which is already not a cluster or course).
I don't care for the
On 2020-05-09 14:31, i...@aulix.com wrote:
> guessed by quantum provided session symmetric cipher is strong enough?
Quantum does not break any in use today and AES-256 symmetric is expected to be
quantum resistant in any case.
I personally prefer AES-256 ctr over the more complex GCM. I am not
D-waves has too uncoupled qubits if I understand it correctly, it is nothing to
do about qubits quantity as we used to think about it. Like a "cluster" of
completely isolated hosts (which is already not a cluster or course).
OpenSSH allows to use hybrid mode with many private keys of different type and
even stored on different hardware like Nitrokey, Rutoken, etc. at the same time
for a single session.
E.g. 4 different private keys are required (say Nitrokey, Rutoken ECP2,
Curve25519 and Postquantum one):
This one
https://www.tomshardware.com/news/d-wave-5000-qubit-first-sale,40470.html
is the most powerful 5000qbits quantum computer sells nowadays.
Moreother, D-Wave opened online service to access 5000qbit remotely for solving
'special' tasks which can be accelerated using quantum architecture.
On 2020-05-09 07:41, Martin wrote:
> This one
> https://www.tomshardware.com/news/d-wave-5000-qubit-first-sale,40470.html
> is the most powerful 5000qbits quantum computer sells nowadays.
D-waves definition of qubit is different and their machines will never be
capable of breaking public key
On 2020-05-09 07:41, Martin wrote:
> This one
> https://www.tomshardware.com/news/d-wave-5000-qubit-first-sale,40470.html
> is the most powerful 5000qbits quantum computer sells nowadays.
>
> Moreother, D-Wave opened online service to access 5000qbit remotely for
> solving 'special' tasks which
On 5/8/20 3:16 PM, Martin wrote:
> Which 'quantum' resistant algorithms can be used right now to prevent data
> decryption in future by 'quantum' computers (when they can do this) of
> currently collected data flows?
this is so dumb.
worry about this when there are computers which can
According to Damien Miller:
>this is pretty much possible now, by enabling the experimental support
for the XMSS PQ signature algorithm
in the SSH
https://www.technologyreview.com/2018/02/21/145300/serious-quantum-computers-are-finally-here-what-are-we-going-to-do-with-them/
https://www.microsoft.com/en-us/research/project/post-quantum-ssh/
https://openquantumsafe.org/
Why not to add post quantum algos to the SSH mainline to make them
Which 'quantum' resistant algorithms can be used right now to prevent data
decryption in future by 'quantum' computers (when they can do this) of
currently collected data flows?
Martin
obably not. LibreSSL is intended to be portable, and the LibreSSL
web site points back to the OpenBSD mailing lists:
https://www.libressl.org/mail.html
"See https://www.openbsd.org/mail.html for more details on posting or
subscribing."
So now over at https://www.openbsd.org/mail.html ...
I w
another
reason for the issue.?? I was recently trying to substitute libressl
into an openssl environment.?? Performance tanked.?? Some checking
showed the speed of "speed -evp aes-256-gcm" was way off.?? It looked
to me like it was an issue with not using AES-NI.?? I'm not going to
blam
he issue.?? I was recently trying to substitute libressl
> >>> into an openssl environment.?? Performance tanked.?? Some checking
> >>> showed the speed of "speed -evp aes-256-gcm" was way off.?? It looked
> >>> to me like it was an issue with not using AES-NI.
On 7.1.2020 17:26, Joe Greco wrote:
On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote:
> In reality, when you dig down, often you find that there's another
> reason for the issue.?? I was recently trying to substitute libressl
> into an openssl environment.?? Performan
On Tue, Jan 07, 2020 at 09:33:46AM -0600, Edgar Pettijohn wrote:
> > In reality, when you dig down, often you find that there's another
> > reason for the issue.?? I was recently trying to substitute libressl
> > into an openssl environment.?? Performance tanked.?? Some c
Dieter Rauschenberger:
> This was serveral years ago before Libressl was invented. Now I wanted
> to decrypt the docs with:
>
> openssl enc -aes-256-cbc -d < FOO.aes256 > FOO
>
> This did not work. The password did not work anymore.
The default message digest function
rypted several documents with
> >
> > openssl enc -aes-256-cbc -e < FOO > FOO.aes256
> >
> > This was serveral years ago before Libressl was invented. Now I wanted
> > to decrypt the docs with:
> >
> > openssl enc -aes-256-cbc -d < FOO.aes256 > FOO
> >
&g
On Wed, Dec 4, 2019 at 1:05 PM Dieter Rauschenberger
wrote:
>
> i have encrypted several documents with
>
> openssl enc -aes-256-cbc -e < FOO > FOO.aes256
>
> This was serveral years ago before Libressl was invented. Now I wanted
> to decrypt the docs with:
>
Hi,
i have encrypted several documents with
openssl enc -aes-256-cbc -e < FOO > FOO.aes256
This was serveral years ago before Libressl was invented. Now I wanted
to decrypt the docs with:
openssl enc -aes-256-cbc -d < FOO.aes256 > FOO
This did not work. The password did not wor
On Wed, Mar 13, 2019 at 06:53:43PM -0700, William Ahern wrote:
> The real issue here is that the EJBCA specification wasn't just a failure in
> language precision, but was and remains entirely ill considered on this
> score. If ASN.1 INTEGERs must now be 65 bits, it's a good bet that most if
>
On Wed, Mar 13, 2019 at 11:32:50PM +0100, Ingo Schwarze wrote:
> Hi Tom,
>
> Tom Smyth wrote on Wed, Mar 13, 2019 at 08:32:20PM +:
>
> > Just saw the following article and i was wondering if libressl
> > Might be affected by the bug also
> > Top bit being set t
2019 at 22:32, Ingo Schwarze wrote:
>
> Hi Tom,
>
> Tom Smyth wrote on Wed, Mar 13, 2019 at 08:32:20PM +:
>
> > Just saw the following article and i was wondering if libressl
> > Might be affected by the bug also
> > Top bit being set to 0 always making an effectiv
On Sunday 25 November 2018 17:36:16 Ingo Schwarze wrote:
> Stephen Gregoratto wrote on Mon, Nov 26, 2018 at 12:26:21AM +1100:
> >
> > Would I need to fully grok the code before I could write the docs?
>
> Absolutely not. You could spend an infinite amount of time to
> understand the code if you
Hi Stephen,
Stephen Gregoratto wrote on Mon, Nov 26, 2018 at 09:24:25PM +1100:
> Thanks for your response Ingo. I think I'll start with the missing
> functions and go through them by order of length.
Not saying "by order of length" is impossible, but keep in mind that
* There are few section
Thanks for your response Ingo. I think I'll start with the missing
functions and go through them by order of length. I'll try and peruse
through the ports and check for any examples.
Speaking of functions: I'm trying to generate a list of each function,
the source file it's defined in and the
Hi Stephen,
Stephen Gregoratto wrote on Mon, Nov 26, 2018 at 12:26:21AM +1100:
> I've recently been getting into (re)writing my manpages using mdoc(7),
> and came across Ingo's talk about mandoc/LibreSSL [1]. In it he
> mentioned that there are still some functions to document and man
Hello,
I've recently been getting into (re)writing my manpages using mdoc(7),
and came across Ingo's talk about mandoc/LibreSSL [1]. In it he
mentioned that there are still some functions to document and many pages
need a couple of goes over (specifically openssl(1)).
Now I've never developed
> There is a patch on rust-openssl to force the build using the latest
> suppported version (see
> lang/rust/patches/patch-src_vendor_openssl-sys_build_rs).
Applying the patch worked
> Running testsuite is usually a good method to check breakage.
And the test suite passed
> For me, rust FFI is
On 2018-03-21, Sebastien Marie wrote:
> For me, rust FFI is a bit a shame: it is a *copy* of C headers, written
> and maintained in Rust language. It is good for crosscompilation (as
> Rust know how to build stuff without any C headers), but it is awful to
> maintain and keep
On Tue, Mar 20, 2018 at 11:18:06PM -0400, Patrick Marchand wrote:
> So I'm trying to build pijul (rust vcs based on patch theory) but it
> requires rust-openssl, which only supports the latest release of
> libressl (2.6). Is there a quick fix to build software that requires
> an ol
So I'm trying to build pijul (rust vcs based on patch theory) but it
requires rust-openssl, which only supports the latest release of
libressl (2.6). Is there a quick fix to build software that requires an
older libressl than what is currently used in snapshots? Or should I try
to patch the rust
On Saturday 10 February 2018 11:09:04 Kevin Chadwick wrote:
> On Sat, 10 Feb 2018 16:24:38 +1100
>
> > > Just in case some libressl dev doesn't want read the full thread in
> > > the Alpine list, they want also a workaround for the lack of time_t
> > &
On Sat, 10 Feb 2018 16:24:38 +1100
> > Just in case some libressl dev doesn't want read the full thread in
> > the Alpine list, they want also a workaround for the lack of time_t
> > for 32bits platforms on Linux.
>
> We've already addressed this - a notafter that e
On Saturday 10 February 2018 00:05:27 Juan Francisco Cantero Hurtado wrote:
[snip]
> Just in case some libressl dev doesn't want read the full thread in the
> Alpine list, they want also a workaround for the lack of time_t for
> 32bits platforms on Linux.
We've already addressed this - a
> It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1
> APIs for improved security, and LibreSSL does not implement those APIs
> at all.
The 1.1 API does not improve security.
If anything, the new API requires to you repeat the same or similar
arguments to many
3-f0c0-73df-8f0ec7e83...@adelielinux.org>
> Subject: Re: LibreSSL Linux portability and OpenBSD security
> References: <slrnp7rnrq.205u@naiad.spacehopper.org>
> In-Reply-To: <slrnp7rnrq.205u@naiad.spacehopper.org>
> Content-Type: text/plain; charset=utf-8
> Content
ust
> thought I would mention it.
>
> To be honest, I don't even know if facilitating wider adoption of
> LibreSSL hurts or benefits OpenBSD security in the end.
>
> The last paragraph (taken from a separate mail), may be interesting?
>
> I have no ide
On 02/09/18 11:48, Stuart Henderson wrote:
> I don't understand that, Cryptography is OK with LibreSSL. There have
> been some problems at various times but they were either patched locally
> or fixed upstream - we're a couple of point releases behind the latest
> at the moment with
Kevin Chadwick <m8il1i...@gmail.com> writes:
> I wish libressl could keep the 32 bit time_t workaround til linux
> kernel had fixed the problem instead of knowingly break things. Now I
> don't see we have much of an option since 32 bit linux is basically
> not supported by libr
Thanks for the information Stu.
Unfortunately I am not sure it will help in the end.
Their project leader Natanael stated the following.
The fact that libressl developers are not willing to workaround 32 bit
linux time_t is the deal
On 2018-02-09, Kevin Chadwick <m8il1i...@gmail.com> wrote:
> It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1
> APIs for improved security, and LibreSSL does not implement those APIs
> at all.
btw I haven't looked at Qt but some ports are already held back in O
adoption of
LibreSSL hurts or benefits OpenBSD security in the end.
The last paragraph (taken from a separate mail), may be interesting?
I have no idea what debian etc. are doing.
http://lists.alpinelinux.org/alpine-devel/6079.html
On 7 September 2017 at 16:35, Heiko <bd09c6fmxoq2...@intermezzo.net> wrote:
> Hello,
>
> ./config for Portable OpenSSH 7.5p1 with LibreSSL 2.6.1 fails on Debian
> Linux:
As per https://www.openssh.com/report.html this query would be better
directed to the portable
Hello,
./config for Portable OpenSSH 7.5p1 with LibreSSL 2.6.1 fails on Debian
Linux:
checking OpenSSL header version... not found
configure: error: OpenSSL version header not found.
$ openssl version
LibreSSL 2.6.1
I did it with this options:
./configure --without-openssl
ay 20 June 2017 23:26:10 Andrew Lemin wrote:
>> Hi,
>>
>> Sadly in my testing it seems that CVE-2017-8301 (
>> http://seclists.org/oss-sec/2017/q2/145) is still broken with the
>> latest LibreSSL
>> (2.5.4) and OpenVPN 2.4.2.
>>
>> Here is someone else
On Tuesday 20 June 2017 23:26:10 Andrew Lemin wrote:
> Hi,
>
> Sadly in my testing it seems that CVE-2017-8301 (
> http://seclists.org/oss-sec/2017/q2/145) is still broken with the
> latest LibreSSL
> (2.5.4) and OpenVPN 2.4.2.
>
> Here is someone else reporting
On 2017-06-22, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2017-06-20, Andrew Lemin <andrew.le...@gmail.com> wrote:
>> Has anyone else come across any issues recently with Openvpn, Libressl and
>> TLS on OpenBSD 6.1?
>
> Yes there have been problems
On 2017-06-20, Andrew Lemin <andrew.le...@gmail.com> wrote:
> Has anyone else come across any issues recently with Openvpn, Libressl and
> TLS on OpenBSD 6.1?
Yes there have been problems reported like this: (This is from the
"Investigating self-signed cert behavior change"
Hi,
Sadly in my testing it seems that CVE-2017-8301 (
http://seclists.org/oss-sec/2017/q2/145) is still broken with the
latest LibreSSL
(2.5.4) and OpenVPN 2.4.2.
Here is someone else reporting the same issue;
https://discourse.trueos.org/t/libre-openssl-tls-error-when-using-openvpn/1358/4
I've just found this hint on GitHub for the Openvpn compile options for
Libressl;
https://gist.github.com/gsora/2b3e9eb31c15a356c7662b0f960e2995
So will try a build later tonight and share back here if that CVE is fixed.
Would prefer to rebuild with the same options as the packaged binary
Hi Misc,
Has anyone else come across any issues recently with Openvpn, Libressl and
TLS on OpenBSD 6.1?
I am using an .ovpn file with TLS auth static key and cert inline within
the file, to connect to VPN service. Running openvpn binary from command
line without any special params, just .ovpn
Hi,
there seems to be a version info discrepancy
in the OpenBSD 6.1 ANNOUNCEMENT.
It states OpenSSH 7.4 and LibreSSL 2.5.3.
However, in 6.1(/amd64) release fresh install, i have
OpenSSH 7.5 and LibreSSL 2.5.2:
$ ssh -V; openssl version
OpenSSH_7.5, LibreSSL 2.5.2
LibreSSL 2.5.2
> I noticed in my logs things like this.
> May 1 03:00:02 isildur openssl: vfprintf %s NULL in "%s %2d
> %02d:%02d:%02d%.*s %d%s"
>
> It comes down to this command to fetch ocsp response:
> openssl ocsp -respout ocsp.der -no_nonce -issuer chain.pem -cert
> cert.pem -url
Hello,
I noticed in my logs things like this.
May 1 03:00:02 isildur openssl: vfprintf %s NULL in "%s %2d
%02d:%02d:%02d%.*s %d%s"
It comes down to this command to fetch ocsp response:
openssl ocsp -respout ocsp.der -no_nonce -issuer chain.pem -cert
cert.pem -url
On Sat, Aug 13, 2016, at 01:36 PM, Roderick wrote:
> On Sat, 13 Aug 2016, Theo de Raadt wrote:
>
> > We prefer creating a world that is simpler. That is the practice
> > we follow with our bodies of code.
> >
> > You prefer backwards compat. Fine, that is your choice. You can
> > apply that
> But programming
> is always ponderation, in many dimensions. You must decide for example
> between (run) time or space (memory), between security, performance
> or simplicity. Sure, with absolute goals there is no much to decide and no
> much discussion, and we are finished.
> Rodrigo.
Total
On Sat, 13 Aug 2016, Theo de Raadt wrote:
We prefer creating a world that is simpler. That is the practice
we follow with our bodies of code.
You prefer backwards compat. Fine, that is your choice. You can
apply that principle in your own code.
Are we finished here?
It is not so simple.
> And if the whole is a technical progress, is a more complicated
> thing. I preffer to take a constant from sys/params.h at
> compile time than getting it with a call of sysconf() at run time.
> The older standards arose perhaps from considerations that
> today are forgotten or play no role
, socket and readv in the many versions
of OpenBSD, as well of 4.4BSD and of FreeBSD. It seems there is till
now no standard, LibreSSL will not compile in FreeBSD 10.3 out of the
box (according to the man pages).
It seems that you see the progress in that there is now a de jure
POSIX standard
2016-08-12 23:28 GMT+02:00 Philip Guenther :
> Yes, the previous situation with and
> was confusing (code was including the wrong header and not getting the
Thanks. Finally an answer after days of shouting.
Best
Martin
ized version that was expected) and there was finally a proposal
to provide this functionality that was accepted for the next version
of POSIX. When the existing situation is bad and there's a good
direction finally settled on, moving that way is the Right Thing.
Why did libressl break? Because th
1 - 100 of 218 matches
Mail list logo