Hi Team,
I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I
found the same openssl vulnerability issue with my ssl certificate. I have
installed new openssl bugfixed version 1.0.1g and create csr and key file
from this. Also i have installed this on the server. I have
On Sat, Apr 12, 2014 at 09:02:50PM -0400, Salz, Rich wrote:
Would you please elaborate on how it differs from what you've been
using in production?
Local platform issues, mainly. Conceptually, nothing different about
the security.
Hello Rich et al.
I believe Akamai's secure malloc, in
Hello!
What does `ldd /path/to/httpd` says?
Cheers,
Fedor.
On Mon, Apr 14, 2014 at 12:17 PM, LOKESH JANGIR lk.jangi...@gmail.comwrote:
Hi Team,
I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I
found the same openssl vulnerability issue with my ssl certificate. I have
On 4/13/14 3:54 AM, Michael Tuexen wrote:
On 13 Apr 2014, at 01:54, tolga ceylan tolga.cey...@gmail.com wrote:
The RFC has a lot of statements about silently dropping packets in case of
various anomalies. But the correct action should be to drop the connection.
This would uncover faulty
Unit test for the TLS heartbeat code; acts as a regression test against
CVE-2014-0160.
Thanks,
Mike
heartbeat_test.patch
Description: Binary data
On Apr 14, 2014, at 10:17 , LOKESH JANGIR lk.jangi...@gmail.com wrote:
Hi Team,
I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I found
the same openssl vulnerability issue with my ssl certificate. I have
installed new openssl bugfixed version 1.0.1g and create csr
Hi Fedor,
Thanks for the reply. My httpd path is /usr/sbin/httpd and please find the
output of ldd /usr/sbin/httpd
[root@ip-10-253-83-223 openssl-1.0.1g]# ldd /usr/sbin/httpd
linux-vdso.so.1 = (0x7fffebdfe000)
libm.so.6 = /lib64/libm.so.6 (0x7ff2d74a7000)
Hello. This is a small feature request that's applicable to all operating
systems.
*The problem.*
The version numbers for OpenSSL appear in the header opensslv.h as macro
symbols:
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
Unfortunately, it seems that neither of these two variables are
In 1.0.1g duplicated check for (!pcerts) where removed.
Had an impression that second appearance was check for (!*pcerts) (as in
all other functions).
Return it back.
Patch applied.
0001-Check-pcerts-for-NULL.patch
Description: Binary data
Well...
With this check 'make test' fails with:
CMS = PKCS#7 compatibility tests
signed content DER format, RSA key: generation error
make[1]: *** [test_cms] Error 1
On 14 April 2014 00:16, Andrey Kulikov amde...@gmail.com wrote:
In 1.0.1g duplicated check for (!pcerts) where removed.
Had
Hi,
the following problem was reproduced with several OpenSSL 1.0.1 versions
and also with a recent build from the OpenSSL_1_0_2-stable branch:
RFC 3161 says in 2.3. Identification of the TSA:
The corresponding certificate MUST contain only one instance of the
extended key usage field
Hi Rainer,
Yes, apache was running with the old library, i have moved this out, and
copied new libssl library from new openssl installation folder. But it is
not working and now i am unable to start apache.
Now what to do with this ?
Regards,
Lokesh Jangir
On Mon, Apr 14, 2014 at 2:52 PM,
So, considering that it fails to start now. Could you please verify that
`ls -la /lib64/libcrypt.so.1` is still valid?
Fedor.
On Mon, Apr 14, 2014 at 2:53 PM, LOKESH JANGIR lk.jangi...@gmail.comwrote:
Hi Rainer,
Yes, apache was running with the old library, i have moved this out, and
Hi Fedor,
Yes i did not move this file out. and i can see the output of ls -la
/lib64/libcrypt.so.1
libcrypt.so - ../../lib64/libcrypt.so.1
I complied openssl and it created this library files,
engines libcrypto.a libssl.a pkgconfig
So now should i move this libcrypt.a file to /usr/lib64
Hello again!
That depends on your setup. I'd suppose that OpenSSL's default installer
should
create symlinks itself. If it did and they doesn't match the previous
location - you
could try creating a new one: `ln -s /path/to/new/libcrypto.so.1
/lib64/libcrypt.so.1`
Cheers,
Fedor.
On Mon, Apr
On 13 Apr 2014, at 17:48, David Jacobson dmjacob...@sbcglobal.net wrote:
On 4/13/14 3:54 AM, Michael Tuexen wrote:
On 13 Apr 2014, at 01:54, tolga ceylan tolga.cey...@gmail.com wrote:
The RFC has a lot of statements about silently dropping packets in case of
various anomalies. But the
Hi,
I am installing openssl in /usr/local/openssl folder and it is creating
libssl.a and libcrypt.a library files. so how can i use these files as
library. Or i need to install this in default folders.
Should i follow this article
http://www.akadia.com/services/ssh_test_certificate.html
Lokesh
If I had ever needed to use different versions of OpenSSL I would use the
./config --openssldir=/path/to/openssl-ver then for Apache to use that
during installation. Example:
./configure --with-ssl=/path/to/openssl-ver --enable-ssl
That will at least verify your using the new patched version.
I guess you need to build it in a shared library mode. Take a look at this:
http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html .
You may skip applying some unverified patches as author suggest, but
generally
the instructions are correct.
Cheers,
Fedor.
On Mon, Apr 14, 2014 at
I use
export CFLAGS=-fPIC
./config shared --prefix=$inst \
make
to build the shared library version i use
2014-04-14 13:34 GMT+02:00 Fedor Indutny fe...@indutny.com:
I guess you need to build it in a shared library mode. Take a look at this:
Yes, I agree with everyone. Just thought that linking a blog post would be
more helpful.
Better use instructions provided here, than at that page.
Thank you, guys!
On Mon, Apr 14, 2014 at 3:40 PM, Olivier BARTHELEMY
barthel...@geovariances.com wrote:
I use
export CFLAGS=-fPIC
Why are building your own openssl? Did you try the official Ubuntu update?
sudo apt-get update
sudo apt-get upgrade
__Martin
On Mon, 14 Apr 2014 16:59:06 +0530, LOKESH JANGIR said:
Hi,
I am installing openssl in /usr/local/openssl folder and it is creating
libssl.a and libcrypt.a
The wiki provides some very useful information
http://wiki.openssl.org/index.php/Compilation_and_Installation
On Mon, Apr 14, 2014 at 5:40 AM, Olivier BARTHELEMY
barthel...@geovariances.com wrote:
I use
export CFLAGS=-fPIC
./config shared --prefix=$inst \
make
to build the
JDM,
Leon Brits wrote
I am in no way capable of writing such a patch and was hoping that
someone is willing to share.
To be more specific I need a patch that will change the key generation
from:
d = e-1 mod((p-1)(q-1))
to this:
d = e-1 mod(LCM(p-1, q-1))
We’re also pursuing a
Why are building your own openssl? Did you try the official Ubuntu update?
Especially since the original poster seems to have problems with the basic
software engineering stuff. (No criticism intended, it can be confusing.)
/r$
--
Principal Security Engineer
Akamai Technology
On 14/04/14 10:42, LOKESH JANGIR wrote:
I am using Ubuntu, Amazon ami with apache 2.0 and mod_ssl installed. I
The oldest still-supported Ubuntu version - 10.04 Lucid Lynx - ships with:
apache2.2-bin (2.2.14-5ubuntu8.13) [security]
Hi Fedor,
Thanks for the reply. My httpd path is
Hi team,
I am using amazon ami release Amazon Linux AMI release 2014.03. When i
restart httpd service then i can see in logs that old version of openssl is
loading with this. Can you please guide me what to do in this case ?
Regards,
Lokesh
On Mon, Apr 14, 2014 at 10:36 PM, TJ
On Mon, Apr 14, 2014 at 10:57:37PM +0530, LOKESH JANGIR wrote:
Hi team,
I am using amazon ami release Amazon Linux AMI release 2014.03. When i
restart httpd service then i can see in logs that old version of openssl is
loading with this. Can you please guide me what to do in this case ?
On Mon, Apr 14, 2014 at 11:51:53AM +0200, Tom Swirly via RT wrote:
Hello. This is a small feature request that's applicable to all operating
systems.
*The problem.*
The version numbers for OpenSSL appear in the header opensslv.h as macro
symbols:
OPENSSL_VERSION_NUMBER
Thanks for a fast and clear reply!
On Mon, Apr 14, 2014 at 1:58 PM, Kurt Roeckx via RT r...@openssl.org wrote:
Then a program linking to this library can read either of these global
variables at runtime and fail to start or emit a warning if the version
isn't up-to-date.
Please don't do
On Mon, Apr 14, 2014 at 08:27:17PM +0200, Tom Swirly via RT wrote:
We'd like to make sure that the libraries we're linking to are
up-to-date. There are third parties who build our codebase who
might not be as careful
as we might like.
Postfix issues warnings whent the run-time library
On Mon, Apr 14, 2014, Tom Swirly via RT wrote:
We'd like to make sure that the libraries we're linking to are up-to-date.
Take a look at the postfix code: tls_check_version().
__
OpenSSL Project
Recommendation: protect the rest of the private key material.
Yes, we missed some important fields.
Dang is a word that comes to mind. At least, one I can use in polite company.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Hello! Make fails, wihle I'm trying build the openssl library.
http://screeny.ru/534bd10369000fff1f0225ce
Why have I problem with md2test.c? (m2test.c:1: parse error before '.'
token)
What should I do? Thanks in advance!
Best regards,
Moskaleva Maria
Hi!
I have checked the current source code of 'crpyto/mem.c' and I'm a
little bit suprised that no memset()-calls are made before the free_*()
functions are entered. I think a zeroing of the previous used memory
is a good solutions to beware for accessing old memory content.
---
$ diff
Not a good idea, particularly with DTLS as it'd be an instant DOS attack.Peter-owner-openssl-...@openssl.org wrote: -To: openssl-dev@openssl.orgFrom: David Jacobson Sent by: owner-openssl-...@openssl.orgDate: 04/14/2014 07:55PMSubject: Re: heartbeat RFC 6520 and
36 matches
Mail list logo