Re: [EXTERNAL] Re: Concurrent calls to DH_generate_key are serialized?

2014-05-06 Thread Geoffrey Thorpe
Just to close the loop, the patch for this has been applied. Thanks. On Mon, May 5, 2014 at 7:25 PM, Daniel Sands wrote: > We applied the patch and got some improvement, but there is still a bit > of trouble. Here are the timing values for a stripped-down version of > the code: > > Before (all

Re: [openssl.org #3345] potential bug in crypto/evp/bio_b64.c

2014-05-06 Thread Arthur Mesh
On Tue, May 06, 2014 at 04:09:10PM +1000, Tim Hudson wrote: > Arthur - what version of the coverity analysis tools are you running? Tim, I am using: Coverity Build Capture version 6.6.1 on FreeBSD 8.4-STABLE i386 I see there is a 3ba1e406c2309adb427ced9815ebf05f5b58d155 that supposedly fixes thi

Re: [openssl.org #3343] [PATCH] implements name contraint for IP Address

2014-05-06 Thread luizl...@gmail.com via RT
Hello, As this is my first opessl patch, I might have missed something. This patch is important for those who wants to use name constraints in a CA. Using name constraints for DNS prevents the use of an ip address in DNS subjAltName. The subjAltName using ipAddress solves the problem, but it was

Re: [openssl.org #3343] [PATCH] implements name contraint for IP Address

2014-05-06 Thread Luiz Angelo Daros de Luca
Hello, As this is my first opessl patch, I might have missed something. This patch is important for those who wants to use name constraints in a CA. Using name constraints for DNS prevents the use of an ip address in DNS subjAltName. The subjAltName using ipAddress solves the problem, but it was

RE: [RFC PATCH] s_client/s_server: support unix domain sockets

2014-05-06 Thread Salz, Rich
Looks neat. I'd rather have ipv6 first, but +1 for this -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me; Twitter: RichSalz __ OpenSSL Project http://www.ope

[RFC PATCH] s_client/s_server: support unix domain sockets

2014-05-06 Thread Geoff Thorpe
The "-unix " argument allows s_server and s_client to use a unix domain socket in the filesystem instead of IPv4 ("-connect", "-port", "-accept", etc). If s_server exits gracefully, such as when "-naccept" is used and the requested number of SSL/TLS connections have occurred, then the domain socket

Re: [openssl.org #3336] 1.0.1g breaks IronPORT SMTP appliance (padding extension)

2014-05-06 Thread Viktor Dukhovni
On Tue, May 06, 2014 at 02:32:05PM -0400, John Foley wrote: > The defect information is available at > https://tools.cisco.com/bugsearch/bug/CSCuo25329. This defect is > viewable to the public. You'll have to register for an account to view > the data. After registering, the bug details are:

small Bug in /crypto/dso/dso_dlfcn.c

2014-05-06 Thread Janpopan
The OpenBSD Team found this small Error, but they fixed it in the asprinf way. Here is a fix for openssl. Cheers Jan @@ -0,0 +1,30 @@ +From c7b31b3f2766067c6b5cf4f2774846e1ede048f4 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Janpopan +Date: Sun, 4 May 2014 18:13:43 +0200 +Subject:

Re: [openssl.org #3336] 1.0.1g breaks IronPORT SMTP appliance (padding extension)

2014-05-06 Thread John Foley
The defect information is available at https://tools.cisco.com/bugsearch/bug/CSCuo25329. This defect is viewable to the public. You'll have to register for an account to view the data. Viktor already provided a link to the following details as well: http://www.cisco.com/c/dam/en/us/td/docs/sec

Re: [openssl.org #3336] 1.0.1g breaks IronPORT SMTP appliance (padding extension)

2014-05-06 Thread Kurt Roeckx
On Thu, May 01, 2014 at 01:23:51PM -0400, John Foley wrote: > I'm trying to get that information from the IronPort team. In the mean > time, this bug report appears to have some details: > > https://tools.cisco.com/bugsearch/bug/CSCuo25329 It would really be nice that we can get some more inform

Re: FW: Tips for working with git on CT's open-source code

2014-05-06 Thread Jeff Trawick
On Tue, May 6, 2014 at 10:52 AM, Salz, Rich wrote: > Some folks might find this useful: > Hi Rich, I tried to provide a OpenSSL-specific page like that at http://wiki.openssl.org/index.php/Use_of_Git If you see anything missing and needed, please let me know. AFACT the one on the OpenSSL wiki

FW: Tips for working with git on CT's open-source code

2014-05-06 Thread Salz, Rich
Some folks might find this useful: -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me; Twitter: RichSalz From: certificate-transpare...@googlegroups.com [mailto:certificate-transpare...@googlegroups.com] Sent: Tuesday, May 06, 2014 8:16

Re: Contributing

2014-05-06 Thread Michel
Hello Daniel, Starting with the source code of one of the command line tools (in apps subdir) may be a good idea. Le 05/05/2014 22:50, Daniel Hamacher a écrit : Hi, I am reading the mailing list for a week now and I would like to contribute in the near future. I can only imagine how complex