[openssl.org #2644] Windows: OpenSSl does exit(1) if (configure-time) .cnf path is on invalid drive (was: bug report)

2014-05-21 Thread Koehne Kai via RT
Reproduced on Windows 7 (likely on the all old versions) I use OpenSSL v. 0.9.8k but I has looked the last version and the bug also exist. When we try call OPENSSL_cinfig with the path who specifies on the DvD(or CD)-ROM without disc the openSSL is exiting. I've been bitten by that exact

[openssl.org #3357] bug: Unreasonable algorithmic default in smime

2014-05-21 Thread Stephen Henson via RT
On Fri May 16 09:22:55 2014, sch...@eff.org wrote: Hi, The man page for the smime utility documents this about the symmetric cipher selection: If not specified 40 bit RC2 is used. Only used with -encrypt. This policy is implemented at line 545 of apps/smime.c as of openssl-1.0.1g. This

[openssl.org #2644] Windows: OpenSSl does exit(1) if (configure-time) .cnf path is on invalid drive (was: bug report)

2014-05-21 Thread Koehne Kai
Reproduced on Windows 7 (likely on the all old versions) I use OpenSSL v. 0.9.8k but I has looked the last version and the bug also exist. When we try call OPENSSL_cinfig with the path who specifies on the DvD(or CD)-ROM without disc the openSSL is exiting. I've been bitten by that exact

Re: [openssl.org #3357] bug: Unreasonable algorithmic default in smime

2014-05-21 Thread Seth David Schoen via RT
Stephen Henson via RT writes: The S/MIME utility uses S/MIME v2 (PKCS#7) which are both rather ancient and S/MIME v3 (CMS) is preferred. CBC mode is all that is supported for S/MIME. Traditionally there were two algorithms supported for S/MIME v2 40 bit RC2 and triple DES. For maximum

Re: [openssl.org #3357] bug: Unreasonable algorithmic default in smime

2014-05-21 Thread Seth David Schoen
Stephen Henson via RT writes: The S/MIME utility uses S/MIME v2 (PKCS#7) which are both rather ancient and S/MIME v3 (CMS) is preferred. CBC mode is all that is supported for S/MIME. Traditionally there were two algorithms supported for S/MIME v2 40 bit RC2 and triple DES. For maximum

[openssl.org #3363] Patch to fix bad example in ciphers(1) man page

2014-05-21 Thread Hubert Kario via RT
The patch is published as a git pull request here: https://github.com/openssl/openssl/pull/109 -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic __ OpenSSL

[openssl.org #3359] New bug report

2014-05-21 Thread Matt Caswell via RT
I've discussed this one with Steve who tells me that this is a known bug. The current fix is to not have expired certificates in the trust store. It can be fixed but it has some complex consequences which need to be explored. Probably needs revision of the verification algorithm which is

[openssl.org #3357] bug: Unreasonable algorithmic default in smime

2014-05-21 Thread Matt Caswell via RT
Steve has committed the following fixes: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f719f063cff50cc2f2f25fa55c0d2384eea08fb http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=558c94efc00ce15a9fcc9370598d8841392ff0f3 Closing this ticket. Matt