Hello Team,
I tried to set the cache off using following command,
SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_OFF);
With this, am not seeing any memory hold. That means this memory is due to
storage of ssl session information?
If it is SSL session storage, when does this SSL session
Hi Rich,
Thanks for your explanation. Branching in git is extremely fast and
lightweight, which makes it excellent for feature developing without
disrupting anything :)
I wondered why the changes weren't applied onto the rsalz-monolith
branch in the official repository, since that branch already
On Tue 26 Aug 2014 04:31:07 Rich Salz via RT wrote:
The sad thing is, perl is widely available than posix shell. cool hack tho.
i don't think that's really true. else, why is autoconf friends relying on
a shell and not perl ? those see way more distribution than openssl.
-mike
On Tue 26 Aug 2014 04:31:07 Rich Salz via RT wrote:
The sad thing is, perl is widely available than posix shell. cool hack tho.
i don't think that's really true. else, why is autoconf friends relying on
a shell and not perl ? those see way more distribution than openssl.
-mike
Oops, thanks Rich.
On Tue, Aug 26, 2014 at 10:06 AM, Rich Salz via RT r...@openssl.org wrote:
The key is not optional with the -hmac option.
This is fixed in the rsalz-monolith branch of akamai/openssl on github, to be
rpart of release after 1.0.2
thanks.
--
Rich Salz, OpenSSL dev team;
Hello Rich,
I would recommend to do that. Otherwise there will be unsuspecting users who
will (unintentionally) use the long exponent
...for example, this is what happened to me in the first attempts, and I did
not understand why it was so slow :)...
It does not really cost anything
Hello,
The attached patch fixes some typos in ssltest.c.
---
Kurt Cancemi
https://www.x64architecture.com
From ea36aa8516e6e8b16896a089d58b216d38302885 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi k...@x64architecture.com
Date: Tue, 26 Aug 2014 17:48:43 -0400
Subject: [PATCH] Fix typos in
Hello Rich,
I would recommend to do that. Otherwise there will be unsuspecting users who
will (unintentionally) use the long exponent
...for example, this is what happened to me in the first attempts, and I did
not understand why it was so slow :)...
It does not really cost anything
Oops, just realized that I pasted whole commit message into a subject.
Anyway, CCing Rich Salz here.
Rich,
You seem to be on a wave on triaging tickets, may be you could take a look
at this one eventually?
Thank you,
Fedor.
On Sat, Aug 23, 2014 at 10:08 PM, Fedor Indutny fe...@indutny.com
On Fri Aug 22 21:00:55 2014, tris...@saticed.me.uk wrote:
I have the global sign new and old CA certs in a single file.
Successful verification seems to depend on the order of the
certificates in the file:
$ cat globalsign_new.pem globalsign_old.pem test.pem
$ openssl s_client -connect
Would it be an idea to create branches in the official repo for (certain
classes of) bugfixes, which can be merged onto the respective branches at set
times ? For instance one for documentation fixes ? You could
Yes. But we (the dev team) haven't figured out all of the details of our
i don't think that's really true. else, why is autoconf friends relying on
a
shell and not perl ? those see way more distribution than openssl.
Last I looked, autoconf doesn't use anything that really wasn't in Version 7
Bourne shell. In my comment, I deliberately used the term posix
i don't think that's really true. else, why is autoconf friends relying on
a
shell and not perl ? those see way more distribution than openssl.
Last I looked, autoconf doesn't use anything that really wasn't in Version 7
Bourne shell. In my comment, I deliberately used the term posix
Start here: https://www.openssl.org/news/secadv_20130205.txt
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Hi, and sorry about getting in on this topic so late,
Is it certain that the prior behavior of the BIO_free() function was in fact a
bug? I ask because BIO_set() provides a mechanism for initializing a
pre-allocated BIO structure, but now that BIO_free() unconditionally passes its
argument to
OpenSSL_1_0_0-stable f2a57c1 RT2210: Add missing EVP_cleanup to example
OpenSSL_1_0_1-stable 48ecdec RT2210: Add missing EVP_cleanup to example
OpenSSL_1_0_2-stable dc5c3d7 RT2210: Add missing EVP_cleanup to example
HEAD 7b3e11c RT2210: Add missing EVP_cleanup to example
Author: Mihai Militaru
Both suggested patches have been applied (with small modifications) to all
branches above and including 1.0.0. See commits
0388ac4c99e801462dafef3f2dab3f255ec33c96
and
f063e30fe9f316067950bdf0397b51cf87d4b6a6
Thanks!
__
OpenSSL
Fixed in rsalz-monolith branch of akamai/openssl fork on github.
To be part of post-1.0.2 release.
Thanks!
commit 15e5188312bc3bb199297be40ab58388d4141b3d
Author: Le Huang 4ta...@gmail.com
Date: Wed Aug 27 14:53:34 2014 -0400
PR3006: Needless duplication in speed.c
Ror some reason, the +F2: tag
On 18 Aug 2014, at 21:47, Michael Tuexen michael.tue...@lurchi.franken.de
wrote:
On 18 Aug 2014, at 16:31, Brian Hassink brian.hass...@oracle.com wrote:
Yes, this was observed for DTLS/SCTP.
OK. The problem is an incorrect usage of OPENSSL_assert()... Let me see if I
can
come-up with a
On 18 Aug 2014, at 21:47, Michael Tuexen michael.tue...@lurchi.franken.de
wrote:
On 18 Aug 2014, at 16:31, Brian Hassink brian.hass...@oracle.com wrote:
Yes, this was observed for DTLS/SCTP.
OK. The problem is an incorrect usage of OPENSSL_assert()... Let me see if I
can
come-up with a
This was fixed a different way ( by adding CROSS_COMPILE variable).
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
On 08 Aug 2014, at 15:54, Martin Brejcha via RT r...@openssl.org wrote:
Hello,
When I run our application in valgrind it shows memory leak in
dgram_sctp_write:1262.
Our application using openssl-1.0.1 for DTLS over sctp.
The issue seems to be in sending of shutdown alarm. When shutdown
On 08 Aug 2014, at 15:54, Martin Brejcha via RT r...@openssl.org wrote:
Hello,
When I run our application in valgrind it shows memory leak in
dgram_sctp_write:1262.
Our application using openssl-1.0.1 for DTLS over sctp.
The issue seems to be in sending of shutdown alarm. When shutdown
Thanks, we're rolling a new build with it now...
-Brian
-Original Message-
From: Michael Tüxen via RT [mailto:r...@openssl.org]
Sent: Wednesday, August 27, 2014 3:33 PM
To: Brian Hassink
Cc: openssl-dev@openssl.org
Subject: Re: [openssl.org #3470] [BUG] DTLS abort
On 18 Aug 2014, at
The leading zero is there to avoid mistaking the first bit as a sign bit.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
old release, old platform, don't believe this is still an issue.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Oh how I have longed to be able to say this:
this isn't a bug, it's a feature.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in openssl, and suggested change to user's code.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
OpenSSL_1_0_1-stable 23ea9f6 RT2308: Add extern C { ... } wrapper
OpenSSL_1_0_2-stable 089f10e RT2308: Add extern C { ... } wrapper
commit 17e80c6bd05de7406a65116f34ed59665607d8d5
Author: Rich Salz rs...@akamai.com
Date: Wed Aug 27 15:28:08 2014 -0400
RT2308: Add extern C { ... } wrapper
Add the
On Wed 27 Aug 2014 15:24:45 Salz, Rich via RT wrote:
i don't think that's really true. else, why is autoconf friends relying
on a shell and not perl ? those see way more distribution than openssl.
Last I looked, autoconf doesn't use anything that really wasn't in Version 7
Bourne shell.
On Wed 27 Aug 2014 15:24:45 Salz, Rich via RT wrote:
i don't think that's really true. else, why is autoconf friends relying
on a shell and not perl ? those see way more distribution than openssl.
Last I looked, autoconf doesn't use anything that really wasn't in Version 7
Bourne shell.
These all first appeared in ksh: functions, local, return, $((math))
But to my mind, the question is moot, since post-1.0.2 we'll almost
definitely have c_rehash builtin to the openssl command.
that would also work
:)
It will also be much much much faster, since it doesn't have to call
These all first appeared in ksh: functions, local, return, $((math))
But to my mind, the question is moot, since post-1.0.2 we'll almost
definitely have c_rehash builtin to the openssl command.
that would also work
:)
It will also be much much much faster, since it doesn't have to call
We currently have no plans to do this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
hopefully it's not still hung, four years later.
seems some wierd system/shell/ksh interaction.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
OpenSSL_1_0_1-stable abc2dfb RT2400: ASN1_STRING_to_UTF8 missing initializer
OpenSSL_1_0_2-stable b85d461 RT2400: ASN1_STRING_to_UTF8 missing initializer
HEAD f9fb43e RT2400: ASN1_STRING_to_UTF8 missing initializer
Author: Raphael Spreitzer raphael.spreit...@gmail.com
Date: Wed Aug 27 22:53:10
openssl is working as designed.
to do xmlenc-style padding, use EVP interface.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
37 matches
Mail list logo
