On 08/22/2014 12:26 PM, Salz, Rich wrote:
> It'd be good to fix this.
Behold a patch that seems to fix it:
https://www.av8n.com/openssl/bypass-bugfix.diff
The code seems pretty straightforward to me, but on the
other hand, I have very little experience coding in the
openssl environment, so I mi
On Tue, 9 Sep 2014, Rich Salz via RT wrote:
> Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps for
> integration after 1.0.2
>
> commit f4f79df1a2e1d295e93afe68691499ec034b76ad
> Author: Richard Silverman
> Date: Tue Sep 9 12:37:27 2014 -0400
>
> RT2962: add -keytab and -krb5sv
The perl issues aren't reproducible; maybe fixed now if there was a problem.
Make issues are being tracked in (several) other tickets.
The README/rt issue is fixed:
OpenSSL_1_0_2-stable 3aa2d2d RT2196: Clear up some README wording
HEAD 468ab1c RT2196: Clear up some README wording
Author: Rich Salz
OpenSSL_1_0_2-stable f33ce36 RT3192: spurious error in DSA verify
HEAD eb63bce RT3192: spurious error in DSA verify
Author: Matt Caswell
Date: Tue Sep 9 16:50:06 2014 -0400
RT3192: spurious error in DSA verify
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing th
OpenSSL_1_0_2-stable e61c648 RT3271: Don't use "if !" in shell lines
HEAD b999f66 RT3271: Don't use "if !" in shell lines
Merge: 843921f b999f66
Author: Rich Salz
Date: Tue Sep 9 17:06:40 2014 -0400
Merge branch 'master' of git.openssl.org:openssl
Previous commit was reviewed by Geoff, not Step
Partial writes don't work for UDP.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
fixed earlier on https://github.com/akamai/openssl/tree/rsalz-monolith
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Local error.
Other tickets are tracking makefile changes, so closing this one.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
sorry, you can't use stdin twice. we have no control over system buffering,
among other things.
closing file.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.
The analysis seems wrong, getting confused by the union.
closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Local config error.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
This can't happen. It's an internal function and never gets NULL
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Not enough information to reproduce the defect, closing the ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Closing this in favor of 2937
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Autom
OpenSSL_1_0_2-stable 8c0d19d RT1909: Omit version for v1 certificates
HEAD 1f18f50 RT1909: Omit version for v1 certificates
Author: Geoff Keating
Date: Tue Sep 9 14:28:54 2014 -0400
RT1909: Omit version for v1 certificates
When calling X509_set_version to set v1 certificate, that
should mean th
On 08/22/2014 12:26 PM, Salz, Rich wrote:
> It'd be good to fix this.
Behold a patch that seems to fix it:
https://www.av8n.com/openssl/bypass-bugfix.diff
The code seems pretty straightforward to me, but on the
other hand, I have very little experience coding in the
openssl environment, so I mi
Indeed,
Improved version of the patch are in:
[openssl.org #2937] Handshake performance degradation in 1.0.1 and up.
On 9 September 2014 21:16, Rich Salz via RT wrote:
> From an internal review of the patch:
> Contexts are meant to be reused and (for example) reusing the same context
> and
> di
Indeed,
Improved version of the patch are in:
[openssl.org #2937] Handshake performance degradation in 1.0.1 and up.
On 9 September 2014 21:16, Rich Salz via RT wrote:
> From an internal review of the patch:
> Contexts are meant to be reused and (for example) reusing the same context
> and
> di
This incompatible change was made five years ago; nothing to do now.
Closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing L
timer-limiting for windows heap-walking, etc., seems to have been implemented
some time ago.
Closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.o
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps to be
intergrated after 1.0.2
commit 07cae301ea569173e18ae585caa1457660baf024
Author: John Gardiner Myers
Date: Tue Sep 9 14:12:42 2014 -0400
RT1766: s_client -reconnect and -starttls broke
Using both -starttls and -reconnect d
Fixed in master and 1.0.2
OpenSSL_1_0_2-stable 283a8fd RT3506: typo's in ssltest
HEAD 4eadd11 RT3506: typo's in ssltest
Author: Kurt Cancemi
Date: Tue Sep 9 13:48:00 2014 -0400
RT3506: typo's in ssltest
Reviewed-by: Dr. Stephen Henson
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
OPENSSL_config is a very simple-minded API.
If the config file is on a drive that isn't available, and since the API exits
on error, it's working as designed. Closing ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
Op
>From an internal review of the patch:
Contexts are meant to be reused and (for example) reusing the same context and
digest avoids having to reallocate a buffer for the internal context structure.
I think this might actually be a problem in the ENGINE not handling reuse
properly, or the EVP API n
Right, 1.0.1d had an error in the fix. Update the advisory to point to 1.0.1e
or later.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailin
Not enough information to reproduce the problem.
Most likely application bug that is romping on memory.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
De
SLS_library_init only loads the algorithms needed by SSL/TLS ciphersuites.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps for
integration after 1.0.2
commit f4f79df1a2e1d295e93afe68691499ec034b76ad
Author: Richard Silverman
Date: Tue Sep 9 12:37:27 2014 -0400
RT2962: add -keytab and -krb5svc flags.
Add -keytab and -krb5svcd flags to s_client and s
the link's good now.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps for
inclusion after 1.0.2
(The RAND_xxx issue was already fixed)
commit 16365c8dc390e1cb29a4f64c9b3450d89532a960
Author: Dmitry Belyavsky
Date: Tue Sep 9 12:09:32 2014 -0400
RT2932: Catch write errors
Don't ignore the return va
This is a duplicate of RT2936, fixed in
https://github.com/akamai/openssl/tree/rsalz-monolith which will be part of
post-1.0.2
commit 3938694b2a770efad980c947b68981b110e784d6
Author: Rich Salz
Date: Fri Aug 15 14:27:04 2014 -0400
PR 2936, etc: Consistently use default cert dir
All apps that have
Fixed in https://github.com/akamai/openssl/tree/rsalz-monolith/apps to be part
of post-1.0.2
commit 90899ae82e14ecbfbeac6fc47757470f9a0a9b80
Author: Rich Salz
Date: Tue Sep 9 10:22:01 2014 -0400
RT2642: Allow EHLO hostname to be specified.
Add -smtphost flag, to specify the host used in the
SMT
On Mon, Sep 08, 2014 at 11:41:42PM -0600, The Doctor wrote:
> ls: error initializing month strings
The literal string "month" does not appear in OpenSSL 1.0.2 source
code. You're probably compiling in a locale not supported by your
system. "ls -l" is unable to format the date.
--
Vikt
n Sep 8 23:19:16 2014
> doctor.nl2k.ab.ca//usr/source/openssl-1.0.2-stable-SNAP-20140909$ make test
> testing...
> (cd ..; make DIRS=crypto all)
> making all in crypto...
> ar r ../libcrypto.a cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o
> cpt_err.o ebcdic.o uid.o o_time
Can we handle this like ticket 3521 and do -arch= ? And split that up into
"-arch " ?
:��I"Ϯ��r�m
(Z+�7�zZ)���1���x��hW^��^��%�� ��&jם.+-1�ځ��j:+v���h�
In exceedingly minimal libcrypto-only configurations of OpenSSL such as:
no-lock no-threads no-shared no-zlib no-idea no-camellia no-seed no-bf
no-cast no-des no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-ripemd no-mdc2
no-rsa no-dsa no-dh no-whirlpool no-cms no-dgram no-sock no-ssl2 no-ssl3
Correctly handle '--sysroot' GCC toolchain option when compiling for the
Android NDK using targets such as linux-generic32 in which the external
environment passes in the toolchain root.
---
openssl/Configure | 4
1 file changed, 4 insertions(+)
diff --git a/openssl/Configure b/openssl/Con
Correctly handle '-arch' and '-isysroot' GCC/clang/LLVM
options when compiling for Mac OS X or iOS using targets such as
BSD-generic32 in which the external environment passes in the processor
architecture and toolchain root.
---
openssl/Configure | 12 +++-
1 file changed, 11 insertions(
Please, see my pull request on GitHub:
https://github.com/openssl/openssl/pull/170
Description from the pull request:
This commit has security implications for simple clients that use
openssl s_client. To demostrate the issue described in the commit
message do:
openssl s_client -connect github.co
This can presumably be resolved as fixed, given the commit on #2626 just
now.
On 29/09/10 20:54, Rob Stradling via RT wrote:
NIST (SP800-57 Part 1) recommends a minimum RSA key size of 2048-bits beyond
2010. From January 1st 2011, in order to comply with the current Microsoft[1]
and Mozilla[2]
Duplicate of #2206 ?
On 05/09/14 08:35, Mehner, Carl via RT wrote:
OCSP response handling in /apps/ocsp.c
--
2014-06-25
The OCSP Documentation States
https://www.openssl.org/docs/apps/ocsp.html
"Otherwise the OCSP responder certificate's CA is checked against the issuing CA
certificate
41 matches
Mail list logo