[openssl-dev] [openssl.org #3835] [PATCH] Initialize potentially uninitialized local variables

Patch applied. Thanks. Note that actually all of these are bogus warnings. In none of the instances fixed was there an actual code path which resulted in an uninitialised variable being used - it's just that the compiler was unable to figure that out and so issues spurious warnings. Matt

[openssl-dev] [openssl.org #3109] [openssl.org #3041[PATCH] DTLS message_sequence number wrong in rehandshake ServerHello

This ticket was opened in error. Closing. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3041] [Bug] DTLS message_sequence number wrong in rehandshake ServerHello

Looks like this patch was applied some time ago in commit 83a3af9f4e61170afad6f79f161fad8245ae1f95. Closing this ticket. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3008] Possible bug when using DTLS with a BIO pair

The MTU logic has been extensively revised since this ticket was raised so I am assuming this is no longer an issue. If that's not the case please reopen this ticket. Closing. Matt ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #1709] DTLS BUG: retransmition of handshake messages does not work

I don't believe this is the case any more. Closing this ticket. Matt ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3836] DOCUMENTATION: missing documentation for SSL_get_certificate

The ECDH callback needs to query the server's certificate to discover the EC group being used. The callback can then return a temporary key in the field. It looks like SSL_get_certificate can be used for the purpose. SSL_get_certificate is used in apps/s_cb.c, but there's no documentation for it.

[openssl-dev] [openssl.org #3487] Possible Bug: Crash in dtls1_do_write

Not enough information in this ticket to track down the problem. I'm assuming that by now you've resolved this issue. If not please send further details to the openssl-users mailing list. Closing this ticket. Matt ___ openssl-dev mailing list To

Re: [openssl-dev] Bug in SSL_CTX_check_private_key?

Hello Viktor, On Wednesday, May 6, 2015, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Wed, May 06, 2015 at 08:33:37PM +0300, Dmitry Belyavsky wrote: I would like to suggest a small patch providing the necessary check for RSA_METHOD_FLAG_NO_CHECK here. I am not convinced

Re: [openssl-dev] [openssl.org #3837] Bug in SSL_CTX_check_private_key?

Hello Victor, On Wed, May 6, 2015 at 7:10 PM, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Wed, May 06, 2015 at 05:58:31PM +0200, Dmitry Belyavsky via RT wrote: It seems to me there is a bug in the SSL_CTX_check_private_key function. The function ignores RSA_METHOD_FLAG_NO_CHECK

Re: [openssl-dev] [openssl.org #3837] Bug in SSL_CTX_check_private_key?

On Wed, May 06, 2015 at 08:33:37PM +0300, Dmitry Belyavsky wrote: I would like to suggest a small patch providing the necessary check for RSA_METHOD_FLAG_NO_CHECK here. I am not convinced this change is correct. The function would then not do what it is supposed to do. The flag

Re: [openssl-dev] [openssl.org #3837] Bug in SSL_CTX_check_private_key?

On Wed, May 06, 2015 at 05:58:31PM +0200, Dmitry Belyavsky via RT wrote: It seems to me there is a bug in the SSL_CTX_check_private_key function. The function ignores RSA_METHOD_FLAG_NO_CHECK flag and always tries to check public/private key match. I think that's deliberate and correct.

[openssl-dev] [openssl.org #3837] Bug in SSL_CTX_check_private_key?

Hello Openssl team, It seems to me there is a bug in the SSL_CTX_check_private_key function. The function ignores RSA_METHOD_FLAG_NO_CHECK flag and always tries to check public/private key match. The only place in real code where this function is used is in the set_cert_key_stuff function, just