On 08/05/15 02:28, Jeffrey Altman wrote:
Regardless, the inability to improve the support in this area has left
the those organizations that rely upon 2712 with the choice of use
insecure protocols or re-implement the applications. I do not believe
that any sane OS or application vendor
Attached updated patch according to openssl style.
---
Kurt Cancemi
https://www.x64architecture.com
On Thu, May 7, 2015 at 6:15 PM, Kurt Cancemi k...@x64architecture.com wrote:
Add missing terminating NULL to speed_options table. This would cause
memory corruption by opt_init() because it
Hi,
We encountered a segmentation fault in our engine code as
EVP_CIPHER-cleanup() is called before EVP_CIPHER_CTX-cipher_data gets
initialized by EVP_CIPHER-init(). This can be prevented if
EVP_CIPHER_CTX-cipher_data is initialized with 0s after the allocation
in EVP_CipherInit_ex().
Hi all,
I want cross compile openssl for arm-xilinx-linux-gnueabi-gcc
platform .I have downloaded source code openssl-1.02a and I have looked
options for
for configure file. Arm-xilinx-linux-gnueabi is not found in list of
os/compiler option .so I selected linux-armv4
The return value of BUF_strdup is unchecked in X509V3_parse_list() the
attached patch fixes the issue.
---
Kurt Cancemi
From a42d8f0e5dbc7d56268a06a99133957d09ac8a21 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi k...@x64architecture.com
Date: Thu, 7 May 2015 16:12:33 -0400
Subject: [PATCH] Add
Add missing terminating NULL to speed_options table. This would cause
memory corruption by opt_init() because it relies on the terminating
NULL.
---
Kurt Cancemi
From 2cbdcd038245df7c78b25a2c22f802d26e030684 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi k...@x64architecture.com
Date: Thu, 7 May
Hi,
Lei Zhang (re)discovered that OpenSSL 1.0.1* and below gets miscompiled,
resulting in incorrect computation of at least SHA-1 hashes (and probably
SHA-0, MD4, MD5) when it's compiled with icc for 64-bit Linux (x86_64 or
mic), but not for Windows. The problem is already fixed in 1.0.2 and in
It's been years and years and time to face facts: not going to happen unless
someone sends a patch.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
We compile with various warning flags and believe all of these are addressed.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
yes there is a limit on the size of the passphrase. unlikely to fix this; old
ticket.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Thu, 2015-05-07 at 21:28 -0400, Jeffrey Altman wrote:
On 5/7/2015 8:40 PM, Viktor Dukhovni wrote:
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
There have been some conversations behind Red Hat doors about
improving the state of Kerberos/TLS in both standards
It's been ten years, we're not going to get around to this. Someone re-open
(ideally with a patch) if they think it still needs to be fixed.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe:
It's been more than a dozen years, we're clearly not going to get around to it.
Closing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
fixed some time ago, probably by steve.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
so they turn off the -n flag for some recurive makes. hard to justify that as
proper behavior, although i understand why it's convenient. not a real defect
for openssl. we are looking at other general make issues, too, but this one i
am closing for now.
--
Rich Salz, OpenSSL dev team;
On 5/8/2015 5:17 PM, Nathaniel McCallum wrote:
I agree that the current situation is not sustainable. I was only
hoping to start a conversation about how to improve the situation.
For instance, there is this: http://tls-kdh.arpa2.net/
I don't see any reason this couldn't be expanded to do
On Fri, May 08, 2015 at 05:17:29PM -0400, Nathaniel McCallum wrote:
I agree that the current situation is not sustainable. I was only
hoping to start a conversation about how to improve the situation.
RFC2712 uses Authenticator, which is an ASN.1 type quite clearly NOT
intended for use outside
I should have mentioned NPN and ALPN too.
A TLS application could use ALPN to negotiate the use of a variant of
the real application protocol, with the variant starting with a
channel-bound GSS context token exchange.
The ALPN approach can optimize the GSS mechanism negotiation, at the
price of
We have no plans to fix renegotiation when client and server are sending
asynchronously.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
subjectAltName is the mechanism to use, and is supported. Other RDN types for
email are not.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
20 matches
Mail list logo