I just cloned the OpenSSL git repo at
git://git.openssl.org/openssl.git. Looking at the OpenSSL_1_0_1-stable
branch, the fix for CVE-2015-3197 still isn't in the repo. The most
recent commit is:
foleyj@hobknob:~/gitsync/ossl/openssl$ git log
commit 126ac21c80967ec00f802d356462c1b83fa0f54c
On 28/01/16 16:40, John Foley wrote:
> I just cloned the OpenSSL git repo at
> git://git.openssl.org/openssl.git. Looking at the OpenSSL_1_0_1-stable
> branch, the fix for CVE-2015-3197 still isn't in the repo. The most
> recent commit is:
>
> foleyj@hobknob:~/gitsync/ossl/openssl$ git log
>
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions
are no longer receiving security updates.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20160128.txt
Note: the online version of the advisory may be updated with ad
Thank you.
On 01/28/2016 12:20 PM, Matt Caswell wrote:
On 28/01/16 16:40, John Foley wrote:
I just cloned the OpenSSL git repo at
git://git.openssl.org/openssl.git. Looking at the OpenSSL_1_0_1-stable
branch, the fix for CVE-2015-3197 still isn't in the repo. The most
recent commit is:
The recently-added DH_CHECK_PUBKEY_INVALID was set to 0x3, but
DH_CHECK_PUBKEY_* values are flags, so it should be 0x4 to avoid colliding
with DH_CHECK_PUBKEY_TOO_SMALL (0x01) and DH_CHECK_PUBKEY_TOO_LARGE (0x02).
See DH_check_pub_key's *ret |= logic.
test was removed -- it hasn't been compiled in a very long time, and it is not
useful.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Thanks for the report, fixed now.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-dev mailing list
To unsubscribe:
On the openssl-user mailing list archive, I found this:
http://www.mail-archive.com/openssl-users@openssl.org/msg67721.html
On GitHub, I don't find this flag X509_V_FLAG_OCSP_CHECK
Seems like this proposed change is not merged into the Master branch.
Or, is it by default, OpenSSL will check
I said in the note
below: "(And not me. I am taking the 1.1 approach to getting ECDH.
working in engine.) "
Now that OpenSC's libp11 and engine_pkcs11 have code committed for
use with OpenSSL-1.1-pre2 to use ECDH,
I created patches for libp11 and
DSAPublicKey lost the dsa_cb in
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1
This results in d2i_DSAPublicKey using crypto/asn1's default allocation
logic rather than calling into DSA_new. I believe it should
use ASN1_SEQUENCE_cb.
I've
However, we’re talking about botnets. They do bad things, they don’t follow the
rules. They can masquerade as the original sender and send additional data.
The received data held ought to be limited to the initial window of the
connection, AND, since these are all original SYNs (pun intended)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1r released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.1r of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.2f released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2f of our open source
13 matches
Mail list logo