With current OpenSSL master, the krb5 PKINIT tests are getting an
assertion failure which I can't attribute to our code (stack trace at
the end). It appears that EVP_EncryptUpdate() now insists on
non-overlapping regions, but bio_enc.c:enc_read() relies on being able
to decrypt an overlapping
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Source from master on github,
./Configure --prefix=/usr/local --openssldir=/usr/local/etc/pki/tls
enable-ec_nistp_64_gcc_128 zlib sctp enable-camellia enable-seed enable-
rfc3779 enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp -Wa,
-
1.0.1 is an old release and only getting security updates. please move to 1.0.2
or 'master'
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4616
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
Hi
There is a ASN decoding problem when decoding a big crl (example can be found
at (http://crl.luxtrust.lu/LTGQCA2.crl).
I tested it with openssl 1.0.2g, which is able to process the CRL without
problems
Failure test:
[cid:image001.png@01D1D1F5.3595D6A0]
Could you please look at it what is
OS: Mac OS X 11.11.5
Version: OpenSSL 1.1-pre6 (head code as of yesterday)
When the server fails under some circumstances, this line reads a bad address:
/* write the header */
*(outbuf[j]++) = type & 0xff;
Because outbuf is 3. This is because prior to the alignment code, outbuf is
NULL.
On Tue Jul 19 17:47:43 2016, levitte wrote:
> On Tue Jul 19 16:41:13 2016, k...@roeckx.be wrote:
> > On Mon, Jul 11, 2016 at 05:48:06PM +, Salz, Rich via RT wrote:
> > > Previously we've changed return-types from void to int. If there's
> > > still time, that seems like the thing to do here.
>
Thanks a lot for explaining this so clearly.
OLD CRL (present in cache): Last Update: Jul 18 11:42:52 2016 GMT
Next Update: Aug 17 11:42:52 2016 GMT
X509v3 CRL Number: 20480
Got an incoming connection when the current time was between
On Wed Jul 20 16:58:20 2016, janj...@nikhef.nl wrote:
> Hi Richard,
>
> On 20/07/16 17:14, Richard Levitte via RT wrote:
> > On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote:
> >> I guess having a more restrictive accessor that only sets the
> >> EXFLAG_PROXY bit could work. I
Hi Richard,
On 20/07/16 17:14, Richard Levitte via RT wrote:
> On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote:
>> I guess having a more restrictive accessor that only sets the
>> EXFLAG_PROXY bit could work. I suggested the more general solution of
>> having set/clear accessors
Hi Richard,
On 20/07/16 17:14, Richard Levitte via RT wrote:
On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote:
I guess having a more restrictive accessor that only sets the
EXFLAG_PROXY bit could work. I suggested the more general solution of
having set/clear accessors for
On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote:
> I guess having a more restrictive accessor that only sets the
> EXFLAG_PROXY bit could work. I suggested the more general solution of
> having set/clear accessors for arbitrary flags since it was - well
> more
> general.
So let me
On Mon Jul 11 14:04:22 2016, dw...@infradead.org wrote:
> I was using store.get_issuer() in OpenConnect too, because I need to
> manually build the trust chain to include it on the wire — because
> even today the server might *still* suffer RT#1942 and fail to trust
> our client cert unless we
In message <20160720072307.ga87...@doctor.nl2k.ab.ca> on Wed, 20 Jul 2016
01:23:07 -0600, The Doctor said:
doctor> ./libcrypto.so: undefined reference to `RUN_ONCE'
doctor> cc: error: linker command failed with exit code 1 (use -v to see
invocation)
doctor> *** Error
./libcrypto.so: undefined reference to `RUN_ONCE'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1
Please fix
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President
On Wed, Jul 20, 2016, Dr. Stephen Henson wrote:
> On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote:
>
> > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates
> > and CRLs on demand, and caches them in memory once they are loaded. As of
> > OpenSSL 1.0.0, it also checks
On Wed, Jul 20, 2016, Dr. Stephen Henson wrote:
> On Wed, Jul 20, 2016, Dr. Stephen Henson wrote:
>
> > On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote:
> >
> > > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates
> > > and CRLs on demand, and caches them in memory
On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote:
> "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates
> and CRLs on demand, and caches them in memory once they are loaded. As of
> OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer
> CRLs are
On Tuesday, 19 July 2016 23:35:13 CEST Dr. Stephen Henson wrote:
> On Tue, Jul 19, 2016, Hubert Kario wrote:
> > I have few questions now though:
> >
> > I've noticed that 1.0.2 uses sha1 hmac for the PRF while the master
> > uses sha256
> >
> > is there a way to set this?
>
> Not currently no
Hi,
This is related to the X509 store cache (had a similar ticket openssl.org #4615
which I guess has already become stale). But, I believe that the documentation
regarding X509_LOOKUP_hash_dir is not at all clear and is quite misleading:
>From the manual page:
19 matches
Mail list logo