[openssl-dev] Overlapping regions check

With current OpenSSL master, the krb5 PKINIT tests are getting an assertion failure which I can't attribute to our code (stack trace at the end). It appears that EVP_EncryptUpdate() now insists on non-overlapping regions, but bio_enc.c:enc_read() relies on being able to decrypt an overlapping

[openssl-dev] [openssl.org #4619] compile errors with no-srp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Source from master on github, ./Configure --prefix=/usr/local --openssldir=/usr/local/etc/pki/tls enable-ec_nistp_64_gcc_128 zlib sctp enable-camellia enable-seed enable- rfc3779 enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp -Wa, -

[openssl-dev] [openssl.org #4616] bug report

1.0.1 is an old release and only getting security updates. please move to 1.0.2 or 'master' -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4616 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4599] big CRLs problem with openssl 1.0.2h

Hi There is a ASN decoding problem when decoding a big crl (example can be found at (http://crl.luxtrust.lu/LTGQCA2.crl). I tested it with openssl 1.0.2g, which is able to process the CRL without problems Failure test: [cid:image001.png@01D1D1F5.3595D6A0] Could you please look at it what is

[openssl-dev] [openssl.org #4618] BUG: Crash in do_ssl3_write unless OPENSSL_NO_MULTIBLOCK

OS: Mac OS X 11.11.5 Version: OpenSSL 1.1-pre6 (head code as of yesterday) When the server fails under some circumstances, this line reads a bad address: /* write the header */ *(outbuf[j]++) = type & 0xff; Because outbuf is 3. This is because prior to the alignment code, outbuf is NULL.

[openssl-dev] [openssl.org #4614] pthread_once and malloc failures

On Tue Jul 19 17:47:43 2016, levitte wrote: > On Tue Jul 19 16:41:13 2016, k...@roeckx.be wrote: > > On Mon, Jul 11, 2016 at 05:48:06PM +, Salz, Rich via RT wrote: > > > Previously we've changed return-types from void to int. If there's > > > still time, that seems like the thing to do here. >

Re: [openssl-dev] Clear X509 OBJECT cache

Thanks a lot for explaining this so clearly. OLD CRL (present in cache): Last Update: Jul 18 11:42:52 2016 GMT Next Update: Aug 17 11:42:52 2016 GMT X509v3 CRL Number: 20480 Got an incoming connection when the current time was between

[openssl-dev] [openssl.org #4602] Missing accessors

On Wed Jul 20 16:58:20 2016, janj...@nikhef.nl wrote: > Hi Richard, > > On 20/07/16 17:14, Richard Levitte via RT wrote: > > On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote: > >> I guess having a more restrictive accessor that only sets the > >> EXFLAG_PROXY bit could work. I

Re: [openssl-dev] [openssl.org #4602] Missing accessors

Hi Richard, On 20/07/16 17:14, Richard Levitte via RT wrote: > On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote: >> I guess having a more restrictive accessor that only sets the >> EXFLAG_PROXY bit could work. I suggested the more general solution of >> having set/clear accessors

Re: [openssl-dev] [openssl.org #4602] Missing accessors

Hi Richard, On 20/07/16 17:14, Richard Levitte via RT wrote: On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote: I guess having a more restrictive accessor that only sets the EXFLAG_PROXY bit could work. I suggested the more general solution of having set/clear accessors for

[openssl-dev] [openssl.org #4602] Missing accessors

On Mon Jul 11 11:34:35 2016, mattias.ell...@physics.uu.se wrote: > I guess having a more restrictive accessor that only sets the > EXFLAG_PROXY bit could work. I suggested the more general solution of > having set/clear accessors for arbitrary flags since it was - well > more > general. So let me

[openssl-dev] [openssl.org #4602] Missing accessors

On Mon Jul 11 14:04:22 2016, dw...@infradead.org wrote: > I was using store.get_issuer() in OpenConnect too, because I need to > manually build the trust chain to include it on the wire — because > even today the server might *still* suffer RT#1942 and fail to trust > our client cert unless we

Re: [openssl-dev] openssl-SNAP-20160720

In message <20160720072307.ga87...@doctor.nl2k.ab.ca> on Wed, 20 Jul 2016 01:23:07 -0600, The Doctor said: doctor> ./libcrypto.so: undefined reference to `RUN_ONCE' doctor> cc: error: linker command failed with exit code 1 (use -v to see invocation) doctor> *** Error

[openssl-dev] openssl-SNAP-20160720

./libcrypto.so: undefined reference to `RUN_ONCE' cc: error: linker command failed with exit code 1 (use -v to see invocation) *** Error code 1 Please fix -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > > > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > > and CRLs on demand, and caches them in memory once they are loaded. As of > > OpenSSL 1.0.0, it also checks

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > On Wed, Jul 20, 2016, Dr. Stephen Henson wrote: > > > On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > > > > > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > > > and CRLs on demand, and caches them in memory

Re: [openssl-dev] Clear X509 OBJECT cache

On Wed, Jul 20, 2016, Patel, Anirudh (Anirudh) wrote: > "X509_LOOKUP_hash_dir is a more advanced method, which loads certificates > and CRLs on demand, and caches them in memory once they are loaded. As of > OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer > CRLs are

Re: [openssl-dev] pkcs12 settings, Was: Re: [openssl.org #4588] pkcs12 -info doesn't handle PKCS#12 files with PKCS#5 v2.0 PBE

On Tuesday, 19 July 2016 23:35:13 CEST Dr. Stephen Henson wrote: > On Tue, Jul 19, 2016, Hubert Kario wrote: > > I have few questions now though: > > > > I've noticed that 1.0.2 uses sha1 hmac for the PRF while the master > > uses sha256 > > > > is there a way to set this? > > Not currently no

[openssl-dev] Clear X509 OBJECT cache

Hi, This is related to the X509 store cache (had a similar ticket openssl.org #4615 which I guess has already become stale). But, I believe that the documentation regarding X509_LOOKUP_hash_dir is not at all clear and is quite misleading: >From the manual page: