I guess the dashboard is only picking up incremental differences, then,
so the four missing symbols is just for 1.0.1u to 1.0.2 (no letter); any
symbols that were added to both 1.0.1 and 1.0.2 letter releases (e.g.,
for CVE fixes) would show up as "removed" since they weren't in the
initial 1.0.2 r
Hi,
SRP_VBASE_get1_by_user() was ADDED to 1.0.2g 1 march 2016 [CVE-2016-0798].
I remember it very well !
;-)
Michel
-Message d'origine-
De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de
Salz, Rich via openssl-dev
Envoyé : vendredi 27 janvier 2017 19:49
À : Kaduk, Ben
The tool looks good, but either you didn't find the right link, or it's got
bugs. Of the four symbols you found, ASN1_STRING_clear_free(),
SRP_user_pwd_free(), and SRP_VBASE_get1_by_user() all exist; only
ENGINE_load_rsax() was removed.
--
Senior Architect, Akamai Technologies
Member, Ope
On 27/01/17 16:54, Benjamin Kaduk via openssl-dev wrote:
> [moving from github to -dev]
>
> On 01/27/2017 07:36 AM, mattcaswell wrote:
>>
>> 1.0.2 is the software version.
>> The numbers on the end of lbssl.so.1.0.0 refer to the ABI version -
>> which is different. Software version 1.0.2 is a dr
[moving from github to -dev]
On 01/27/2017 07:36 AM, mattcaswell wrote:
>
> 1.0.2 is the software version.
> The numbers on the end of lbssl.so.1.0.0 refer to the ABI version -
> which is different. Software version 1.0.2 is a drop in replacement
> for 1.0.1, which is a drop in replacement for 1.0
OpenSSL is correct to expect the extension as an IA5STRING. The
netscape-comment extension is defined with the OID
2.16.840.1.113730.1.13 and should be an IA5STRING.
Some references (It's not in any RFC afaik):
https://docs.oracle.com/cd/E19957-01/816-5533-10/ext.htm#1043093
https://msdn.microsoft