Closing this ticket at request of submitter. Erroneous duplicate of #4533
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4534
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
On Sat Apr 30 19:51:51 2016, hen...@newdawn.dk wrote:
> Hi there
>
> I've recently come across what looks to be an internal bug in openssl:
>
> Original symptoms was that neither "curl" or "wget" could access the
> following site:
>
> https://coverage.tre.se - this site is using TLS 1.0 (only) and
On 26/04/16 16:16, Douglas E Engert wrote:
> Let me update my response.
> If I am reading GH#995 correctly it still has an issue if a user does:
>
> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
> /* other stuff done, such as calculating d */
> RSA_set0_key(rsa, n, e, d);
>
> rsa is
ype of key used (i.e. if you supply an EC key then it will use ECDSA).
Matt
>
> Nevertheless, I will try to create a new branch.
>
> Thanks again.
>
> Martin
>
>
>
> -Original Message- From: openssl-dev
> [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Ma
On 26/04/16 09:43, Gäckler Martin (EXT) wrote:
> We’re currently developing a system that uses OAuth protocol to identify
> the users. The service provider is developed in PHP and uses OpenSSL to
> verify the access token. Unfortunately the identity provider, which is
> managed by another
On 26/04/16 08:26, Richard Levitte wrote:
> [temporarly taking this thread away from RT]
>
> Basically, I can see two solutions:
>
> - Allow calls like RSA_set0_key(rsa, NULL, NULL, d);
>
> That's what's implemented in GH#995, except it doesn't check if the
> input parameters are NULL
On 20/04/16 09:24, Matt Caswell wrote:
>
>
> On 19/04/16 19:40, Rainer Jung wrote:
>> I get a core dump during test execution for 1.1.0-pre5. Test is
>> test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc.
>
> Thanks for the detailed analysis. Bas
On 20/04/16 15:03, Thirumal, Karthikeyan wrote:
> Thanks Rich.
>
> We first attempted to move to openssl-0.9.8zc - but we faced memory issues
> and our process got dumped at SSL_free. So we backed out and moved back to
> 9.8a.
>
> Can I go to 0.9.8e version and will the SSL fragment issue be
On 19/04/16 20:18, Rainer Jung wrote:
> Output during "make install":
>
> Cannot find "BIO_gets" in podpath: cannot find suitable replacement
> path, cannot resolve link
> Cannot find "BIO_callback_ctrl" in podpath: cannot find suitable
> replacement path, cannot resolve link
> Cannot find
On 19/04/16 19:40, Rainer Jung wrote:
> I get a core dump during test execution for 1.1.0-pre5. Test is
> test/recipes/70-test_sslskewith0p.t, platform is Solaris 10 Sparc.
Thanks for the detailed analysis. Based on that I have been able to
identify the problem. Fix on the way.
Matt
--
Karthikeyan Thirumal
>
> -Original Message- From: openssl-dev
> [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt Caswell
> Sent: Friday, April 15, 2016 2:05 PM To: openssl-dev@openssl.org
> Subject: Re: [openssl-dev] Windows Patch affecting
On 15/04/16 09:15, Thirumal, Karthikeyan wrote:
> Dear Dev folks,
>
> My clients are facing are connectivity issues after windows released
> their OS upgrade this week. I think they have changed the way the SSL
> handshake happens.
>
> My Server is using openssl-0.9.8a and my client sits on a
Please try again from latest master. Possibly fixed by 627537ddf379.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4499
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Please can you try this again on latest master. Possibly fixed by 627537ddf379.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4455
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
On 14/04/16 01:31, CHOW Anthony wrote:
> I would like to start contributing to this project. On github under
> openssl/CONTRIBUTING stated that there are local unit testing that can
> be done for sanity checking that we can do before submitting a PR.
>
>
>
> In some cases, running these
On 01/04/16 16:06, Martin Hecht wrote:
> on SUSE Linux Enterprise Server 11 SP3, when running
>
> ./config && make test
>
> I get errors like:
> Compilation failed in require at ../test/recipes/90-test_v3name.t line 3.
> BEGIN failed--compilation aborted at ../test/recipes/90-test_v3name.t
>
On 31/03/16 14:00, Hejian via RT wrote:
> Hello, when upgrade openssl to 1.0.2g, If multi thread call the corba
> interface, it will cause core accidently. Please help analyze why the
> core is generated.
>
> There are two kinds of core stack list below.
>
>
> #0 0x7f97729ad324 in
On 30/03/16 15:55, The Doctor wrote:
>
> Just got
>
> make && make test
> gcc -DZLIB_SHARED -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS
> +-DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS
> +-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
>
On 29/03/16 19:25, Blumenthal, Uri - 0553 - MITLL wrote:
>> clang -DZLIB -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_THREADS
>> -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2
>> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
>> -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
On 27/03/16 00:16, Jeffrey Walton wrote:
> Is this a supported configuration (no-ui and apps)?
Co-incidentally, Richard has a patch for no-ui that fixes these problems
that is currently in review.
Matt
>
> There's a fair number of warnings when configuring with no-ui:
>
>
On 23/03/16 16:00, Suarez, Miguel wrote:
> Hi
>
>
>
> Can you tell me when 1.0.1t release or later will be made available with
> fixes for the following issues (see below).
1.0.1t does not currently have a planned release date. Releases are
scheduled on an as-needed basis, typically
On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
>
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
> function. When I do this with OpenSSL from git master as of right now
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:
Auto deinit
What happens if you run the afalgtest directly?
$ cd test
$ ./afalgtest
Matt
On 16/03/16 13:52, noloa...@gmail.com via RT wrote:
> Working from Master on a Gentoo 13 machine, x86_64. The test was run
> as root which explains one of the failures (I don't have users or SSH
> set up yet).
>
>
On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
> I've configured with:
>
> ./config enable-afalgeng
>
> When I run the self tests, I see:
>
> ../test/recipes/30-test_afalg.t ... skipped: test_afalg not
> supported for this build
You should not need to use enable-afalgeng
On 18/03/16 22:59, Kurt Roeckx via RT wrote:
> On Fri, Mar 18, 2016 at 01:18:04PM +0000, Matt Caswell wrote:
>>
>>
>> On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
>>> I've configured with:
>>>
>>> ./config enable-afalgeng
>>>
On 18/03/16 22:59, Kurt Roeckx via RT wrote:
> On Fri, Mar 18, 2016 at 01:18:04PM +0000, Matt Caswell wrote:
>>
>>
>> On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
>>> I've configured with:
>>>
>>> ./config enable-afalgeng
>>>
894a00c3f76c47 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@openssl.org>
Date: Thu, 17 Mar 2016 10:14:30 +
Subject: [PATCH 1/3] Fix no-rc2 in the CMS test
The CMS test uses some RC2 keys which should be skipped if the RC2 is
disabled.
---
test/recipes/80-test_cms.t | 14 +
On 18/03/16 12:52, noloa...@gmail.com via RT wrote:
> I've configured with:
>
> ./config enable-afalgeng
>
> When I run the self tests, I see:
>
> ../test/recipes/30-test_afalg.t ... skipped: test_afalg not
> supported for this build
You should not need to use enable-afalgeng
0xF bytes
>
> e:\openssl-1.1.0-pre4\ssl\ssl_lib.c (2367):
> TestsTLS-11.exe!SSL_CTX_new() + 0x5 bytes
>
> p:\mes programmes\shared\ocrypto-11\tls.cpp (95):
> TestsTLS-11.exe!OTLS::TLSCtx::SetMinTLSVer() + 0x9 bytes
>
> p:\mes programmes\tests\_testsshared
What happens if you run the afalgtest directly?
$ cd test
$ ./afalgtest
Matt
On 16/03/16 13:52, noloa...@gmail.com via RT wrote:
> Working from Master on a Gentoo 13 machine, x86_64. The test was run
> as root which explains one of the failures (I don't have users or SSH
> set up yet).
>
>
On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
>
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
> function. When I do this with OpenSSL from git master as of right now
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:
Auto deinit
On 14/03/16 15:21, Matt Caswell via RT wrote:
>
>
> On 14/03/16 15:05, Andy Polyakov via RT wrote:
>>>>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>>>>> 32-bit tests OK.
>>>>>
>>>>> The relevant
On 14/03/16 15:21, Matt Caswell via RT wrote:
>
>
> On 14/03/16 15:05, Andy Polyakov via RT wrote:
>>>>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>>>>> 32-bit tests OK.
>>>>>
>>>>> The relevant
if we work out we're
>> on ppc64 then we default to ASYNC_NULL?
>
> #if defined(__APPLE__) && (defined(__ppc64__) || defined(_ARCH_PPC64))
>
>
So something like the attached?
Jeff, can you test this?
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4366
rk out we're
>> on ppc64 then we default to ASYNC_NULL?
>
> #if defined(__APPLE__) && (defined(__ppc64__) || defined(_ARCH_PPC64))
>
>
So something like the attached?
Jeff, can you test this?
Matt
>From e30be0c1c51cc7da06f103a07d6b4b9757838867 Mon Sep 17 0
On 14/03/16 14:57, Andy Polyakov via RT wrote:
>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>> 32-bit tests OK.
>>
>> The relevant snippets are:
>>
>> $ make test
>> ...
>> ../test/recipes/90-test_async.t ... 1/1
>> # Failed test 'running asynctest'
>> #
On 14/03/16 14:57, Andy Polyakov via RT wrote:
>> Bump... The issue is still present as of b36a2ef for OS X 10.6 64-bit.
>> 32-bit tests OK.
>>
>> The relevant snippets are:
>>
>> $ make test
>> ...
>> ../test/recipes/90-test_async.t ... 1/1
>> # Failed test 'running asynctest'
>> #
On 12/03/16 00:12, noloa...@gmail.com via RT wrote:
>>> What is actually running? How can I get it under a debugger?
>>
>>
>> $ ./config -d
>> $ make
>> $ make test/afalgtest
>> $ cd test
>> $ OPENSSL_ENGINES=../engines/afalg gdb ./afalgtest
>>
>
> Ooh, -d looks like a new option. Would that be
On 11/03/16 19:38, noloa...@gmail.com via RT wrote:
> On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT
> wrote:
>> Working from Master:
>>
>
> It looks like the hang is still present as of 603358d.
>
> When the following runs:
>
>
On 11/03/16 19:38, noloa...@gmail.com via RT wrote:
> On Thu, Mar 10, 2016 at 2:29 PM, noloa...@gmail.com via RT
> wrote:
>> Working from Master:
>>
>
> It looks like the hang is still present as of 603358d.
>
> When the following runs:
>
>
Hi Jeff
On Thu Mar 10 19:29:21 2016, noloa...@gmail.com wrote:
> Working from Master:
>
> $ git reset --hard HEAD && git pull
> HEAD is now at fb04434 In the recipe using "makedepend", make sure the
> object file extension is there
> Already up-to-date.
>
> $ ./config
> ...
> $ make depend &&
Hi Roumen
On 10/03/16 22:21, Roumen Petrov wrote:
> Hello,
>
> With new thread model in some configurations openssl hands on unload of
> engine.
I just pushed commit 773fd0bad4 to master which should hopefully resolve
this issue.
Matt
--
openssl-dev mailing list
To unsubscribe:
On 11/03/16 01:03, Jeffrey Walton wrote:
> Hi Everyone,
>
> Testing master on real hardware is showing some minor issues on a few
> platforms, including ARM32, ARM64, PowerPC and i686. In addition,
> there seems to be one-off issues on other combinations, like VIA's C7
> processor on Linux.
>
--unified has been removed and it is now the default. If you want "old"
build use --classic.
Matt
On 08/03/16 15:51, Blumenthal, Uri - 0553 - MITLL wrote:
> $ ./Configure darwin64-x86_64-cc enable-rfc3779 threads zlib
> enable-ec_nistp_64_gcc_128 shared
> --prefix=/Users/ur20980/src/openssl-1.1
On Mon Mar 07 23:02:26 2016, noloa...@gmail.com wrote:
> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present
> under Linux.
>
> $ git reset --hard HEAD
> HEAD is now at e1d9f1a Remove kinv/r fields from DSA structure.
> $ git pull
> Already up-to-date.
>
> $ ./config && make depend
On 07/03/16 21:49, David Benjamin wrote:
> Hi folks,
>
> So, we've by now built up a decent-sized SSL test suite in BoringSSL. I
> was bored and ran it against OpenSSL master. It revealed a number of
> bugs. One is https://github.com/openssl/openssl/pull/603. I'll be filing
> tickets shortly
On 07/03/16 23:43, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:29 PM, Matt Caswell via RT <r...@openssl.org> wrote:
>> Fix already on the way.
>>
>
> Thanks. I'm not sure what's triggering it on OS X because those
> defines don't seem to sho
On 07/03/16 23:43, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:29 PM, Matt Caswell via RT <r...@openssl.org> wrote:
>> Fix already on the way.
>>
>
> Thanks. I'm not sure what's triggering it on OS X because those
> defines don't seem to sho
Fix already on the way.
Matt
On 07/03/16 23:28, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:02 PM, Jeffrey Walton wrote:
>> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present under
>> Linux.
>>
>> $ git reset --hard HEAD
>> HEAD is now at
Fix already on the way.
Matt
On 07/03/16 23:28, noloa...@gmail.com via RT wrote:
> On Mon, Mar 7, 2016 at 6:02 PM, Jeffrey Walton wrote:
>> This just showed up on OS X 10-5, 64-bit PowerPC. Its not present under
>> Linux.
>>
>> $ git reset --hard HEAD
>> HEAD is now at
On 03/03/16 11:54, Marcus Meissner wrote:
> Hi,
>
> https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/
>
> Integer overflow in b2i_PVK_bio
>
> Have you assigned a CVE internally for that already?
>
> Ciao, Marcus
>
On 24/02/16 16:48, Gisle Vanem wrote:
> Matt Caswell wrote:
>
>> The complete patch is attached. This is currently going through review,
>> and solves the link issue.
>
> That brought MSVC-2015 back on track. Thanks!
>
This has now been committed, so hopefully
On 23/02/16 16:38, Sander Temme wrote:
> All,
>
> I toyed over the weekend with resurrecting CHIL: intermediate result
> here https://github.com/sctemme/openssl/tree/rescue-chil and I AM NOT
> PROUD OF THIS but have no cycles to clean it up for at least a couple
> of days to come. It builds now
On 24/02/16 15:50, The Doctor wrote:
> As of 2106-20-24 SSL_librbary_init may not be avialable in the libssl.so .
>
> Is their a workaround for this?
>
SSL_library_init is still available in ssl.h as a compatibility macro:
#if OPENSSL_API_COMPAT < 0x1010L
# define SSL_library_init()
On 24/02/16 10:29, Gisle Vanem wrote:
> Matt Caswell wrote:
>
>> The attached seems to avoid the problem - but then for reasons I cannot
>> understand link errors result later on in the build.
>
> I too can confirm that your patch fixes MSVC-2105 compila
On 23/02/16 15:59, Matt Caswell wrote:
>
>
> On 23/02/16 01:55, Bill Bierman wrote:
>> The Microsoft compiler team has suggested removing the include of ssl.h
>> from srtp.h as it creates a circular reference which is likely confusing
>> the compiler.
>>
&
513236b6e0ffd5290d0f53b71f56c9 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@openssl.org>
Date: Tue, 23 Feb 2016 15:27:05 +
Subject: [PATCH] Workaround for VisualStudio 2015 bug
VisualStudio 2015 has a bug where an internal compiler error was occurring.
By reordering the DEFINE_STACK_
On Fri Feb 19 13:58:34 2016, i...@ecsystems.nl wrote:
> openssl 1.0.2f static build with nginx 1.9.12 (development version)
>
> about
>
https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
>
> This may solve the initial issue but creates a new one:
> SSL_shutdown()
On 19/02/16 13:11, Jaroslav Imrich wrote:
> Hello Matt,
>
> If I don't hear from anyone I will remove these.
>
>
> I can confirm that CHIL engine is actively used with OpenSSL 1.0.* by
> the owners of nCipher/THALES nShield HSMs.
>
> I have notified vendor support about this thread.
>
Hi all
The ubsec and chil engines are currently disabled in 1.1.0 and do not build.
As far as ubsec is concerned I understand that this is an engine for
broadcom cards. There has been very little activity with this engine
since it was first introduced. Google brings up some very old historic
Looks like the last suggested patch against this ticket was applied. No further
activity since 2008, so assuming this is resolved. Closing.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1736
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
On 18/02/16 13:59, Michel wrote:
> Yes !
> With your 2 patches applied, tls_decrypt_ticket.patch and
> fix-win-thread-stop.patch,
> (looks like I lost the first one yesterday),
> none of my tests programs using libSSL v1.1 reports leaks.
>
> I feel better. :-)
Great. I'll get those reviewed
err.c (598):
> TestsTLS-11.exe!ERR_clear_error() + 0x5 bytes
> e:\openssl-1.1.git\ssl\statem\statem.c (279):
> TestsTLS-11.exe!state_machine()
> e:\openssl-1.1.git\ssl\statem\statem.c (222):
> TestsTLS-11.exe!ossl_statem_accept() + 0xB bytes
> e:\openssl-1.1.git\ssl\ssl_
hread.
> Both of them have OPENSSL_thread_stop() in their [pre-]exit member function.
>
> Michel.
>
> -Message d'origine-
> De : openssl-dev [mailto:openssl-dev-boun...@openssl.org] De la part de Matt
> Caswell
> Envoyé : mercredi 17 février 2016 17:23
> À :
> f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): TestsTLS-11.exe!malloc()
> + 0x15 bytes
> e:\openssl-1.1.git\crypto\mem.c (138): TestsTLS-11.exe!CRYPTO_malloc() +
> 0x9 bytes
> e:\openssl-1.1.git\crypto\mem.c (158): TestsTLS-11.exe!CRYPTO_zalloc() +
> 0x11 bytes
>
On 16/02/16 16:17, David Woodhouse wrote:
> On Mon, 2016-02-15 at 22:17 +0000, Matt Caswell wrote:
>>
>> Maybe EVP_cleanup() and other similar explicit deinit functions should
>> be deprecated, and do nothing in 1.1.0? The auto-deinit capability
>> should handle it.
p:\mes programmes\shared\ocrypto-11\tls.cpp (1017):
> TestsTLS-11.exe!OTLS::TLSSss::DoHandshake() + 0xC bytes
> p:\mes programmes\tests\_testsshared\teststls-11-leak\clttasks.cpp (63):
> TestsTLS-11.exe!CltThread::Main() + 0xB bytes
> p:\mes programmes\shared\sthread.cpp (17):
> Tests
On 15/02/16 21:50, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 09:34:33PM +0000, Matt Caswell wrote:
>> On 15/02/16 21:25, Jouni Malinen wrote:
>>> Is this change in OpenSSL behavior expected? Is it not allowed to call
>>> EVP_cleanup() and then re
On 15/02/16 21:25, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 10:52:27PM +0200, Jouni Malinen wrote:
>> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote:
>>>OpenSSL version 1.1.0 pre release 3 (alpha)
>
>> It looks like something in pre release 3 has changed behavior in a way
>>
On 15/02/16 20:52, Jouni Malinen wrote:
> On Mon, Feb 15, 2016 at 07:04:20PM +, OpenSSL wrote:
>>OpenSSL version 1.1.0 pre release 3 (alpha)
>>
>>OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 3 has now
>>been made available. For details of changes and known
I have just pushed to github some code that I have been working on to
implement a feature I have called "pipelining". This is still WIP,
although is fairly well advanced. I am keen to hear any feedback. You
can see the PR here:
https://github.com/openssl/openssl/pull/682
The idea is that some
well!
Anyway, please try the attached patch to see if that helps.
Let me know how you get on.
Thanks
Matt
>From a47094a928f56cb62d57d4b53f2e4e20f9a0a031 Mon Sep 17 00:00:00 2001
From: Matt Caswell <m...@openssl.org>
Date: Sat, 13 Feb 2016 23:22:45 +
Subject: [PATCH] Fix memory lea
On 12/02/16 14:31, The Doctor wrote:
> Here is another fix needed:
>
> making all in ssl...
> gcc -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_EXPERIMENTAL_JPAKE
> -DOPENSSL_THREADS -DOPENSSL_PIC -DOPENSSL_BN_ASM_PART_WORDS
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM
On Wed Apr 29 05:10:28 2015, noloa...@gmail.com wrote:
> This question crops up on occasion: How do you shutdown the OpenSSL
> library. See, for example:
>
> * "How to properly uninitialize OpenSSL",
> http://stackoverflow.com/questions/29845527/how-to-properly-
> uninitialize-openssl.
> * "Order
On 08/02/16 15:46, Viktor Dukhovni wrote:
>
>> On Feb 8, 2016, at 9:49 AM, Matt Caswell <m...@openssl.org> wrote:
>>
>> Actually, yes that is a good point. There could be some subtle security
>> issues there. You probably need to additionally check th
On 08/02/16 12:11, Rainer Jung wrote:
> I'm adding support for OpenSSL 1.1.0 to the Apache web server.
>
> I struggle to migrate the renegotiation code in the case wehere we want
> the client to send a client cert. The current code works like explained in
>
>
On 08/02/16 12:34, Matt Caswell wrote:
>
>
> On 08/02/16 12:11, Rainer Jung wrote:
>> I'm adding support for OpenSSL 1.1.0 to the Apache web server.
>>
>> I struggle to migrate the renegotiation code in the case wehere we want
>> the client to send a client
On 08/02/16 13:41, Catalin Vasile wrote:
> I'm trying to compile a custom OpenSSL library to work with nginx.
> nginx requires that the SSL library have version data included in the .so
> files, so I'm using this patch[1] for this.
> The problem is that if I set the library versiont to 1.0.1
On 08/02/16 14:36, Viktor Dukhovni wrote:
>
>> On Feb 8, 2016, at 9:26 AM, Matt Caswell <m...@openssl.org> wrote:
>>
>> SSL_renegotiate(ssl);
>> SSL_do_handshake(ssl);
>> do {
>>read_some_app_data();
>>if(no_client_cert_yet())
On 08/02/16 13:45, Tomas Mraz wrote:
> On Po, 2016-02-08 at 12:34 +0000, Matt Caswell wrote:
>>
>> On 08/02/16 12:11, Rainer Jung wrote:
>>>
>> Renegotiation isn't entirely within the control of the server. A
>> server
>> can request that a renegot
On 08/02/16 20:49, Rainer Jung wrote:
> The constant SSL_R_HTTP_REQUEST is still defined, but I can't find code
> that sets it and practical experiments indicate it is no longer set.
>
> In Apache land we use it to detect "HTTP spoken on HTTPS port". OpenSSL
> 1.0.2 has code in
On 06/02/16 04:24, Fedor Indutny via RT wrote:
> On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote:
>
>>
>>
>> On 05/02/16 22:42, Fedor Indutny wrote:
>>> Matt,
>>>
>>> I have looked through the APIs. Will have t
On 06/02/16 04:24, Fedor Indutny via RT wrote:
> On Fri, Feb 5, 2016 at 7:14 PM, Matt Caswell <m...@openssl.org> wrote:
>
>>
>>
>> On 05/02/16 22:42, Fedor Indutny wrote:
>>> Matt,
>>>
>>> I have looked through the APIs. Will have t
Patch applied to master. Closing ticket.
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4214
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
; On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org
> <mailto:r...@openssl.org>> wrote:
>
> Thank you very much, Matt, Rich.
>
> I will read through these docs tomorrow.
>
> On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT <r.
; On Thu, Feb 4, 2016 at 4:56 AM, Fedor Indutny via RT <r...@openssl.org
> <mailto:r...@openssl.org>> wrote:
>
> Thank you very much, Matt, Rich.
>
> I will read through these docs tomorrow.
>
> On Thu, Feb 4, 2016 at 4:29 AM, Matt Caswell via RT <r.
On Wed Feb 03 18:32:20 2016, mikkrat...@gmail.com wrote:
> I built it using cocoapods, the OpenSSL headers show 1.0.2f.
> I’ll try to make some sample program tomorrow.
>
>
> > On 3 veebr 2016, at 18:27, Salz, Rich via RT wrote:
> >
> >> I’m running OS X 10.11.3 and OpenSSL
On 04/02/16 05:49, Rich Salz via RT wrote:
> currently in master, planned for 1.1 scheculed for april 2017
That would be April 2016!!
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 04/02/16 05:49, Rich Salz via RT wrote:
> currently in master, planned for 1.1 scheculed for april 2017
That would be April 2016!!
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 04/02/16 06:34, Salz, Rich via RT wrote:
> It’s late and my response was incomplete.
> The other part has already landed in master, and that's the "async engine"
> support.
See:
https://www.openssl.org/docs/manmaster/crypto/ASYNC_start_job.html
On 04/02/16 06:34, Salz, Rich via RT wrote:
> It’s late and my response was incomplete.
> The other part has already landed in master, and that's the "async engine"
> support.
See:
https://www.openssl.org/docs/manmaster/crypto/ASYNC_start_job.html
The length is specified by the standards and is less than the digest length.
Closing this ticket.
Matt
-
http://rt.openssl.org/Ticket/Display.html?id=2256
Please log in as guest with password guest if prompted
On 03/02/16 19:43, Salz, Rich via RT wrote:
>> The diff works perfectly on master, but exposed a new bug (bare snprintf).
>> The following patch fixes it. I can make a PR (or add it to my existing PR
>> #512)
>> if you'd like.
>
> Please do as a separate PR. Thanks.
I think Richard is
On 03/02/16 19:43, Salz, Rich via RT wrote:
>> The diff works perfectly on master, but exposed a new bug (bare snprintf).
>> The following patch fixes it. I can make a PR (or add it to my existing PR
>> #512)
>> if you'd like.
>
> Please do as a separate PR. Thanks.
I think Richard is
On 02/02/16 21:34, Rainer Jung wrote:
> Hi there,
>
> reading the last advisory again, I noticed, that there's one logical
> inconsistency.
>
> First:
>
> OpenSSL before 1.0.2f will reuse the key if:
> ...
> - Static DH ciphersuites are used. The key is part of the certificate
> and so it
Fixed in master and 1.0.2. Thanks for the report.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Thanks David - fixed.
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On 28/01/16 16:40, John Foley wrote:
> I just cloned the OpenSSL git repo at
> git://git.openssl.org/openssl.git. Looking at the OpenSSL_1_0_1-stable
> branch, the fix for CVE-2015-3197 still isn't in the repo. The most
> recent commit is:
>
> foleyj@hobknob:~/gitsync/ossl/openssl$ git log
>
On 21/01/16 17:57, Viktor Dukhovni wrote:
> On Thu, Jan 21, 2016 at 05:33:51PM +, Howard Chu wrote:
>
>> In OpenLDAP we've been using
>> CRYPTO_add(>references, 1, CRYPTO_LOCK_SSL_CTX)
>> to manage our own SSL_CTXs but this is not possible with current 1.1. Making
>> the structures opaque
Patch applied.
Thanks
Matt
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
301 - 400 of 930 matches
Mail list logo