[openssl-dev] [openssl.org #4658] bug: Abort() in 1.0.2h parsing server cert in ASN.1 routine

A customer of ours has a server cert where the CSR was generated with 1.0.2h but was signed with 1.0.0j. When a process (nginx in this case) has this as the server cert, it core dumps with an abort() when clients request the cert: [root@zre-ldap005 q]# gdb /opt/zimbra/common/sbin/nginx

[openssl-dev] [openssl.org #4564] BUG: Deadlock in OpenSSL with OpenSSL 1.0.1j and later (including 1.0.2h) with multiple long lived connections

Since moving to the OpenSSL 1.0.1+ series, we've been experiencing sporadic deadlocks in OpenLDAP inside of OpenSSL. I'm not sure exactly when the problem was introduced, but we never encountered it with the 1.0.0 series, and 1.0.1j was what we moved to when we switched to the 1.0.1 series.

[openssl-dev] [openssl.org #4165] 1.0.1q release busted, does not compile

make[5]: Leaving directory `/home/build/p4/zimbra/main/ThirdParty/openssl/tmp/UBUNTU14_64/zimbra-openssl/crypto/err' making all in crypto/evp... make[5]: Entering directory `/home/build/p4/zimbra/main/ThirdParty/openssl/tmp/UBUNTU14_64/zimbra-openssl/crypto/evp' gcc -I.. -I../.. -I../modes

[openssl-dev] [openssl.org #4153] [PATCH] Fix grammar errors in s_client.c

This patch fixes small grammar errors in s_client.c. --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration

[openssl-dev] [openssl.org #3857] hash files for validating source are incorrectly formed

The hash files (md5, sha1) for validating downloaded source are not correclty formed, breaking the check (-c) function: wget https://www.openssl.org/source/openssl-1.0.1m.tar.gz wget https://www.openssl.org/source/openssl-1.0.1m.tar.gz.sha1 build@c7test:~/p4/zimbra/main/ThirdParty/openssl/src$

Re: [openssl-dev] [openssl.org #3717] Patch for IPv6 support in s_client/s_server

--On Wednesday, March 25, 2015 12:01 AM +0100 Kurt Roeckx via RT r...@openssl.org wrote: On Tue, Mar 24, 2015 at 10:09:18PM +0100, Salz, Rich via RT wrote: The short answer is that nobody has come up with comprehensive cross-platform IPv6 support. Fixing the apps isn't enough; how does a

Re: [openssl-dev] [openssl.org #3717] Patch for IPv6 support in s_client/s_server

--On Tuesday, March 24, 2015 9:29 PM + Short, Todd tsh...@akamai.com wrote: I was unaware of 2501. But that's fine by me… however, why hasn't 2051 been applied to the code? People have been asking this question for years. https://lwn.net/Articles/486369/

Re: [openssl-dev] [openssl.org #3717] Patch for IPv6 support in s_client/s_server

--On Tuesday, March 03, 2015 3:15 PM -0600 Short, Todd tsh...@akamai.com wrote: The previous patch file had two bugs due to a swapped argument and the formatting changes (missing braces). The attached is an updated patch. Why did you open a new RT when

[openssl.org #2665] s_client support for starttls ldap

Like it or not, s_client is generally the de facto tool for testing starttls via the openssl command line. In addition, the work to add support for startTLS and ldap is rather trivial, and has already been done: https://groups.google.com/forum/#!topic/mailing.openssl.users/1OOwXp45iIw It

Re: [openssl.org #3381] Typo in macro name for ASN (1.0.1h)

--On Sunday, June 08, 2014 11:57 PM +0200 Matt Caswell via RT r...@openssl.org wrote: Hi Quanah Thanks for the submission. The problem with correcting this is that technically it forms part of the public API (since the macro is defined in asn1.h). I guess there's probably not a huge risk in

[openssl.org #3381] Typo in macro name for ASN (1.0.1h)

ASN1_R_UNKOWN_FORMAT should be ASN1_R_UNKNOWN_FORMAT: ./crypto/asn1/asn1_err.c:{ERR_REASON(ASN1_R_UNKOWN_FORMAT),unknown format}, ./crypto/asn1/asn1_gen.c: ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); ./crypto/asn1/asn1.h:#define ASN1_R_UNKOWN_FORMAT 195

Re: [openssl.org #2866] Openssl can deadlock OpenSSL version 1.0.1c

--On Tuesday, September 04, 2012 10:26 PM +0200 Stephen Henson via RT r...@openssl.org wrote: [qua...@zimbra.com - Tue Aug 28 22:43:34 2012]: --On Tuesday, August 28, 2012 4:36 PM +0200 The default queue via RT r...@openssl.org wrote: Mutex information from gdb: (gdb) print mutex $5 =

Re: [openssl.org #2866] AutoReply: Openssl can deadlock OpenSSL version 1.0.1c

--On Tuesday, August 28, 2012 4:36 PM +0200 The default queue via RT r...@openssl.org wrote: Mutex information from gdb: (gdb) print mutex $5 = (ldap_pvt_thread_mutex_t *) 0x7f8387626f30 (gdb) print *mutex $6 = {__data = {__lock = 2, __count = 0, __owner = 23352, __nusers = 1, __kind = 0,