Please find below a patch, with spec reference, against OpenSSL 0.9.7g.
It could be argued that XMLENC spec is wrong in insisting on unpredictable
values for the padding because this allows padding to be used as a
covert channel. However, to deploy interoperable implementations it seems
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Hi,
I've created the RT entry above before noticing that I cannot further edit
it, sorry! Here are the relevant details to add:
The function X509_NAME_add_entry has the following bug: When called with
loc == 0 and set == 0, the local variable inc is set using inc =
(set == 0) ? 1 : 0; after
On Thu, May 12, 2005 at 09:40:38AM +0200, Thomas wrote:
Am Freitag, 13. Mai 2005 20:32 schrieb Bodo Moeller:
On Wed, May 11, 2005 at 02:14:23PM +0200, Thomas Biege wrote:
You see I use SSLv23_method() and later SSL_CTX_set_options(ctx,
SSL_OP_ALL
| SSL_OP_NO_SSLv2); to disable SSLv2
Why wasn't SSLv3(.0) be used? Or will only headers of SSLv3(.1) be
identified as real SSLv3? I am confused a bit b/c everyone tells you
that SSLv2 isn't secure and so usage of it should be avoided... and then
it was used silently. Maybe its insecurity doesn't matter in this early
stage.
Hi,
an additional bug in the same function, triggered with the same setup:
The loop for incrementing the set value (near the end of the function)
has to increment at index i and not at index i-1.
Regards, Frank
__
OpenSSL
[EMAIL PROTECTED] - Fri May 6 19:20:48 2005]:
Hello,
I have noticed a problem while using TC Trustcenter certificates with
OpenSSL.
The encoding of the 'Subject' in the issuer cert contrains 'T61String'
elements while the user cert issued by that sub-CA contains only
'Printablestring'
[guest - Wed Apr 6 21:34:12 2005]:
Please see proposed patch for crypto/engine/eng_cnf.c.
Fix applied, thanks for the report.
Steve.
__
OpenSSL Project http://www.openssl.org
Development
I am using Oracle HTTP Server Powered by Apache/1.3.19 (Unix)
mod_ssl/2.8.1 OpenSSL/0.9.5a mod_fastcgi/2.2.10 mod_perl/1.25
mod_oprocmgr/1.0 configured
__
OpenSSL Project http://www.openssl.org
This is a question that is well-answered in the relevant documentation (go to
http://httpd.apache.org/docs/), and has nothing to do with OpenSSL. Please
read it before asking off-topic questions on a developer mailing list.
On Thursday 12 May 2005 14:03, via RT wrote:
I am using Oracle HTTP
10 matches
Mail list logo