[openssl.org #1067] OpenSSL symmetric crypto padding check incompatible with XMLENC

Please find below a patch, with spec reference, against OpenSSL 0.9.7g. It could be argued that XMLENC spec is wrong in insisting on unpredictable values for the padding because this allows padding to be used as a covert channel. However, to deploy interoperable implementations it seems

[openssl.org #1068] X509_NAME_add_entry: inserting with loc == 0 and set == 0 creates wrong set

__ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]

[openssl.org #1068] X509_NAME_add_entry: inserting with loc == 0 and set == 0 creates wrong set

Hi, I've created the RT entry above before noticing that I cannot further edit it, sorry! Here are the relevant details to add: The function X509_NAME_add_entry has the following bug: When called with loc == 0 and set == 0, the local variable inc is set using inc = (set == 0) ? 1 : 0; after

Re: version 2 is used for Client Hello when version 3 was requested in client code

On Thu, May 12, 2005 at 09:40:38AM +0200, Thomas wrote: Am Freitag, 13. Mai 2005 20:32 schrieb Bodo Moeller: On Wed, May 11, 2005 at 02:14:23PM +0200, Thomas Biege wrote: You see I use SSLv23_method() and later SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); to disable SSLv2

Re: version 2 is used for Client Hello when version 3 was requested in client code

Why wasn't SSLv3(.0) be used? Or will only headers of SSLv3(.1) be identified as real SSLv3? I am confused a bit b/c everyone tells you that SSLv2 isn't secure and so usage of it should be avoided... and then it was used silently. Maybe its insecurity doesn't matter in this early stage.

Re: [openssl.org #1068] AutoReply: X509_NAME_add_entry: inserting with loc == 0 and set == 0 creates wrong set

Hi, an additional bug in the same function, triggered with the same setup: The loop for incrementing the set value (near the end of the function) has to increment at index i and not at index i-1. Regards, Frank __ OpenSSL

[openssl.org #1060] [Bug Report] can't build user/issuer certificate chain with different asn1 types in issuer/subject

[EMAIL PROTECTED] - Fri May 6 19:20:48 2005]: Hello, I have noticed a problem while using TC Trustcenter certificates with OpenSSL. The encoding of the 'Subject' in the issuer cert contrains 'T61String' elements while the user cert issued by that sub-CA contains only 'Printablestring'

[openssl.org #1040] ctrls of type NO_INPUT don't work

[guest - Wed Apr 6 21:34:12 2005]: Please see proposed patch for crypto/engine/eng_cnf.c. Fix applied, thanks for the report. Steve. __ OpenSSL Project http://www.openssl.org Development

[openssl.org #1069] How to change default port 443 to 8443?

I am using Oracle HTTP Server Powered by Apache/1.3.19 (Unix) mod_ssl/2.8.1 OpenSSL/0.9.5a mod_fastcgi/2.2.10 mod_perl/1.25 mod_oprocmgr/1.0 configured __ OpenSSL Project http://www.openssl.org

Re: [openssl.org #1069] How to change default port 443 to 8443?

This is a question that is well-answered in the relevant documentation (go to http://httpd.apache.org/docs/), and has nothing to do with OpenSSL. Please read it before asking off-topic questions on a developer mailing list. On Thursday 12 May 2005 14:03, via RT wrote: I am using Oracle HTTP