One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
check requirement during the processing of malformed CBC padding, which
allows remote attack
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
check requirement during the processing of malformed CBC padding, which
allows remote attack
On Fri, Nov 08, 2013 at 09:59:11PM +0100, Andy Polyakov wrote:
> >Andy, do you think the changes in the config scripts can already be
> >committed?
>
> Sure. Basically, explicit confirmation that everything works would
> have sufficed. Only one remaining thing. As for config patch, I
> don't quite
OK, I must have been doing something wrong. I ran "make distclean" for
everything I have built up to this point and tried again. the problem went
away.
Sorry for the false alarm.
Tom
On Mon, Nov 11, 2013 at 1:14 PM, Tom Kacvinsky wrote:
> It helps if I tell you I am using opnessl-1.0.1e
>
>
This might have cropped into all the SSL snapshots.
/usr/bin/ranlib ../libssl.a || echo Never mind.
if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then (cd ..; make
libssl.so.1.0.0); fi
[ -z "" ] || gcc3 -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS
-pthread -D_THREAD_SAFE -D_REE
It helps if I tell you I am using opnessl-1.0.1e
On Mon, Nov 11, 2013 at 1:06 PM, Tom Kacvinsky wrote:
> The short story is that I want to make static libraries of Open SSL so
> that I can make Python modules (_ssl) that link against Open SSL
> statically, thereby reducing the amount of run ti
The short story is that I want to make static libraries of Open SSL so that
I can make Python modules (_ssl) that link against Open SSL statically,
thereby reducing the amount of run time dependencies we have. But when I
link these libraries in statically, I get relocation errors form the linker
d
This patch, which currently applies successfully against master and
1_0_2, adds the following functions:
SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.
SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.
SSL_[CTX_]clear_
On Sun, 2013 Nov 10 23:01+0100, Andy Polyakov via RT wrote:
>
> If 'perl | cc -E - > a.s' was used, then consequent 'cc -c a.s' was
> observing truncated file, as if buffer was not flushed in time.
Ah, strange. Maybe a bug in their early implementation of support for
preprocessing stdin.
(I think
On Sun, 2013 Nov 10 23:01+0100, Andy Polyakov via RT wrote:
>
> If 'perl | cc -E - > a.s' was used, then consequent 'cc -c a.s' was
> observing truncated file, as if buffer was not flushed in time.
Ah, strange. Maybe a bug in their early implementation of support for
preprocessing stdin.
(I think
10 matches
Mail list logo