Re: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled

On Wed, 2015-07-22 at 16:47 +, Viktor Dukhovni wrote: On Wed, Jul 22, 2015 at 03:36:40PM +, David Woodhouse via RT wrote: FWIW the Linux kernel also specifically avoids checking timestamps altogether when validating signed modules. You probably need a dedicated implementation

Re: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method

On Mon, Jul 27, 2015 at 11:28:09PM +0100, Matt Caswell wrote: The master branch implements security levels. The default security level does not allow anon ciphersuites. I suspect this may be your problem. Indeed. SSL_set_security_level(ssl, 0) for this special EAP-FAST case resolved this. Can

Re: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa

On 28/07/15 16:22, Adam Eijdenberg wrote: Sorry Rich, I didn't mean to imply it was (especially since it included the weekend!) - I'm still trying to understand the correct workflow for this project - do you normally prefer mail to this list or pull requests with that type of patch? The

Re: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa

Sorry Rich, I didn't mean to imply it was (especially since it included the weekend!) - I'm still trying to understand the correct workflow for this project - do you normally prefer mail to this list or pull requests with that type of patch? The README file talks about sending patches to this

[openssl-dev] [openssl.org #3959] misleading comment in openssl-1.0.2

The patch is for openssl-1.0.2d.tar.gz of which file the MD5 is 38dd619b2e77cbac69b99f52a053d25a diff '--unified=2' --recursive openssl-1.0.2d.orig/crypto/dh/dh.h openssl-1.0.2d/crypto/dh/dh.h --- openssl-1.0.2d.orig/crypto/dh/dh.h 2015-07-09 19:57:15.0 +0800 +++

Re: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa

We saw your pull request. Three days is not a long time. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [PATCH] Fix broken argument parsing for genrsa

HI openssl-dev, This is my first patch, so hope I'm following the right process. The argument parsing for openssl genrsa is missing a break; statement and as a consequence control the users gets a set of spurious warnings about a missing engine that they didn't actually intentionally specify. A

[openssl-dev] [openssl.org #3961] [PATCH] Fix broken argument parsing for genrsa

Hi r...@openssl.org, Please see linked pull request for a small patch to fix various argument parsing issues noticed in genrsa and also some other tools: https://github.com/openssl/openssl/pull/339 Cheers, Adam ___ openssl-bugs-mod mailing list

Re: [openssl-dev] [PATCH] Fix broken argument parsing for genrsa

On 28/07/15 16:54, Salz, Rich wrote: or pull requests with that type of patch? The README file talks about sending patches to this list, whereas the Wiki talks about GitHub pull requests so I wanted to make sure I was following the right process. We really need to sort that out! :-) Can

[openssl-dev] [openssl.org #3960] make install fails with --prefix=./relative-path

Scenario: :; git clone https://github.com/openssl/openssl openssl-temp :; cd openssl-temp :; ./config --prefix=./relpath :; make :; make install [spewage snipped] created directory `./relpath' Cannot create directory ./relpath/.: File exists Makefile:669: recipe for target

Re: [openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled

It seems that the simplest and most obvious thing is to indicate that you don't care about the dates, which is what this patch does. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3962] [PATCH] Fix behavior of unspecified number of requests for OCSP responder

Documentation states that -nrequest pnum Number of requests to accept (default unlimited), but in practice not specifying -nrequest would have the affect of accepting only 1 request. Pull request to fix behavior to match docs: https://github.com/openssl/openssl/pull/343

[openssl-dev] [openssl.org #3963] [PATCH] Fix -rev, -www and -WWW modes to also allow OCSP-stapled responses

openssl s_server ignores all OCSP-stapling options if -rev, -www or -WWW are enabled. Fix by moving initialization of CTX to outside of the callback. At same time also set options on ctx2 if available (matching how other ctx options are set). See pull request:

[openssl-dev] PR for OpenSSL FIPS

Hi, I would like the same change as the following PR to be applied to the OpenSSL FIPS module: https://github.com/openssl/openssl/pull/342 How should I proceed in this case? Should I make a pull request for the openssl:OpenSSL-fips-2_0-dev branch? Thank you, -- misaki -- Oracle Solaris

[openssl-dev] [PATCH] to fix hang in RAND_poll on Windows 7 / Server 2008R2 and other performance problems

When Heap32First is called while RtlAllocateHeap is executing on another thread, the process can deadlock. The underlying bug has a hotfix from Microsoft, but is not part of a service pack. Only Windows 7 or 2008R2 are affected: https://support.microsoft.com/en-us/kb/2719306 Deadlock noted in

Re: [openssl-dev] PR for OpenSSL FIPS

On 07/28/2015 03:17 PM, Misaki.Miyashita wrote: Hi, I would like the same change as the following PR to be applied to the OpenSSL FIPS module: https://github.com/openssl/openssl/pull/342 How should I proceed in this case? Should I make a pull request for the