[openssl.org #274] session ID length bug (in 0.9.6g and 0.9.7beta3)

This SSLeay/OpenSSL behaviour appears to be correct; from RFC 2246: session_id_length This field must have a value of either zero or 16. If zero, the client is creating a new session. If 16, the session_id field

[openssl.org #262] bug: init race in SSLv3_client_method

All (most?) similar cases clear the 'init' flag *after* having set up the data structures appropriately, e.g. see ssl/s3_meth.c. No locking should be needed because the assignments are idempotent. __ OpenSSL Project

[openssl.org #274] session ID length bug (in 0.9.6g and 0.9.7beta3)

Sorry, the RFC 2246 quote was incorrect -- the value 16 is for SSL 2.0 session IDs only, and the SSLeay/OpenSSL interpretation indeed is buggy. __ OpenSSL Project http://www.openssl.org

[openssl.org #274] session ID length bug (in 0.9.6g and 0.9.7beta3)

__ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

[openssl.org #289] [Fwd: Bug#161359: openssl_0.9.6e-1_i386.deb reports wrong version]

[[EMAIL PROTECTED] - Thu Sep 19 12:11:15 2002]: ljaenicke@lutz:~$ dpkg -l openssl Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name

Why does OpenSSL_add_all_algorithms() exist?

Can anyone explain why this routine exists? When would you *not* want this? Is there any reason not to, say, call those routines from within EVP_PKEY_new ? /r$ __ OpenSSL Project

Re: [openssl.org #289] [Fwd: Bug#161359: openssl_0.9.6e-1_i386.debreports wrong version]

Argh, you are right. When I tried to verify the problem. I only testet the 0.9.6g binary but had the 0.9.6c libraries installed. So I assume, the submitter of the bug made a similar mistake. Sorry, to bug you. Christoph Am Don, 2002-09-19 um 15.23 schrieb Lutz Jaenicke via RT: [[EMAIL

Re: [openssl.org #289] [Fwd: Bug#161359: openssl_0.9.6e-1_i386.deb reports wrong version]

Argh, you are right. When I tried to verify the problem. I only testet the 0.9.6g binary but had the 0.9.6c libraries installed. So I assume, the submitter of the bug made a similar mistake. Sorry, to bug you. Christoph Am Don, 2002-09-19 um 15.23 schrieb Lutz Jaenicke via RT: [[EMAIL

[PATCH] no-engine (openssl-0.9.7-stable-SNAP-20020918)

Here is the patch for configuring-out the engine. This one should work; the previous one had a single misplaced #ifndef. I've tested it both with and without the no-engine option for the following platforms: Cygwin VC-WIN32 (dll and static) VC-CE (dll and static)

RE: Why does OpenSSL_add_all_algorithms() exist?

Those of us who make heavy use of the crypto library, with a limited group of algorithms and without SSL, would certainly not want this pulling in all the algorithms every time we call EVP_PKEY_new. Chris Brook -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On

Re: [openssl.org #262] bug: init race in SSLv3_client_method

All (most?) similar cases clear the 'init' flag *after* having set up the data structures appropriately, e.g. see ssl/s3_meth.c. Yes, SSLv3_client_method is the only one I saw which had init set in the wrong place. I may have missed some. No locking should be needed because the assignments