On Wed, Jan 7, 2009 at 1:10 PM, Dr. Stephen Henson wrote:
[...]
> diff -ur openssl-0.9.8i-ORIG/apps/speed.c openssl-0.9.8i/apps/speed.c
[...]
> diff -ur openssl-0.9.8i-ORIG/ssl/ssltest.c openssl-0.9.8i/ssl/ssltest.c
0.9.9 CVS head (and probably 0.9.8 as well): for completeness sake
there's one mo
Thanks. I proceeded a bit further but gpg reports the following despite it
having already imported the key you suggested.
% gpg -o /dev/null -v < ~/openssl_dsa_advisory.asc
gpg: armor header: Hash: SHA1
gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux)
gpg: original file name=''
gpg: Signature
Perfect.
Thanks
dhiva
--On January 9, 2009 2:02:43 PM +0100 Mounir IDRASSI
wrote:
Hi,
These are link errors. You certainly forgot to add "-lcrypto" to the gcc
link command line (gcc -o pubkey2ssh pubkey2ssh.c -lcrypto) .
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Dhiva wrote:
On Fri, Jan 09, 2009, Vineet Kumar wrote:
>
> Before taking in the patch for the recent security advisory for
> vulnerability CVE-2008-5077, I want to verify its authenticity using GPG.
> However, I get this:
> ***
> % (gpg --list-keys 89A36572 > /dev/null 2>&1 || gpg --recv-keys 89A3657
Don't know why my first email did not go through. Resending the email
below...
-- Forwarded message --
From: Vineet Kumar
Date: Thu, Jan 8, 2009 at 10:22 AM
Subject: GPG verification of patch vulnerability CVE-2008-5077..
To: openssl-dev@openssl.org
Before taking in the patch fo
Problems with decrypting using openssl-0.9.8b and windows 64 (x64).
Same test works on windows 32 bit os.
We are having difficulties trying to decrypt a encrypted text string
using a simple test application on a windows 64 bit os. The same test
application works as expected on windows 32 bit o
Bodo Moeller wrote:
> On Fri, Jan 9, 2009 at 1:42 PM, Brad House
> wrote:
>
BTW, I didn't see in the changelog the fact that tls extensions were
enabled by default between 0.9.8i and j...
>
>>> It's there, 3rd entry:
>>>
*) Enable TLS extensions by default.
[Ben Laurie
One way to exploit this flaw would be for a remote attacker who is in
control of a malicious server or who can use a 'man in the middle'
attack to present a malformed SSL/TLS signature from a certificate chain
to a vulnerable client, bypassing validation.
In my opinion, this statement is not ver
On Fri, Jan 9, 2009 at 1:42 PM, Brad House wrote:
>>> BTW, I didn't see in the changelog the fact that tls extensions were
>>> enabled by default between 0.9.8i and j...
>> It's there, 3rd entry:
>>
>>> *) Enable TLS extensions by default.
>>> [Ben Laurie]
> Hmm, we must be looking at dif
Hi,
These are link errors. You certainly forgot to add "-lcrypto" to the gcc
link command line (gcc -o pubkey2ssh pubkey2ssh.c -lcrypto) .
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
Dhiva wrote:
Thanks for the sample code.
I am getting the following errors.
"_BIO_f_base64", refere
BTW, I didn't see in the changelog the fact that tls extensions were
enabled by default between 0.9.8i and j...
It's there, 3rd entry:
*) Enable TLS extensions by default.
[Ben Laurie]
Hmm, we must be looking at different things. I was looking
at the changelog referenced from the 0.
On Fri, 9 Jan 2009, Brad House wrote:
> BTW, I didn't see in the changelog the fact that tls extensions were
> enabled by default between 0.9.8i and j...
It's there, 3rd entry:
> *) Enable TLS extensions by default.
> [Ben Laurie]
-d
_
I found the following memory leak in the function ENGINE_by_id in the
0.9.8-line of code. It seems also to present in the current CVS version.
The leak occurs if the dynamic engine is used to automatically load an
engine not already registered in engine_list_head. If the engine cannot
be found (or
13 matches
Mail list logo
