Hello,
after updating from openssl 0.9.8l to openssl 0.9.8n,
I'm unable to connect to a TLS enabled SMTP server:
./openssl s_client -connect smtp.scriptroom.net:25 -starttls smtp -debug
28141:error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet
length:s3_clnt.c:878:
openssl is
Hello,
I am happy that 1.0.0 is released. Thank you all for the hard work and time
spent for the community.
I was really hoping and looking for a VMS ready 1.0.0 release.
Some of us have sent many patches, suggestions - unfortunately, not all of
those changes have got through to the released
On Tue, Mar 30, 2010, Arpadffy Zoltan wrote:
Hello,
I am happy that 1.0.0 is released. Thank you all for the hard work and time
spent for the community.
I was really hoping and looking for a VMS ready 1.0.0 release. Some of us
have sent many patches, suggestions - unfortunately, not all
On Tue, Mar 30, 2010 at 7:35 AM, Thomas Jarosch
thomas.jaro...@intra2net.com wrote:
28141:error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet
length:s3_clnt.c:878:
openssl is compiled with the no-tlsext option. no-tlsext was added back
in 2009 as openssl 0.9.8j had trouble connecting
On Mar 30, 2010, at 3:04 PM, Adam Langley wrote:
On Tue, Mar 30, 2010 at 7:35 AM, Thomas Jarosch
thomas.jaro...@intra2net.com wrote:
28141:error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet
length:s3_clnt.c:878:
openssl is compiled with the no-tlsext option. no-tlsext was
added
Hello,
On Tuesday, 30. March 2010 15:51:31 Bodo Moeller wrote:
So client-side OpenSSL is buggy if compiled with no-tlsext (in 0.9.8m
and 0.9.8n) because it sends that pseudo-ciphersuite number without
being able to handle the TLS extension then expected in the server's
response. So the
On Tuesday, 30. March 2010 16:01:54 Thomas Jarosch wrote:
I'm just thinking what might happen if f.e. a TLS enabled postfix
connects to an old Centos 3 based server to deliver emails.
Guess that would fail like in 2009, wouldn't it?
Just rechecked the issue from 2009
Hello,
I think I've found a bug in openssl. When I run the following command
to decrypt a file in CMS format (DER encoded), openssl crashes with a
segmentation fault:
openssl cms -decrypt -binary -inform der -in inputfile -recip
certs/enc.crt-nopass -out outputfile
The inputfile is attached
doing ./config no-comp ; make on OpenSSL 0.9.8n I get this:
gcc -I../crypto -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -m64
-DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -c -o s23_clnt.o
s23_clnt.c
s23_clnt.c: In
On Tue, Mar 30, 2010, Jeff Davey wrote:
doing ./config no-comp ; make on OpenSSL 0.9.8n I get this:
gcc -I../crypto -I.. -I../include -DDSO_DLFCN -DHAVE_DLFCN_H -m64
-DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
Mark Phalan wrote:
In this case, I presume 'pkinit' only supports one threading model
(or one
set of compatible threading models). So it can set the callbacks.
It can set the callbacks but it can't set them in a way which is safe
from races.
It can set them before it performs any
Mark Phalan wrote:
On 29 Mar 2010, at 20:20, David Schwartz dav...@webmaster.com wrote:
Mark Phalan wrote:
I think this fix is actually a bad one.
I'm still not clear why you think that.
Because it doesn't solve the problem case -- where one library user sets
callbacks that another
David Schwartz wrote:
Mark Phalan wrote:
In this case, I presume 'pkinit' only supports one threading model
(or one
set of compatible threading models). So it can set the callbacks.
It can set the callbacks but it can't set them in a way which is safe
from races.
It can set them before it
Darryl Miles wrote:
David Schwartz wrote:
Mark Phalan wrote:
In this case, I presume 'pkinit' only supports one threading model
(or one
set of compatible threading models). So it can set the callbacks.
It can set the callbacks but it can't set them in a way which is safe
from races.
It
Howard Chu wrote:
Darryl Miles wrote:
Still don't get it. Lets use Linux as an example.
This is actually one of the easiest to solve. Of course the bigger
problem is that solutions here are all platform-dependent, and
maintenance will be a pain.
ELF shared libraries support .init and
Howard Chu wrote:
ELF shared libraries support .init and .fini sections to contain code
that should be executed just after load and just before unload. Assuming
you had a default set of callbacks in the library, it would be simple to
set them here. Likewise any other shared library that
Darryl Miles wrote:
How does each of the 3 threads arbitrate in a thread-safe manner the
initialization of the OpenSSL related libraries. How does any one of
them know it is the first user ?
For existing code, there is no fix. They will set incompatible callbacks and
they will break. I don't
From: Dr. Stephen Henson st...@openssl.org
Have any of these patches been sent to the request tracker?
A similar question was raised back around 12-NOV-2009:
Can you (and others in this thread) please submit bug fix patches to the
request tracker (r...@openssl.org) so they don't get
18 matches
Mail list logo