On 24/04/14 01:46, Peter Waltenberg wrote:
rpm -q --changelog openssl | grep CVE
AFAIU RedHat backports CVE's to the version of openssl included in RHEL5
(0.9.8e)
FWIW: this is the changelog from a Scientific Linux 5 box:
rpm -q --changelog openssl | grep CVE
- fix for CVE-2013-0169 - SSL/TLS
Hi,
another area where OpenSSL needs competent contibution is testing.
Build OpenSSL on as many different platforms, architectures using as
many different compilers as possible and turn off/on different
swithes, features and test if it works.
In the beginning the UC tests would be enough,
From: owner-openssl-...@openssl.org On Behalf Of Dmitry Belyavsky via RT
Sent: Wednesday, April 23, 2014 12:29
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3325] Problem with client certification authorization
I've got a problem testing s_client/s_server authorization.
snip
I expect
On 24 April 2014 00:21, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:
On 04/23/2014 04:52 PM, Matt Caswell wrote:
I am actively seeking people to help out on the OpenSSL Wiki.
Documentation is an area where OpenSSL has frequently been criticized
in the past and is an area where we can do
- Original Message -
From: Shruti Palshikar shr...@buysidefx.com
To: openssl-dev@openssl.org
Sent: Wednesday, 23 April, 2014 5:50:45 PM
Subject: Upgrading OpenSSL on RHEL5
Hello,
I am trying to upgrade my openSSL version on RHEL5. WHen I tried to update it
using yum commad (it
Hi Shruti,
As per openssl, version 0.98e is not infected with hearbleed issue. You can
check on below link.
http://www.openssl.org/news/secadv_20140407.txt
Regards,
Lokesh Jangir
On Thu, Apr 24, 2014 at 6:47 PM, Shruti Palshikar shr...@buysidefx.comwrote:
Thanks everyone for the help, does
Thanks Hubert
On Thu, Apr 24, 2014 at 10:20 AM, Hubert Kario hka...@redhat.com wrote:
- Original Message -
From: Shruti Palshikar shr...@buysidefx.com
To: openssl-dev@openssl.org
Sent: Thursday, 24 April, 2014 3:33:50 PM
Subject: Re: Upgrading OpenSSL on RHEL5
I was
Hello Dave,
On Thu, Apr 24, 2014 at 12:24 PM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-...@openssl.org On Behalf Of Dmitry Belyavsky via RT
Sent: Wednesday, April 23, 2014 12:29
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3325] Problem with client
On 2014-04-14 at 21:52:46, Dmitry Olshansky via RT r...@openssl.org wrote:
It's been a bit over 2 years since the new Russian cryptography standard
is out.
RFCs 6986 and 7091 been out there for a while[1,2]. Other toolkits are
adding support, e.g. Libgcrypt introduced GOST 34.11-2012 in
On Thu, Apr 24, 2014, Dmitry Belyavsky wrote:
So whether there is a way to test that error in cert verification aborts
the connection in case of bad cert using s_server/s_client pair?
Try the -verify_return_error option.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
On Thu, Apr 24, 2014 at 06:31:34PM +0100, Ben Laurie wrote:
Note that this is just how to help me, not a consensus view from the
whole team, though I have no doubt much of it will be helpful to the
team, too.
1. Triage RT (https://rt.openssl.org/).
RT has been neglected for a long time.
Hello Steve,
On Thu, Apr 24, 2014 at 9:26 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Thu, Apr 24, 2014, Dmitry Belyavsky wrote:
So whether there is a way to test that error in cert verification aborts
the connection in case of bad cert using s_server/s_client pair?
Try the
That seems completely reasonable to me.
On Thu, Apr 24, 2014 at 7:08 PM, Matt Caswell fr...@baggins.org wrote:
On 24 April 2014 18:31, Ben Laurie b...@links.org wrote:
Note that this is just how to help me, not a consensus view from the
whole team, though I have no doubt much of it will be
On Thu, Apr 24, 2014 at 04:56:09PM -0700, Quanah Gibson-Mount wrote:
The problem with this approach are significant requests that have languished
for years. One such example would be
http://rt.openssl.org/Ticket/Display.html?id=1365, which is 8 years old
now. The best place to get the fix
I am not totally sure how many people would be working on this project, but
is seems to me like it would make sense to split up into 3 groups.
One would do what Viktor suggested, and hunt down patches added in major OS
platforms.
Another would do what Matt suggested, and simply go from the
15 matches
Mail list logo