On Thu, Jun 12, 2014 at 11:15:18PM +0100, Matt Caswell wrote:
>
>
> On 12/06/14 22:43, Otto Moerbeek wrote:
> > On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
> >
> >> Patch applied:
> >> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0e
On Fri, Jun 13, 2014 at 03:53:07AM +, Viktor Dukhovni wrote:
> For now, don't clear SSL_OP_NO_TICKET if
> it is already set unless you've provided your own session tickets.
That is your own session ticket keys.
--
Viktor.
_
On Thu, Jun 12, 2014 at 11:49:39AM +0200, Dimitrios Apostolou wrote:
> >The options start out "clear" by default.
>
> Are you positive on that? I'm quite sure that SSL_OP_LEGACY_SERVER_CONNECT
> is on for example.
I was not sure, looking at the code for SSL_CTX_new() in the "master"
development
Hi,
Just a comment on the release notes. On the Vulnerabilities page for
Openssl.org, it is noted that CVE-2014-0198 is fixed in 1.0.0m and 1.0.1h, but
this is not mentioned in the release notes for those versions.
Thanks,
ScottN
_
On 12/06/14 22:43, Otto Moerbeek wrote:
> On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
>
>> Patch applied:
>> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
>>
>> Many thanks for your contribution.
>>
>> Matt
>
> http://
On Thu, Jun 12, 2014 at 10:26:56PM +0200, Matt Caswell via RT wrote:
> Patch applied:
> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
>
> Many thanks for your contribution.
>
> Matt
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/
Thanks Kurt
I found ssl/t1_lib.c
but not ssl/d1_both.c, ssl/s3_enc.c, ssl/sll_ciph.c, ssl/ssl_sess.c
in pull request #131
Didier
Le 10.06.2014 23:49, Kurt Roeckx a écrit :
On Tue, Jun 10, 2014 at 11:29:02PM +0200, dcrue...@qualitesys.com
wrote:
Hello
In version openssl-1.0.h
In case of mallo
On 12 June 2014 17:34, Hubert Kario wrote:
> - Original Message -
> > I put a couple of fixes as pull requests into github, but haven't seen
> any
> > movement (eg. reviews). In case it's simply because no one noticed
> here's a
> > link:
> >
> > https://github.com/openssl/openssl/pulls/r
The following error occurs using the 20140612 snapshot on the 1.0.2
trunk. The host is a 64-bit CentOS system. Is this a known issue?
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-Wa,--noexecstack -m64 -DL_ENDIAN
On Thu, Jun 12, 2014, Viktor Dukhovni wrote:
> On Thu, Jun 12, 2014 at 08:59:27PM +0200, Dr. Stephen Henson wrote:
>
> > > When I compile against "master", with the same configuration, I get
> > > on the server:
> > >
> > > SSL3 alert write:fatal:handshake failure
> > > SSL_accept:error
On Thu, Jun 12, 2014 at 08:59:27PM +0200, Dr. Stephen Henson wrote:
> > When I compile against "master", with the same configuration, I get
> > on the server:
> >
> > SSL3 alert write:fatal:handshake failure
> > SSL_accept:error in SSLv3 read client hello C
> > error:1408A0C1:SSL rout
Patch applied:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0
Many thanks for your contribution.
Matt
__
OpenSSL Project http://www.openssl.org
D
This version number refers to the ABI version of the library.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Ma
Fixed.
I have made the following commit to master and 1.0.2:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d84ba7ea23b386f3fe56c4fe7a7aa8ece2e0c356
And this one to 1.0.0 and 0.9.8:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d663f506dc43752b64db58e9169e2e200b3b4be6
Many t
On Thu, Jun 12, 2014, Viktor Dukhovni wrote:
> When I compile Postfix against OpenSSL 1.0.2-beta or earlier, and
> configure the SMTP server to not have any certificates, the Postfix
> client and server happily negotiate a suitable aNULL ciphersuite
> (e.g. AECDH-AES256-SHA).
>
> When I compile a
When I compile Postfix against OpenSSL 1.0.2-beta or earlier, and
configure the SMTP server to not have any certificates, the Postfix
client and server happily negotiate a suitable aNULL ciphersuite
(e.g. AECDH-AES256-SHA).
When I compile against "master", with the same configuration, I get
on the
Ok, thanks Steve. I didn't realize this problem was a user error.
Unfortunately I have old code using OpenSSL that needs some of the FIPS
calls -- I realize this not FIPS compliant. I maybe stuck figuring out how
to get these unsupported 0.9.8 builds working e.g. easier than the correct
solution o
I am running my gevent socketio server on port 8081. My django website is
running on port 8443 through https which is accessed by user from port 8080.
I want to use proxy SSL connection for socketio server through mod_proxy.
Below is what I am trying but when I access socketio URL , it gives me
in
I believe the OpenSSL FIPS Object Module 2.0 is only for OpenSSL 1.0.1? See
UserGuide-2.0.pdf, top of page 11.
Andrew Schmidt
On Thu, Jun 12, 2014 at 6:13 AM, Swenson, Ken_S. (IS)
wrote:
>
> Steve;
>
> Thanks for replying. I am using the instructions from section 4.3.1
> of UserGuide-2.0.
Hi Richard,
> It seems that duplicating the check on the existence of MAYLOSEDATA3 in
the other building .com files would be the way to go.
I totally agree.
I would even suggest to merge back the changes to the 1.0.1 and even to the
1.0.0 branch too.
Thanks,
Z
Dear Team,
I have a Client (C# .Net) connects to Server (C++ application), a running
process using OpenSSL.
All these days, we were running the server on a Unix platform - we were
receiving few Broken Pipe and Conn Reset by Peer error - But in a very small
number.
Now we have moved this server
On 12/06/14 12:55, Richard Moore wrote:
> Hi,
>
> I put a couple of fixes as pull requests into github, but haven't seen
> any movement (eg. reviews). In case it's simply because no one noticed
> here's a link:
>
> https://github.com/openssl/openssl/pulls/richmoore
>
> Both are pretty trivial
On Thu Jun 12 18:16:55 2014, meiss...@suse.de wrote:
> Hi,
>
> The Net-SSLeay perl module failed its testsuite after 1.0.1g -> 1.0.1h
> update.
>
> The code looks like this:
>
> ... create more X509 certificate stuff ...
> is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company
> Name,C=UK,CN=Common
- Original Message -
>
> From: "Richard Moore"
> To: openssl-dev@openssl.org
> Sent: Thursday, June 12, 2014 1:55:41 PM
> Subject: Minor fixes to openssl ocsp
>
> Hi,
>
> I put a couple of fixes as pull requests into github, but haven't seen any
> movement (eg. reviews). In case it's simp
Hi,
The Net-SSLeay perl module failed its testsuite after 1.0.1g -> 1.0.1h update.
The code looks like this:
... create more X509 certificate stuff ...
is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common
name text X509", "X509_NAME_print_ex");
is(unpack("H*",Net::SS
Steve;
Thanks for replying. I am using the instructions from section 4.3.1 of
UserGuide-2.0.pdf that I found at http://www.openssl.org/docs/fips/. That
appears to be the latest one dated September 2013. If I should be using
something else, please let me know; thanks!
-Original Mes
Hi,
I'm on the OpenSSL_1_0_2-stable branch, commit d85a772, and compilation
fails for darwin64-x86_64-cc with the error reported at the bottom. The
commit that introduced the compilation issue is
70fddbe32a7b3400a6ad0a9265f2c0ed72988d27.
If instructed, I can try to help by running more tests.
Be
Steve;
Thanks for replying. I am using the instructions from section 4.3.1 of
UserGuide-2.0.pdf that I found at http://www.openssl.org/docs/fips/. That
appears to be the latest one dated September 2013. If I should be using
something else, please let me know; thanks!
-Original Mes
Hi,
I put a couple of fixes as pull requests into github, but haven't seen any
movement (eg. reviews). In case it's simply because no one noticed here's a
link:
https://github.com/openssl/openssl/pulls/richmoore
Both are pretty trivial fixes (not security fixes).
Cheers
Rich.
On Thu, Jun 12, 2014 at 02:06:53PM +0200, Florian Weimer wrote:
> On 06/12/2014 01:28 PM, Salz, Rich wrote:
> >>Since the patch for CVE-2014-0224 I've so far received 2 reports about
> >>people getting the error: "ccs received early".
> >
> >So they kiddies can read. We thought so, but good to ha
It seems that duplicating the check on the existence of MAYLOSEDATA3
in the other building .com files would be the way to go. As it stands
now, this is only done in ssl/ssl-lib.com... At least in 1.0.2, where
this seems to have proliferated further than in all other branches.
In message <2014061
I am pleased to announce some changes to the OpenSSL team (see
https://www.openssl.org/about/):
Andy Polyakov has been added to the core team
Tim Hudson has been added to the dev team
Viktor Dukhovni has been added to the dev team
We anticipate some more additions in the near future.
The
Hi,
I'm on the OpenSSL_1_0_2-stable branch, commit d85a772, and compilation
fails for darwin64-x86_64-cc with the error reported at the bottom. The
commit that introduced the compilation issue is
70fddbe32a7b3400a6ad0a9265f2c0ed72988d27.
If instructed, I can try to help by running more tests.
(I
Hi Richard,
I could not find much more information about either, but on IA64
platform HP C V7.3-020 on OpenVMS IA64 V8.4 produces such warnings.
Please check the following logs
http://www.polarhome.com/openssl/BUILD100.LOG for 1.0.0m
Please, advice how to solve this issue.
Thank you,
Z
I just stumbled on problems with MAYLOSEDATA3 while looking at other
stuff... and I wonder, what exactly is it? Sorry, I've been out of
it for quite a while, and I haven't dug through all talks there may
have been, so I may be missing something.
Thing is, looking at the docs for the latest compi
For your information, I've just applied this to my 1.0.1 and 1.0.2
trees and am going through tests.
In message <001301cf81cd$4f41b9e0$edc52da0$@com> on Fri, 6 Jun 2014 23:21:41
+0200, "Zoltan Arpadffy" said:
zoli> Hi,
zoli>
zoli> after some testing the new release I realized that 1.0.1h does
On 06/12/2014 01:28 PM, Salz, Rich wrote:
Since the patch for CVE-2014-0224 I've so far received 2 reports about people getting the
error: "ccs received early".
So they kiddies can read. We thought so, but good to have confirmation.
Thanks!
What do you mean? As far as I can tell, this is
> Since the patch for CVE-2014-0224 I've so far received 2 reports about people
> getting the error: "ccs received early".
So they kiddies can read. We thought so, but good to have confirmation.
Thanks!
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...
Ø Preload them all at startup with a global lock held, delete them at shutdown
with a global lock held. If all the other access is 'read' the structures don't
need a lock between times.
Ø Might be something to consider putting on the "to do" list. I can understand
things being done like that
Please correct me if I'm wrong, but the ERR/OID structures only need locking because they are loaded dynamically ?.
Preload them all at startup with a global lock held, delete them at shutdown with a global lock held. If all the other access is 'read' the structures don't need a lock between times
On 06/11/2014 02:26 PM, Salz, Rich wrote:
What kinds of operations are protected by read locks?
Looking at almost any of the global data structures, such as error tables, OID
tables, and so on.
Often, RW locks aren't a win because maintaining just the read locks (without
any writers) introd
On 06/11/2014 11:10 PM, Kurt Roeckx wrote:
> I still didn't get a reply from RT, so I'm just going to forward
> this for now.
>
>
> Kurt
>
Hmm. It at least does not show up in the mail log of the system hosting
RT...
Ah, I now see why: it is addressed to r...@debian.org...
Since you attached th
Hi,
Since the patch for CVE-2014-0224 I've so far received 2 reports
about people getting the error: "ccs received early".
One report is at:
http://bugs.debian.org/751093
It's both times about backup with postgres. As I understand it,
on the sending side (where postgres is running) they run a p
43 matches
Mail list logo