Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for
reporting the segfault in a first place!
On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org
wrote:
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate
Special credit to: Etienne Stalmans (SP) etie...@sensepost.com for
reporting the segfault in a first place!
On Sat, Apr 11, 2015 at 5:37 PM, Fedor Indutny via RT r...@openssl.org
wrote:
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate
Am 10.04.2015 um 18:28 schrieb Viktor Dukhovni:
The branch master has been updated
via 34b0a927ab5c9232bcf864d524a9bf2558411700 (commit)
from e71cecd551f1d8beca20681184d94f7000a5e333 (commit)
- Log -
commit
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate if it wasn't supplied. In fact, in case of
absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the
memory will be corrupted (which sometimes leads to the crash).
NOTE:
The docs for the verify command here
https://www.openssl.org/docs/apps/verify.html
list a parameter -crlfile.
However this parameter doesn't exist in that spelling. It is called
-CRLfile (uppercase CRL) and the parameter checking is case sensitive.
So the doc and the webpage as it is right now is
Yes, you right!
When I build custom OpenSSL for upgrade, it installs package into
/usr/local/bin, not /usr/bin.
In the /usr/bin/ runs old 0.9.8.
I fixed error by:
cd /usr/bin
mv openssl openssl-orig-0.9.8
ln -s /usr/local/bin/openssl .
Thanks for suggestion, and sorry for disturbing!
Please,
Yes, you right!
When I build custom OpenSSL for upgrade, it installs package into
/usr/local/bin, not /usr/bin.
In the /usr/bin/ runs old 0.9.8.
I fixed error by:
cd /usr/bin
mv openssl openssl-orig-0.9.8
ln -s /usr/local/bin/openssl .
Thanks for suggestion, and sorry for disturbing!
Please,
Hello!
aes-128-cbc-hmac-sha1, aes-256-cbc-hmac-sha1 ciphers expect the AEAD
payload, but fail to operate if it wasn't supplied. In fact, in case of
absent payload - `plen` is going to be `NO_PAYLOAD_LENGTH` and the
memory will be corrupted (which sometimes leads to the crash).
NOTE:
Fixed now, thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
___
openssl-dev mailing list
To unsubscribe:
On Wed Apr 08 17:20:33 2015, khova...@gmail.com wrote:
Hi,
I am using FreeBSD 8.2, 32bits i386, OpenSSL package:
openssl-1.0.1_18 SSL and crypto library
During certificate generation, I found the bug:
If request CA-lifespan too long, then expiration date drops into far
past, and
10 matches
Mail list logo
