date:20160130

[openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Rich Salz via RT

cancelling as OP suggests.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1886] [PATCH] Null chiper support PSK/PKI for 0.9.8j

2016-01-30 Thread Rich Salz via RT

Old release, please re-port and open a new ticket if necessray.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2245] [PATCH] Add /Zi to VC++ CFLAG in debug configuration (1.0.0 and 0.9.8)

2016-01-30 Thread Rich Salz via RT

many updates have been made, clsoing this ticket. re-open if needed.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Salz, Rich via RT

I closed the first ticket, so everything is okay.
If you want to do GitHub pull requests and just open an RT to refer to that, 
that is also okay.


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Fedor Indutny

Hello Rich,

Do I need to submit updated patch separately, or was it ok to attach it to
the second email?

Thank you,
Fedor.

On Sat, Jan 30, 2016 at 7:14 PM, Rich Salz via RT  wrote:

> cancelling as OP suggests.
> --
> Rich Salz, OpenSSL dev team; rs...@openssl.org
>
>
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Fedor Indutny via RT

Hello Rich,

Do I need to submit updated patch separately, or was it ok to attach it to
the second email?

Thank you,
Fedor.

On Sat, Jan 30, 2016 at 7:14 PM, Rich Salz via RT  wrote:

> cancelling as OP suggests.
> --
> Rich Salz, OpenSSL dev team; rs...@openssl.org
>
>

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2158] X509_STORE_set_default_paths also use lookup by_capi

2016-01-30 Thread Rich Salz via RT

No action in years. Closing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3435] I updated George Shaw's 0.9.8e port to OS/400 from 2007

2016-01-30 Thread Rich Salz via RT

Old release, no longer supported.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Fedor Indutny

This actually sounds like a lovely idea.

See: https://github.com/openssl/openssl/pull/603

Thank you!

On Sat, Jan 30, 2016 at 8:16 PM, Salz, Rich via RT  wrote:

> I closed the first ticket, so everything is okay.
> If you want to do GitHub pull requests and just open an RT to refer to
> that, that is also okay.
>
>
>
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Fedor Indutny via RT

This actually sounds like a lovely idea.

See: https://github.com/openssl/openssl/pull/603

Thank you!

On Sat, Jan 30, 2016 at 8:16 PM, Salz, Rich via RT  wrote:

> I closed the first ticket, so everything is okay.
> If you want to do GitHub pull requests and just open an RT to refer to
> that, that is also okay.
>
>
>

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4118] Failed test 80 with OpenSSL 1.1.0-dev on NetBSD 6_Stable

2016-01-30 Thread Rich Salz via RT

None of the tests are interactive now, so we must have fixed this :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1698] potential bugs discovered by interprocedural code analysis for version 0.9.8g of Openssl

2016-01-30 Thread Rich Salz via RT

Please open a new ticket if there is similar tool run against the current
release.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1775] 0.9.9-today: bug: size_tification missed a few spots --> compile issues on native Win32/64 + SuSE64: patch/diff included

2016-01-30 Thread Rich Salz via RT

old release, closing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1739] [PATCH] [openssl 0.9.8c] Using a private key in an engine to timestamp.

2016-01-30 Thread Rich Salz via RT

Old release, not supported. Engine stuff has been reivsed, this maybe even
works now :)
Open new ticket if not.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4125] Got Error

2016-01-30 Thread Rich Salz via RT

build error, no details, cannot reproduce, closing bug.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4182] Error in generating my certificate

2016-01-30 Thread Rich Salz via RT

user error, not a bug.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3689] Bug report - OpenSSL 0.9.8ze with FIPS canister 1.2.4 big number test failure

2016-01-30 Thread Rich Salz via RT

we were only taking security fixes back then. closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2447] possible weakness, encryption password truncation (FreeBSD 8.0; OpenSSL 0.9.8n)

2016-01-30 Thread Rich Salz via RT

please open new ticket if still and issue in the current releases.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd

2016-01-30 Thread Rich Salz via RT

old release, closing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3821] Possible bug/request for help 0.9.8 on windows - OpenSSL verify error.

2016-01-30 Thread Rich Salz via RT

old release. hope you got the issue fixed by now :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3664] IDEA patent in Readme

2016-01-30 Thread Rich Salz via RT

The IDEA patent text is gone.--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Fedor Indutny via RT

When connecting to pool of diverse servers (both TLS1.0 and TLS1.2), a
following scenario may happen:

  1. Connect to TLS1.2 server, receive new session
  2. Store this session
  3. Attempt to reuse it later when connecting to server
  4. Connect to different server from the pool, which speaks only TLS1.0
  5. Get `SSL_R_WRONG_VERSION_NUMBER` error

Expected behavior would be scrapping off the session, and allowing
server to downgrade to supported protocol version the way it would do it
if no client session would be supplied.

This issue was discovered while working on following node.js bug:

https://github.com/nodejs/node/issues/3692
---
 ssl/s3_pkt.c  | 39 +++
 ssl/ssltest.c | 22 +-
 test/testssl  |  6 ++
 3 files changed, 66 insertions(+), 1 deletion(-)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAABAgAGBQJWrTMxAAoJENcGPM4Zt+iQ+GMQAILay2nyh47kVAv1wV3QBgfw
403IrqpoGqLCklZg0SL7zgce+gfOXMydtqbLbK6wtpFNawLPTkbDvLSVyPyixDwy
56UD+neByBXtIuOSs75qVjmAZcuT5GQMoQlIPrX2zGoaRdJls0w4TCrqcoXTDVlL
4QKbaage+EeymPyadEOKmNX2vZmoLRE+t+cMC5gLAtk7ykpAHMWmEZlwhdryP847
uJA8dI1HjvEDcUJvwSsnZLj/wZSrZcC5+QEVsEba8zlKszFYMalygPBZAneZ6zWT
GOp5oqUEEyXMlZB8VCTZcMIdEx79otpOYURYGwxNU0P6reZngc1syfgZQYYGqZ0s
ohKcWCvbKgZMfI3Vh/LhKVCho0n2G4Uy0k32vOtotmg3zyQjCaUCHdiiWPSiNYDm
BlIunymx2ZvCdIZgy/JnAOE2zXe2Hi9qlw+v6wnNH5xowVQvOf0fOgR/R3qhIdrN
6ZFMDY4Ldq0hOFwplAyQRBJZqnHxA6z43lTr5Uk8mad0kIngciFUjvmaBLpiw0r/
R8FT2uVbpDVHf6HUHGobA4cIWZ4nOYBL/mnOfp81gcG3Sd727dV0/dP0K4nyfbim
aaF5VuM2nZWlLTJZnMNZJYDGm7lM1BhkCuniD/t+ycrAHS9cdoT9H/HvcAIBnmMn
GrIf2pe3UbMmidg/TAtb
=Ci8J
-END PGP SIGNATURE-


0001-Allow-downgrading-when-reusing-sessions-on-client.patch
Description: Binary data
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4282] Re: [PATCH] Allow downgrading when reusing sessions on client

2016-01-30 Thread Fedor Indutny via RT

Hello,

Please disregard first version of this patch. Making that change at
s3_pkt.c was too broad, and pretty much incorrect. Attached is a
new version of patch. I would appreciate any kind of feedback on
this.

Open questions that I am not sure about so far: is it safe to set
`s->first_packet = 1` on renegotiation? Why is it DTLS-only right
now? Should this patch do anything else to reset the current
session?

Thank you very much,
Fedor.

On Sat, Jan 30, 2016 at 5:04 PM, Fedor Indutny  wrote:

> When connecting to pool of diverse servers (both TLS1.0 and TLS1.2), a
> following scenario may happen:
>
>   1. Connect to TLS1.2 server, receive new session
>   2. Store this session
>   3. Attempt to reuse it later when connecting to server
>   4. Connect to different server from the pool, which speaks only TLS1.0
>   5. Get `SSL_R_WRONG_VERSION_NUMBER` error
>
> Expected behavior would be scrapping off the session, and allowing
> server to downgrade to supported protocol version the way it would do it
> if no client session would be supplied.
>
> This issue was discovered while working on following node.js bug:
>
> https://github.com/nodejs/node/issues/3692
> ---
>  ssl/s3_pkt.c  | 39 +++
>  ssl/ssltest.c | 22 +-
>  test/testssl  |  6 ++
>  3 files changed, 66 insertions(+), 1 deletion(-)
>

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAABAgAGBQJWrURJAAoJENcGPM4Zt+iQ0WgP/3QE4w13G+30DYgyKWPGZf7U
SSVF0Yy5ezn+syzKNEkypO2iqL4MnjuBqlyXDlWWQv534Pcmw9uJWe6sCCVf6Tls
BA+v12Fd85QoX4RqhLa6XM8BusY4srAxZbX+D6Z5C7VVLO+2ZjTGYCJhXOoBlOvf
3hYKaVlnfpP1+5Yae8VKEKm3nb6USsvTXn/UDuxxCocaGA3/O3t+vW3U/+jNbtdK
RY60T+jVSkt4fw9eL9qR072eHkUaBWIad9KgGj0gcoJA6RjDn/78Ik6P/mPCrXmG
8/wLdR+qQbjAjWB48JY9f0Vv3XhtG5KLdX/g6w6T1n3F+dVO+rRWxuG7E6J6eMuL
th+Nj3hhhtBEFwW7WnU2+MhxYyy82d1OwFs6A4tRuav86wHEi1zutfWeEcwqg5jM
c6QuERxkPeWbRnIeBcdJVguQ4kO2cWl64a7YzT46RCMSF1GAUMVpB2e38LEd11oa
Uk0KVw2dApXEmVbe8jpRSlBejKafp6lTujE5fiD+6/4foG2hwRUwBjEDpMKtHjs9
AlWzXr5vmwAQ4QKb68h+eC25C6ii4wgSflL0q8Z2hDTdAPi/5ftGOZFNSyBPh6Ub
6wVqZFrwrk5GF2HKwT1KAUEWhUeWbRXFzeknsb5P+vMNZ6qf5j+y7uYaFC+1S4SK
JmxLddBgP2N3VkKfXF7C
=QuAH
-END PGP SIGNATURE-


0001-Allow-downgrading-when-reusing-sessions-on-client.patch
Description: Binary data
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

2016-01-30 Thread Rich Salz via RT

unsupported release, closoing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1261] [PATCH] Binary S/MIME handling in openssl smime (0.9.8a)

2016-01-30 Thread Rich Salz via RT

Please open a defect and patch current release if necessary. Closing this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2473] openssl-0.9.8i : How generate Import libraries for the export symbols in shared libraray

2016-01-30 Thread Rich Salz via RT

release no longer supported.
hopefully you resolved this issue before that :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #2870] OpenSSL 0.9.8o 01 Jun 2010 configuration file dir bug

2016-01-30 Thread Rich Salz via RT

please open a new ticket if this is still an issue.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4132] test/dsatest.c wrong argument to BIO_printf

2016-01-30 Thread Rich Salz via RT

done in dec 3 commit 70c9f1c878502ccb717fbec54cecfc17187cf501
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4200] extra data for ec keys

2016-01-30 Thread Rich Salz via RT

fixed in commit 3aef36ffef89849348049296892327e6fdf9d705 in Jan 5. Thanks!
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3328] [PATCH] Support for GOST R 34.10-2012 digital signature algorithm

2016-01-30 Thread Rich Salz via RT

GOST is now a separately-maintained engine, thanks to Dmittry :)
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3740] build error in ssl/kssl.c, deferencing pointer of incomplete type

2016-01-30 Thread Rich Salz via RT

we removed kssl
commit 55a9a16f1c02837058173c41fa26f36ec3acd22e
Author: Matt Caswell 
Date: Tue May 12 10:27:53 2015 +0100

Remove Kerberos support from libssl

Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3500] Adopting single-Makefile build structure

2016-01-30 Thread Rich Salz via RT

we've got work in progress on this. not adopting the approach mentioned here.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3476] Faulting module name: libeay32.dll, version: 1.0.1.8, time stamp: 0x539303fb

2016-01-30 Thread Rich Salz via RT

not repeatable, not enough information, closing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3311] [PATCH] Introduce GOST R 34.11-2012 hash function

2016-01-30 Thread Rich Salz via RT

GOST is done via external engine now.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3503] BUG: "make dclean" results in duplicate symbols on subsequent make's

2016-01-30 Thread Rich Salz via RT

fixed in 1.1; dclean is gone :)
and the whole "make depend" stuff is clean.

--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

[openssl-dev] [openssl.org #1886] [PATCH] Null chiper support PSK/PKI for 0.9.8j

[openssl-dev] [openssl.org #2245] [PATCH] Add /Zi to VC++ CFLAG in debug configuration (1.0.0 and 0.9.8)

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

[openssl-dev] [openssl.org #2158] X509_STORE_set_default_paths also use lookup by_capi

[openssl-dev] [openssl.org #3435] I updated George Shaw's 0.9.8e port to OS/400 from 2007

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

Re: [openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

[openssl-dev] [openssl.org #4118] Failed test 80 with OpenSSL 1.1.0-dev on NetBSD 6_Stable

[openssl-dev] [openssl.org #1698] potential bugs discovered by interprocedural code analysis for version 0.9.8g of Openssl

[openssl-dev] [openssl.org #1775] 0.9.9-today: bug: size_tification missed a few spots --> compile issues on native Win32/64 + SuSE64: patch/diff included

[openssl-dev] [openssl.org #1739] [PATCH] [openssl 0.9.8c] Using a private key in an engine to timestamp.

[openssl-dev] [openssl.org #4125] Got Error

[openssl-dev] [openssl.org #4182] Error in generating my certificate

[openssl-dev] [openssl.org #3689] Bug report - OpenSSL 0.9.8ze with FIPS canister 1.2.4 big number test failure

[openssl-dev] [openssl.org #2447] possible weakness, encryption password truncation (FreeBSD 8.0; OpenSSL 0.9.8n)

[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd

[openssl-dev] [openssl.org #3821] Possible bug/request for help 0.9.8 on windows - OpenSSL verify error.

[openssl-dev] [openssl.org #3664] IDEA patent in Readme

[openssl-dev] [openssl.org #4281] [PATCH] Allow downgrading when reusing sessions on client

[openssl-dev] [openssl.org #4282] Re: [PATCH] Allow downgrading when reusing sessions on client

[openssl-dev] [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

[openssl-dev] [openssl.org #1261] [PATCH] Binary S/MIME handling in openssl smime (0.9.8a)

[openssl-dev] [openssl.org #2473] openssl-0.9.8i : How generate Import libraries for the export symbols in shared libraray

[openssl-dev] [openssl.org #2870] OpenSSL 0.9.8o 01 Jun 2010 configuration file dir bug

[openssl-dev] [openssl.org #4132] test/dsatest.c wrong argument to BIO_printf

[openssl-dev] [openssl.org #4200] extra data for ec keys

[openssl-dev] [openssl.org #3328] [PATCH] Support for GOST R 34.10-2012 digital signature algorithm

[openssl-dev] [openssl.org #3740] build error in ssl/kssl.c, deferencing pointer of incomplete type

[openssl-dev] [openssl.org #3500] Adopting single-Makefile build structure

[openssl-dev] [openssl.org #3476] Faulting module name: libeay32.dll, version: 1.0.1.8, time stamp: 0x539303fb

[openssl-dev] [openssl.org #3311] [PATCH] Introduce GOST R 34.11-2012 hash function

[openssl-dev] [openssl.org #3503] BUG: "make dclean" results in duplicate symbols on subsequent make's

35 matches

Site Navigation

Mail list logo

Footer information