[openssl-dev] [openssl.org #2880] Resolved: Modification of the capi engine to support loading key from CERT_SYSTEM_STORE_LOCAL_MACHINE
According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2880 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2902] Resolved: [PATCH] add strings for SSL state related to Next Protocol Negotiation
According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2902 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2818] Resolved: [PATCH] Cipher list TLSv1.2 as token; ciphers(1) update
According to our records, your request has been resolved. If you have any further questions or concerns, please respond to this message. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2818 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4698] PEM parsing incorrect; whitespace in PEM crashes parser
no need to keep this ticket, tracking the PR on github. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4698 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4682] PKITS tests fails with 1.0.2i on GNU/Linux
Duplicate of https://github.com/openssl/openssl/issues/1611 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4682 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4668] Enhancement request: website: support proper titles
The title now has the URL. Closing. Fixed as it's gonna get :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4668 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4666] Fix for setenv-android.sh
updated the wiki, thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4666 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2712] Be more liberal when trying to recognize the XMPP starttls headers
Now being discussed at https://github.com/openssl/openssl/issues/1494 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2712 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2676] 1.0.1-beta1 issue: RSA exponent 1 is NOT ok
This is fixed in 1.0.2 (commit 561530d) and master/1.1.0 (commit 464d59a). Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2676 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3940] Missing CRL checks in cms/smime cmdline utilities
For now we just added a comment to master, 1.0.2, 1.0.1 in the cms.pod and smime.pod files: Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3940 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4377] Prevent potential NULL pointer dereference in OpenSSL-1.0.2g (CWE-476)
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4377 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4380] [PATCH] Missing Sanity Checks for EVP_PKEY_new() in OpenSSL-1.0.2g
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4380 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4382] [PATCH] Missing Sanity Check(s) for BUF_strdup() in OpenSSL-1.0.2g
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4382 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4375] [PATCH] Missing Sanity Checks for OPENSSL_malloc() in OpenSSL-1.0.2g
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4375 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4385] [PATCH] Missing Sanity Checks for RSA_new_method() in OpenSSL-1.0.2g
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4385 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4374] [PATCH] Potential for NULL pointer dereferences in OpenSSL-1.0.2g (CWE-476)
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4374 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4371] [PATCH] Missing Sanity Check for malloc() in openssl-1.0.2g for 'apps/speed.c'
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4371 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4370] [PATCH] Potential for NULL pointer dereferences in OpenSSL-1.0.2g (CWE-476)
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4370 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4383] [PATCH] Add error checking for bn2_expand()/BN_new()/RSA_new_method() in file 'e_chil.c' for OpenSSL-1.0.2g
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4383 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4384] [PATCH] Missing Sanity Check plus potential NULL pointer deref (CWE-476)
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4384 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g
Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4386 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4652] [consultation] SSL_get_error returns SSL_ERROR_SSL if read() returns -1 / EAGAIN
Same situation, please use a current/modern release; 1.0.1 is only getting security fixes. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4652 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4652] [consultation] SSL_get_error returns SSL_ERROR_SSL if read() returns -1 / EAGAIN
need more content here. or post to openssl-users if you are just asking a question. https://mta.openssl.org for list information. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4652 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4651] [BUG] malloc_failure in ASN1_D2I_READ_BIO with large smime encoded file
You'll need to move to a machine with bigger int's. The code currently uses int, not size_t. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4651 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4649] [PATCH] BIO_debug_callback could write before the beginning of a buffer
Probably better to do what we is done in master: "if (len<0)len=0;" and proceed to try more output. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4649 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4643] [patch] pass EVP_MD to engines verifyctx_init and signctx_init
Closing per original poster. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4643 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4644] bug: cert verification always examining entire chain
as Viktor pointed out, working as designed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4644] bug: cert verification always examining entire chain
You have to create a trust store with the CA's that you trust. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4644 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check
Resolved by Andy's fix. Closing. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4628] EVP_f_cipher regression due to overlapping regions check
Does current master work? I think Andy checked in a fix. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4628 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4635] BUG: 100% CPU in windows with openssl-1.0.2h
We need some details. Like which function(s) are using the CPU. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4635 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4629] OpenSSL Bug Report: -DSSL_DEBUG typo
commit 1abd292 pushed to master, thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4629 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4627] Doc patch: fix constant names
commit d49cfa3 pushed to master. thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4627 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4616] bug report
1.0.1 is an old release and only getting security updates. please move to 1.0.2 or 'master' -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4616 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4593] [PATCH] pod: fix nits related to spacing around commas and assignments
merged, thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4593 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4611] PKCS12_create() not thread-safe for ECDSA
ah, you're right, the lock in EC_KEY should be used. thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4611 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4612] Appcrash on SSL_CTX_new(SSLv2_server_method()) on windows 7 x64 with OpenSSL-1.0.1t
SSLv2 method returns NULL now. Listed in the CHANGES file. SSLv2 has been removed for security reasons. Do not use it. Also do not use such an old release. :) Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4612 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4592] [docs] SSL_set_app_data() returns 'int', not 'void'
fixed in master. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4592 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4607] improve quietness for s_client ... also documentation for s_client + s_server
this is for 1.0.2, right? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4607 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4594] openssl s_client issue on windows platform
Duplicate of RT 3464 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4594 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2919] Incorrect return code and printing of modulus in dsa module
The exit value was fixed some time ago (not sure). The -modulus flag is documented as printing out the public key :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2919 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2777] OpenSSL 1.0.1 TLS Version Handling Errors
please open a new ticket if this is still an issue with current (at least 1.0.2, ideally master) sources. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2777 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4589] simplifying writing code that is 1.0.x and 1.1.x compatible
Look at the wiki, in particular https://wiki.openssl.org/index.php/1.1_API_Changes#Adding_forward-compatible_code_to_older_versions closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4589 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4586] RSA_memory_lock ?
removed the function. the secure-heap does most of this, anyway now. :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4586 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2680] 1.0.1-beta1 issue: Public EC key is shown as private with -text option
fixed, but slightly differently. thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2680 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3810] [PATCH] Improved P256 ECC performance by means of a dedicated function for modular inversion modulo the P256 group order
See https://github.com/openssl/openssl/pull/263 and discussion thread. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3810 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2941] Memory leaks in ca.c
fixed in 1.1; apps/ca.c jumps to common code to free all memory. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2941 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2271] [PATCH] building without some ciphers
The amount of source code/build dependency changes to make more of the no-CIPHER configuration options work is more than we will do for 1.0.2. It is fixed in 1.1. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2271 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3880] [PATCH] Windows: Add definitions for AI_ constants
AI_NUMERICSERV isn't used any more. Is this patch for AI_ADDRCONFIG still needed? The code in b_addr has it ifdef'd. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3880 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3902] #3423: Undefined behavior in crypto/cast/c_enc.c
See RT 3423 and the links for why this is being rejected. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3902 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3143] ENGINE_load_rdrand sane failure code
Seems to be a duplicate of RT 3421; closing. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3143 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4235] Crash on ssleay_rand_bytes - global variable is not protected
When it crashes, is k negative? I believe we already fixed this in master. with commit 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c (RT 2630). -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4235 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4298] [Bug] Random number generation failing with FIPS and Android < 5.0
There is not enough information to repeat. Please open a new ticket, post a backtrace, or whatever. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4298 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3886] [BUG] [PATCH] verify fails for 3-level cert chain when using X509v3 Authority Key Identifier
It's not clear there is a bug (in fact, the bug commentary says that). If so, please open a new ticket with a PEM file of all the certs in the chain. Or perhaps post to openssl-users mailing list. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3886 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3811] [BUG REPORT] - Missing register name in aes-x86_64.s
Cannot reproduce. Attempt to provide a work-around/fix hasn't had any response. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3811 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4169] openssl-1.0.2e build still recommends deprecated (unnecessary?) `make depend`, returns numerous warnings abt not finding stddef.h
The warnings are annoying but harmless. running 'make depend' is required. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4169 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3016] openssl ts fix
No plans to do this. Please re-open the ticket if it's *really* needed for interop. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3016 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2964] OBJ_nid2obj() result value should be const
Updated the docs in master and 1.0.2 to explain that these really are const-like objects. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2964 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2911] enhancement request: Windows RT support
Nobody got around to looking at this, sorry. I could not decode the patch although 103K is big. Windows RT is no longer supported. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2911 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4559] bug: CRYPTO_set_mem_functions() Doesn't Work in Version 1.0.1b
I just tried this against 1.0.2 and got a backtrace: #0 0x77847c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x7784b028 in __GI_abort () at abort.c:89 #2 0x00401cfe in my_alloc (n=176) at a.c:4 #3 0x0044e525 in default_malloc_ex (num=176, file=0x5ca5ce "lhash.c", line=120) at mem.c:79 #4 0x0044ebb5 in CRYPTO_malloc (num=176, file=0x5ca5ce "lhash.c", line=120) at mem.c:330 #5 0x00486d58 in lh_new (h=0x4515f7 , c=0x451619 ) at lhash.c:120 #6 0x0045167e in OBJ_NAME_init () at o_names.c:61 #7 0x00451a68 in OBJ_NAME_add (name=0x58bccb "DES-CBC", type=2, data=0x5cace0 "\037") at o_names.c:185 #8 0x00490a31 in EVP_add_cipher (c=0x5cace0 ) at names.c:74 #9 0x00421d6e in SSL_library_init () at ssl_algs.c:68 -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4559 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3792] OpenSSL debug build lacks -Og
As Andy said, this flag is not ubiquitous and the workaround is to specify it config time. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3792 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4586] RSA_memory_lock ?
I'ts not needed; the secure heap automatically puts all private key material in secure storage, if enabled. https://github.com/openssl/openssl/pull/1250 is an MR to remove it. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4586 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4587] openssl on arm linux run err!
The demo's don't all work, sadly. OpenSSL 1.0.1 is very outdated and only gets security fixes; please try a recent version. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4587 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3499] Bug: Multiple matching certificates in CAfile
Fixed; see RT 3359 per Steve. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3499 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3921] [PATCH] Fix const-correctness issues of new ECDSA_METHOD api
This API is gone. Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3921 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4273] explicitText encoding
https://github.com/openssl/openssl/pull/576 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4273 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3980] [PATCH] Fix BIO_get_accept_socket so that "port-only" input works on FreeBSD
https://github.com/openssl/openssl/pull/359 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3980 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4532] Replacing the “div_spoiler” hack in CBC code with Barrett reduction.
https://github.com/openssl/openssl/pull/1027 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4532 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4432] [BUG] Building with "no-des" fails at crypto/cms/cms_kari.c
https://github.com/openssl/openssl/pull/872 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4432 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4308] Add Postgres support to -starttls
https://github.com/openssl/openssl/pull/683 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4308 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4175] Add new macro or PKCS7 flag to disable the check for both data and content
fixed some time ago., -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4175 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4121] avoid configuring openssl twice
https://github.com/openssl/openssl/pull/466 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4121 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4108] Set TLS ticket keys API
: https://github.com/openssl/openssl/pull/452 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4108 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4038] SSLv2 session reuse is broken on the 1.0.2 branch
https://github.com/openssl/openssl/pull/395 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4038 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3986] [PATCH] Implement HKDF algorithm (RFC 5869)
https://github.com/openssl/openssl/pull/355 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3986 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3709] [PATCH] Constness in SSL_CTX_set_srp_username and SSL_CTX_set_srp_password functions
https://github.com/openssl/openssl/pull/227 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3709 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3616] [Patch] Implement option to disable sending TLS extensions
https://github.com/openssl/openssl/pull/215 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3616 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3533] [PATCH] Ensures that EVP encryption & decryption operations check the encrypt flag on the context.
https://github.com/openssl/openssl/pull/172 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3533 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3305] Cppcheck report
https://github.com/openssl/openssl/pull/139 Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3305 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2698] [PATCH] Allow the use of startdate and enddate for ca -gencrl command
This duplicates https://github.com/openssl/openssl/pull/258 so closing the ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2698 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2894] [Bug] openssl crl -nameopt has no effect
This was implemented some time ago (not sure who). The nmflag variable is used in name_print in apps/crl.c Closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2894 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #2867] des_ede3_cfb1_cipher(): output cropping
fixed with commit fe2d149 in master. Not backported, code has changed. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2867 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4582] BUG - Application crashing in OpenSSL code while creating x509 certificate object
0.9.8 is no longer supported. Perhaps some others on openssl-users mailing list can help you. Closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4582 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3752] Patch to fix thread ID support from FIPS module
commit a43cfd7 pushed to 1.0.2 stable, will show up in next release. thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3752 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug
You are not supposed to pass NULL into OpenSSL API's. Just like doing this will cause a crash strcpy(NULL, "hello") in a C program. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4579 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4398] BUG / 1.0.2g breaks CURL extension
We believe this is fixed by the commit that viktor pointed out. Is this not true? What are folks asking OpenSSL to do? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4398 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4376] pull request 785
There was some discussion over on the pull request thread, https://github.com/openssl/openssl/pull/785 And there the feeling was this is a new feature. Closing the ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4376 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug
When I added this line:
(if x509==NULL) { ERR_print_errors_fp(stderr); exit(1); }
it complained
140259630204736:error:0906D06C:PEM routines:PEM_read_bio:no start
line:crypto/pem/pem_lib.c:691:Expecting: CERTIFICATE
When I fixed the file to say "BEGIN CERTIFICATE" (added a space) and changed
the code to print the result of calling the verify routine, it all works.
Closing ticket.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4579
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3925] [PATCH] Removed trailing semicolon from macro body of three function-like macros
OpenSSL_1_0_2-stable commit 398260a; master commit 54f24e3 thanks. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3925 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug
1.0.1 is end of life and only getting bugfixes now. If you can reproduce this on 1.0.2 or master, please open a new ticket. We also need more information, cannot reproduce this issue here. Thanks. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4579 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3934] [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions
looks like someone already fixed this. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3934 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4416] 1.0.1s makes porting to HP-UX much harder than before
Discussion happened in https://github.com/openssl/openssl/issues/806 (which looks like it can be c losed). Closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4416 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4570] Enhancement request: Configuration option no-hw-aes
Thanks for the discussion; closing this ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4570 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4469] Openssl linker errors
You have turned off so many things, that some files are not compiled. Try building without all your no-xxx flags. You don't need to turn them all off, the patents are expired. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4469 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3868] [PATCH] Add SSL_get0_peer_certificate()
There will be no free since you've got the SSL lifetime. and esp for 1.1 which uses atomics, closing this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3868 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3918] check return value of EC_POINT_mul
GOST is now a separate engine. Ping Dmitry :) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3918 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3868] [PATCH] Add SSL_get0_peer_certificate()
Is this needed? Can your get0 function just call get and decrement the refcount? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3868 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3844] FW: regarding shared library for openssl -1.0.2a
A local environment/compiler issue that we cannot address. No activity in years on this. closing ticket. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3844 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3728] Question: does "sslv3" in log mean we're using SSLv3?
There are no plans, at this point, to change the names used in logging. If you think it's worthwhile, please open a *github issue* for this. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3728 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4381] [PATCH] Missing Sanity Check for OBJ_nid2obj() in OpenSSL-1.0.2g
this is a "can't happen" kind of thing. If you pass in a NID_xxx value, you MUST get back the object. They are two tables built in-sync. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4381 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
