commit 1abd292 pushed to master, thanks!
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4629
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Build:
Linux jdl-centos.netgate.com 3.10.0-327.22.2.el7.x86_64 #1 SMP Thu Jun 23
17:05:11 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
against commmit:
commit d49cfa3bd57ffba060f08e4088441fa392c2f9a8
Author: Steffen Nurpmeso
Date: Mon Jul 25 12:25:15 2016 +0200
RT4627: Doc p
On Monday 09 May 2016 15:05:32 Salz, Rich via RT wrote:
> It's probably not an issue because the number of file descriptors has
> increased on the native O/S's. But "file descriptor exhaustion" is
> still an issue for RNG's (google it) and we should keep it in mind
> for the future. What's the be
On Mon May 09 15:05:32 2016, rs...@akamai.com wrote:
> It's probably not an issue because the number of file descriptors has
> increased on the native O/S's. But "file descriptor exhaustion" is
> still an issue for RNG's (google it) and we should keep it in mind for
> the future. What's the best wa
It's probably not an issue because the number of file descriptors has increased
on the native O/S's. But "file descriptor exhaustion" is still an issue for
RNG's (google it) and we should keep it in mind for the future. What's the
best way to do that?
--
Ticket here: http://rt.openssl.org/T
Due to the elapsed time I am assuming this is no longer a problem for apache.
Please create a new ticket if this is still a problem!
Matt
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1298
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsu
This bug affects 1.0.2.f and supposedly also 1.1.0 alpha, I reported it already
3 years (!!) ago as Bug #2928 for OpenSSL 1.0.1c, but it was closed yesterday
since 1.0.1 development is finished.
Please find attached the Bug description again for OpenSSL 1.0.2f. I provide
already a solution, so
0.9.8 not supported, please re-test and re-open if still an issue on current
releases.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
old release, closing.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Fixed now in OpenSSL 1.0.1+, thanks for the report!
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Closing this ticket: works as intended, won't fix.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Tue, Aug 11, 2015 at 08:25:53PM +, Sekwon Choi via RT wrote:
> Hi Viktor and Kurt,
>
> Thanks for the quick response. I think I agree with you guys. I looked up
> hostname RFC again (RFC952 and 1123), not URI RFC, and indeed, '_' and '~'
> are not valid character to be used for hostname.
>
Hi Viktor and Kurt,
Thanks for the quick response. I think I agree with you guys. I looked up
hostname RFC again (RFC952 and 1123), not URI RFC, and indeed, '_' and '~'
are not valid character to be used for hostname.
So technically, what openssl is doing is right. What makes tricky is that,
sinc
On Tue, Aug 11, 2015 at 07:29:15PM +, Viktor Dukhovni wrote:
> On Tue, Aug 11, 2015 at 07:22:58PM +, Kurt Roeckx via RT wrote:
>
> > It looks to me that you're trying to validate an URL instead of a
> > hostname. I don't know of any standart that allows you to put a
> > URL in a certific
On Tue, Aug 11, 2015 at 07:22:58PM +, Kurt Roeckx via RT wrote:
> It looks to me that you're trying to validate an URL instead of a
> hostname. I don't know of any standart that allows you to put a
> URL in a certificate and it also doesn't make much sense.
Certificates IIRC can have URI sub
On Tue, Aug 11, 2015 at 06:53:29PM +, Sekwon Choi via RT wrote:
> When we want to perform a host verification using openssl's APIs that use
> X509_check_host, host URL that includes specific characters such as '_' or
> '~' will be failing when CN from the certificate contains wildcard
> charact
Hi openssl team,
I would like to report a bug as below and patch for the fix.
[ Version affected ] :
1.0.2d (latest) and below (basically, all versions of openssl)
[ Operating system ] :
All
[ Bug description ] :
When we want to perform a host verification using openssl's APIs that use
X509_che
[bug-report]
Hi, I am openssl-user Jang Young-Hwi.
My webwerver uses OpenSSL-1.0.1h, and downed with core dump.
The core dump occurs when the pkey is NULL. (if malloc() failed)
I think that the exception code is required..
Below..
== [core dump]
...
Program terminated with signal 11, Se
On Sat Mar 14 05:46:12 2015, santosh.r...@ca.com wrote:
> Thanks Steve,
> For your valued information.
> After executing the steps
> suggested fips module is building fine.
> But when I build the
> openssl0.9.8.ze with fips flag.
> make is success.
> But make test is
> failing.. with Below error.
>
2015 4:22 AM
To: Rath, Santosh
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
On Fri Mar 13 21:00:30 2015, santosh.r...@ca.com wrote:
> Thank you Stephen,
>
> Since the product is already build on
> openssl.0.9.8.r, and if we upgrade it
On Fri Mar 13 21:00:30 2015, santosh.r...@ca.com wrote:
> Thank you Stephen,
>
> Since the product is already build on
> openssl.0.9.8.r, and if we upgrade it to openssl0.1.1l then there
> could be lot of change in terms of API what our product use.
Well if you'd used any OpenSSL 0.9.8 using
./co
On 3/13/2015 4:00 PM, Rath, Santosh via RT wrote:
But when I build the openssl with shared mode, then it is failing and
reporting below errors.
gcc: /home/ratsa02/openssl/openssl-fips-2.0.2/fips_binary/fipsfips_premain.c:
No such file or directory
gcc: /home/ratsa02/openssl/openssl-fips-2.0
, March 13, 2015 3:34 AM
To: Rath, Santosh
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
On Thu Mar 12 22:16:37 2015, santosh.r...@ca.com wrote:
> Hi
>
> I have downloaded the openssl 0.9.8zd source.
> And I tried below steps to get it in
On Thu Mar 12 22:16:37 2015, santosh.r...@ca.com wrote:
> Hi
>
> I have downloaded the openssl 0.9.8zd source.
> And I tried below steps to get it install.
>
> 1. ./config fipscanisterbuild
>
> I did not get any configuration error.
>
> 2. make
>
> I got the below linker error.
>
>
>
> make[2]: Ent
Hi
I have downloaded the openssl 0.9.8zd source.
And I tried below steps to get it install.
1. ./config fipscanisterbuild
I did not get any configuration error.
2. make
I got the below linker error.
make[2]: Entering directory `/home/ratsa02/openssl-0.9.8zd/test'
../fips/fipsca
On Tue Feb 10 14:44:18 2015, cristifa...@gmail.com wrote:
> Version: 1.0.2
> Platform: Windows x86 (VC-WIN32)
> Compiled with: openssl-fips-2.0.5
>
> Hi all,
> I browsed the open bug list for a little while, but i didn't find
> this.
This was raised in ticket 3673 and fixed by this commit:
6fa805f
Version: 1.0.2
Platform: Windows x86 (VC-WIN32)
Compiled with: openssl-fips-2.0.5
Hi all,
I browsed the open bug list for a little while, but i didn't find this.
I've got 3 compilation errors on OpenSSL (details above) on Windows 32bit.
I didn't test it yet, but the first 2 errors (*size_t* being
Very old release, cannot reproduce.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager
Thank you, Mr. Roeckx.
J.J. Clemmer
-Original Message-
From: Kurt Roeckx via RT [mailto:r...@openssl.org]
Sent: Saturday, June 28, 2014 2:43 PM
To: Clemmer, John J CIV (US)
Cc: openssl-dev@openssl.org
Subject: Re: [openssl.org #3413] OpenSSL Bug Report Submission - related to
#3376
On
58 PM
To: Clemmer, John J CIV (US)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376
On Sat Jun 28 17:21:39 2014, john.j.clemmer4@mail.mil wrote:
> OpenSSL Development Team,
>
> My attempts to compile OpenSSL v.1.0.0m on the day
Thank you, Mr. Roeckx.
J.J. Clemmer
-Original Message-
From: Kurt Roeckx via RT [mailto:r...@openssl.org]
Sent: Saturday, June 28, 2014 2:43 PM
To: Clemmer, John J CIV (US)
Cc: openssl-dev@openssl.org
Subject: Re: [openssl.org #3413] OpenSSL Bug Report Submission - related to
#3376
On
58 PM
To: Clemmer, John J CIV (US)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3413] OpenSSL Bug Report Submission - related to #3376
On Sat Jun 28 17:21:39 2014, john.j.clemmer4@mail.mil wrote:
> OpenSSL Development Team,
>
> My attempts to compile OpenSSL v.1.0.0m on the day
https://www.openssl.org/news/openssl-1.0.0-notes.html
*Known issues in OpenSSL 1.0.0m:*
* EAP-FAST and other applications using tls_session_secret_cb wont
resume sessions. Fixed in 1.0.0n-dev
* Compilation failure of s3_pkt.c on some platforms due to missing
include. Fixed in 1.0.0n-dev
On Sat, Jun 28, 2014 at 05:21:40PM +0200, Clemmer, John J CIV via RT wrote:
> OpenSSL Development Team,
>
> My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as
> last night both resulted in the same error, whereby INT_MAX is used before it
> is declared in ssl/s3_pkt.c o
On Sat Jun 28 17:21:39 2014, john.j.clemmer4@mail.mil wrote:
> OpenSSL Development Team,
>
> My attempts to compile OpenSSL v.1.0.0m on the day of its release as
> well as last night both resulted in the same error, whereby INT_MAX
> is used before it is declared in ssl/s3_pkt.c on line 586.
>
OpenSSL Development Team,
My attempts to compile OpenSSL v.1.0.0m on the day of its release as well as
last night both resulted in the same error, whereby INT_MAX is used before it
is declared in ssl/s3_pkt.c on line 586.
Researching this error, I found a discussion among some of your developer
Hi
In my test program I noticed that EVP_CIPHER_CTX_iv_length dont report
correct value after EVP_CTRL_GCM_SET_IVLEN
The EVP_CIPHER_CTX_iv_length reports 12 instead of 16
The CTEXT changes as I change value from 12 to 16 in
EVP_CIPHER_CTX_ctrl(EVP_CTRL_GCM_SET_IVLEN) suggesting that the ivlen of
Details:
• Operating System:
• Windows 7 Enterprise SP1 - 64-bit
•
OpenSSL version: (From opensslv.h)
• #define OPENSSL_VERSION_NUMBER 0x0090807fL
•
Visual Studio:
• Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01
for 80x86
P
On Tue, May 10, 2011 at 6:38 PM, Ger Hobbelt wrote:
>
>>
>>
> Nothing glaringly obvious to me in any of the code snippets. :-( (And,
> Dave, thanks for catching f.u. where I was missing the __LINE__ in my code!)
>
>
> It's past 0200 hours here so I'd better get some shut-eye, but here's a
On Wed, May 11, 2011 at 12:58 AM, Michael Gale wrote:
>
> Hey,
>
> First, thanks for the reply and feedback.
>
> The section of the python code that invokes the function call is below, I
> highlighted line 138 which is where the exception is occurring according to
> the stack trace.
>
> --snip
On Tue, May 10, 2011 at 5:06 AM, Ger Hobbelt wrote:
> On Mon, May 9, 2011 at 9:15 PM, Michael Gale wrote:
>
>> I checked OpenSSL 1.0.0d release and the same comment is there "does not
>> happen". If it does not happen why is it being checked?
>
>
> Might be more correctly stated as '/* _should_ n
_
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org]
On Behalf Of Ger Hobbelt
Sent: Tuesday, 10 May, 2011 07:06
On Mon, May 9, 2011 at 9:15 PM, Michael Gale wrote:
I checked OpenSSL 1.0.0d release and the same comment is there "does not
happen". If it does
On Mon, May 9, 2011 at 9:15 PM, Michael Gale wrote:
> I checked OpenSSL 1.0.0d release and the same comment is there "does not
> happen". If it does not happen why is it being checked?
Might be more correctly stated as '/* _should_ not happen */' - see the
code: it's a basic sanity check to ens
Hello,
I believe we are triggering a bug in s3_pkt.c in OpenSSL 0.9.8b:
--snip--
* 171 if (n > max) /* does not happen */*
* 172 {*
* 173 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);*
* 174 return -1;*
* 175 }*
--snip-
Hello,
I am experiencing an SSL bug however I am not able to determine if the
issue is on the Python SSL module side or the OpenSSL side.
I am using Python 2.7.1 and OpenSSL 0.9.8b (CentOS / RedHat) and the Python
server is using non-blocking sockets.
The following traceback is found when ce
Hello,
I am experiencing an SSL bug however I am not able to determine if the
issue is on the Python SSL module side or the OpenSSL side.
I am using Python 2.7.1 and OpenSSL 0.9.8b (CentOS / RedHat) and the Python
server is using non-blocking sockets.
The following traceback is found when ce
popsig() function).
Values (i=1; imailto:[EMAIL PROTECTED] On Behalf Of Girish kumar via RT
Sent: Mittwoch, 11. Oktober 2006 19:04
Cc: openssl-dev@openssl.org
Subject: [openssl.org #1409] Openssl Bug report Password protected
private key file causes crash in MSVCR80
Hi All,
I am using openssl
I need help on this issue...With regards
Girish kumar. S
> Subject: [openssl.org #1409] AutoReply: Openssl Bug report Password protected
> private key file causes crash in MSVCR80 > From: [EMAIL PROTECTED]> To:
> [EMAIL PROTECTED]> Date: Wed, 11 Oct 2006 19:03:32 +0
Hi All,
I am using openssl version openssl-0.9.7d on Windows XP. When I run my
application on MSVCRuntime 80, I get a crash when server is configured to run
against a password protected private key file. In console it displays the
message Enter pass phrase and crashes. If we use private k
Hello,
I have found a bug in libcrypto.so which causes Apache2 to crash or
deadlock when a few hundred virtual hosts are configured in a
SSL-enabled Apache2 instance.
The problem is Apache2 opens a number of files per virtual host before
initializing libcrypto.so's random seed, given enough virt
Resolved as non OpenSSL problem.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL P
rching for it failed.
-- Forwarded message --
Date: Sat, 4 Jan 2003 19:16:08 + (GMT)
From: root <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: OpenSSL Bug(?) - make test (SHA) failure
Attached is the result of OpenSSL 'make report', fo
Attached is the result of OpenSSL 'make report', following a failure of
'make test', as requested in the INSTALL file, section 3.
At this point, all I have done is downloaded the source code, and run
configure, make, and make test. As you will be able to see from the log
the reported failure is
> > > PS. Whether this is considered to be a "bug" on OpenSSL's side, or
> whether
> > > OpenSSL is correct in sending an empty fragment and the peer's software
> is
> > > incorrect, is another topic.
> >
> > OpenSSL clearly behaves according to the SSL 3.0 and TLS 1.0
> > specifications. If the I
> > PS. Whether this is considered to be a "bug" on OpenSSL's side, or
whether
> > OpenSSL is correct in sending an empty fragment and the peer's software
is
> > incorrect, is another topic.
>
> OpenSSL clearly behaves according to the SSL 3.0 and TLS 1.0
> specifications. If the IBM SSL library d
>> disconnects immediately after the SSL handshake takes place. According to
>> the IBM developer, this is an OpenSSL bug due to an extra 24 bytes
>> supposedly sent by OpenSSL after the handshake is complete.
> You are probably experiencing an effect caused by the following change
ing with an IBM developed SSL library. I experienced unexpected
> disconnects immediately after the SSL handshake takes place. According to
> the IBM developer, this is an OpenSSL bug due to an extra 24 bytes
> supposedly sent by OpenSSL after the handshake is complete.
You are probabl
after the SSL handshake takes place. According to
the IBM developer, this is an OpenSSL bug due to an extra 24 bytes
supposedly sent by OpenSSL after the handshake is complete.
"I did some more digging over the weekend, and ran some more traces for
IBM - what I found was that OpenSSL sen
I forgot to append this dump. I have tried to verify that the application
does not send those 24 bytes by placing breakpoints on every call to
SSL_write()
1 9 0.2855 (0.) C>SV3.0(1) ChangeCipherSpec
1 10 0.2855 (0.) C>SV3.0(64) Handshake Finished
md5_hash[16]=
15 3b 46 16 dc d6 2d 50
Dear all,
This report is just for fun because the original idea was to integrate iksd
(Internet Kermit Service Daemon) but it seams that US laws does not allow us
to transmit the header (just a header?) making the bridge between Kermit and
OpenSsl libraries.
Here is a bug report: the rebuild of
> I seem to have come across a bug in OpenSSL. In general, it performs
> flawlessly. My problem is a segmentation fault by the client when I
> arbitrarly kill the server (serious testing going on here). I recompiled
> OpenSSL with the -g parameter, and ran my client under gdb. Here is the
> sessio
Howdy,
I seem to have come across a bug in OpenSSL. In general, it performs
flawlessly. My problem is a segmentation fault by the client when I
arbitrarly kill the server (serious testing going on here). I recompiled
OpenSSL with the -g parameter, and ran my client under gdb. Here is the
session
62 matches
Mail list logo
