On 14/06/13 15:25, Florian Weimer wrote:
On 06/14/2013 03:31 PM, Dr. Stephen Henson wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont
set it:
they'd all need to be recompiled.
That's a valid point.
Possibly alternative is to reuse one of the existing *ancient* flags.
Does
anyone really care about compatibility with a bug in SSLeay 0.80 for
example?
Wouldn't it be better to reverse the meaning of the flag and not set it
in SSL_OP_ALL?
Just to complicate matters further, the 0x400 bit used to be set in
SSL_OP_ALL, and has previously been used for at least 2 other purposes!
http://cvs.openssl.org/chngview?cn=18974
http://cvs.openssl.org/chngview?cn=22501
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org