From: owner-openssl-...@openssl.org On Behalf Of Benny Baumann
Sent: Sunday, August 10, 2014 08:44
Am 09.08.2014 19:24, schrieb Annie Yousar:
Hi Ben, you can generate keys with arbitrary exponents using the
genpkey command:
openssl genpkey -algorithm rsa \ -pkeyopt
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When applying this to 1.0.1 stable, it
appears to resolve the problem.
@@ -4357,8 +4359,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
emask_k =
Thanks Stephen. Removing it seems to have solved the issue.
It appears that a patch which ignored multiple call to add digests
have been reverted back in some 0.9.8x version.
-Arun
On Thu, Aug 7, 2014 at 5:00 PM, Arun Muralidharan arun11...@gmail.com wrote:
hmm...Will update you on this once I
Hi Folks --
0) Beware that I am not an expert in this area. What follows is
probably mostly true, but I'm still feeling my way to some extent.
1) There are actually some people who are using v3 nameConstraints.
Not a lot, but some.
An example can be found in one of the fully-trusted root
Hey John et al,
If you could also take a look at https://github.com/openssl/openssl/pull/111
we have listed a number of reasons. What are your thoughts on this?
Regards,
Vyronas Tsingaras
On 13/08/2014 11:57 πμ, John Denker wrote:
Hi Folks --
0) Beware that I am not an expert in this area.
We plan on adopting a coding style and it will address this. The style is most
likely to say put spaces around operators. I'm marking this as reject (not
resolve) because we're not gonna do this one-of fix. But a more comprehensive,
better, answer is coming.
--
Rich Salz, OpenSSL dev team;
No current plans to generate CHM file from the openssl manpages.
If someone can point to a good perl script we could use, we can re-open this.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Yes, the fact that the any purpose OID is present means that applications may
use the cert/keypair for anything. Not that you are asking to show the purpose
field, which doesn't actually contradict the RFC. It says, at the bottom of
page 44,
Certificate using
applications MAY require that the
Perhaps I misunderstand, but... dsaparam lets you specify the number of bits.
From that it calculates the q value compatible with the table you posted.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Dear OpenSSL-Team,
First of all, thank you for your great work!
I hope openssl-dev is the right list for the following request:
Many projects rely on OpenSSL of course and whenever a new version is
published fixing security issues, it is more or less a surprise to many.
After the disclosure
Thanks for your kind words. We do post a notice that we're putting out a
security update. Not sure how you missed it...
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me Twitter: RichSalz
On Wed, Aug 13, 2014 at 01:12:12PM -0400, Henning Horst wrote:
Dear OpenSSL-Team,
First of all, thank you for your great work!
I hope openssl-dev is the right list for the following request:
Many projects rely on OpenSSL of course and whenever a new version is
published fixing security
On Tue, Aug 12, 2014 at 08:36:06PM +0200, Kurt Roeckx wrote:
On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When applying this to 1.0.1 stable, it
appears to resolve the
Thank you.
On 08/13/2014 01:39 PM, Kurt Roeckx via RT wrote:
On Tue, Aug 12, 2014 at 08:36:06PM +0200, Kurt Roeckx wrote:
On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When
Hi Henning,
So my question is - would it be reasonable to send an early warning
(without any details) to one of the OpenSSL lists a few days before
publishing a version containing fixes for security vulnerabilities?
Just saying something along the lines of we plan to release a new
openssl
Hi Henning,
So my question is - would it be reasonable to send an early warning
(without any details) to one of the OpenSSL lists a few days before
publishing a version containing fixes for security vulnerabilities?
Just saying something along the lines of we plan to release a new
openssl
Thank you.
On 08/13/2014 01:39 PM, Kurt Roeckx via RT wrote:
On Tue, Aug 12, 2014 at 08:36:06PM +0200, Kurt Roeckx wrote:
On Tue, Aug 12, 2014 at 08:22:38PM +0200, John Foley via RT wrote:
The first chunk in the s3_lib.c patch doesn't apply. But the second
chunk does (shown below). When
In the release after 1.0.2, s_client has a new '-nocommands' flag that disables
the command letters. We don't want to break existing behavior.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
Your proposed transition strategy sounds good. Maybe as a first step OpenSSL
could tolerate a leading dot and in a future version implement item 6 ?
mozilla:pkix and SChannel tolerate this.
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Duh - thank you Steef, Kurt and Rich - not sure how I could miss that
either... So please only take the key message - your team does a great
job with OpenSSL, thank you all!
Regards,
Henning
On 08/13/2014 01:35 PM, Steef wrote:
Hi Henning,
So my question is - would it be reasonable to send
What's the programming model for using session cache with a multi-threaded
server?
When a client connections, a refcount on the object is incremented. But then
fields can be changed (such as ecpointformat). Does it make more sense for
session to deep-copy the session from the cache?
--
On Wed, Aug 13, 2014 at 03:32:00PM -0400, Salz, Rich wrote:
What's the programming model for using session cache with a multi-threaded
server?
When a client connects, a refcount on the object is incremented.
A lot depends on whether the cache is internal, or external via callbacks,
and
We're using the standard internal session (maintained per SSL_CTX object); not
tickets.
We're seeing that the sessions are shared, a refcount is maintained, but that
SSL does modified fields within a session while it's being used. Most notably
an address sanitizer build found the EC point
Andy pointed out that this has been fixed since 1.0.0 where /Zi is added
unconditionally.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development
Very old release.
Netware is no longer supported.
After trying to carefully read the text of the RT, I don't *think* there's an
OpenSSL bug; please file a new RT if I'm wrong about that.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
Netware is no longer a supported platform.
very old release.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
Netware is not a supported platform any more.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
There are now type-safe, so its sk_X_new_null calls.
And all of them in apps/*.c are now checked.
This will be part of a post-1.0.2 release.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project
The comments refer to Jivin Stephen Henson Hilarious :)
But issue was resolved.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List
As indicated in message thread in openssl-dev this is now resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project
I believe this commit fixed it, years ago:
commit 23acb0eeb2ec89cb3d673dd0fb04838d83b13a1a
Author: Richard Levitte levi...@openssl.org
Date: Wed Sep 28 18:02:41 2005 +
Change a comment so it corresponds to reality. Put back a character that
was previously replaced with a NUL for parsing
31 matches
Mail list logo