Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
__
OpenSSL Project http
--On Wednesday, September 05, 2012 12:40 AM +0200 Dr. Stephen Henson
st...@openssl.org wrote:
On Tue, Sep 04, 2012, Quanah Gibson-Mount via RT wrote:
--On Tuesday, September 04, 2012 10:26 PM +0200 Stephen Henson via RT
r...@openssl.org wrote:
[qua...@zimbra.com - Tue Aug 28 22:43:34 2012
(2 times in 4 weeks of heavy testing), so it is
difficult for me to prove conclusively if this fixes it or not, although I
agree the code inspection implies it is fixed. ;)
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc
0x0050c184 in ssl3_connect ()
# 14 0x00465d87 in ssl23_connect ()
# 15 0x00466741 in ssl23_write ()
Dupe of 2866?
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging
with the X509_PUBKEY.
The second lock request occurs in EVP_PKEY_free().
crypto/asn1/x_pubkey.c:174
Duplicate of RT #2866?
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging
After rebuilding my OpenLDAP servers against 1.0.1d, my perl scripts can no
longer negotiate startTLS with the OpenLDAP server, and hang infinitely.
This is a major regression vs 1.0.1c.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc
Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
__
OpenSSL Project http
--On Thursday, April 11, 2013 9:37 AM -0700 Dan Mahoney, System Admin
d...@prime.gushi.org wrote:
I would love it if the maintainers would actually come forward and give
a direct answer on whether or not they're interested.
+1
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
--On Monday, January 13, 2014 3:41 PM -0300 Gustavo Zacarias
gust...@zacarias.com.ar wrote:
The compiler invocation might contain a space for example when using
ccache.
Duplicate of [openssl.org #3232] [PATCH] Makefile.org: Fix usage of CC=gcc
-m32
--Quanah
--
Quanah Gibson-Mount
in advance.
Ciao,
Sergio.
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
__
OpenSSL Project
#include errno.h
#define USE_SOCKETS
#include ssl_locl.h
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
__
OpenSSL Project
Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
__
OpenSSL Project http://www.openssl.org
Development Mailing List
. Is this a known bug
in 1.0.1h? Any suggestions on how to turn off this sudden new bit to
always try cert auth, regardless of whether or not it is desired?
Thanks!
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra :: the leader in open source
--On Monday, June 30, 2014 3:58 PM -0700 Quanah Gibson-Mount
qua...@zimbra.com wrote:
After upgrading to OpenSSL 1.0.1h, I've found now that when initiating
startTLS connections to a system linked to OpenSSL 1.0.1h, it always
tries to do certificate auth with the client. This causes a lot
,
Philippe Lhardy
Bugs should be reported via the bug tracker, as noted at:
https://www.openssl.org/support/rt.html
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
by major
linux distributions.
It boggles the mind that to this day that patch has not been integrated in
the 5 years since the bug was opened.
See http://rt.openssl.org/Ticket/Display.html?id=2051,
https://bugs.debian.org/589520
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc
for other LDAP
projects. I.e., it'll definitely be part of OpenLDAP 2.5 and later. I'll
be discussing with the other OpenLDAP folks if we can put it into 2.4.41 as
well. However, not everyone uses the ldapsearch from OpenLDAP, so it
doesn't solve the problem in general.
--Quanah
--
Quanah Gibson
--On November 14, 2014 at 1:30:10 AM + Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Thu, Nov 13, 2014 at 04:57:25PM -0800, Quanah Gibson-Mount wrote:
It would be cool to have the Net::SSLeay
code as well, however, for other tests I'd like to set up.
Attached. You'll need
: NONE
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman
into
OpenSSL? Do you have a version of your patch that works with the 1.0.1
series?
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev
supplied patches for it. Supposedly it was going to go into 1.0.2.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev mailing list
/Display.html?id=2051 already exists and has
for ages? I would suggest RT3717 be marked as a duplicate of 2051.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
that was released since 1.0.1j?
Thanks!
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev mailing list
To unsubscribe: https
--On Wednesday, August 05, 2015 5:54 PM +0200 Kurt Roeckx k...@roeckx.be
wrote:
On Wed, Aug 05, 2015 at 06:54:33AM -0700, Quanah Gibson-Mount wrote:
Yesterday, I was alerted by a member of the list that my emails to
openssl-dev are ending up in their SPAM folder. After examining my
emails
--On Tuesday, August 18, 2015 11:30 AM +0200 Kurt Roeckx k...@roeckx.be
wrote:
On Mon, Aug 17, 2015 at 10:55:53AM -0700, Quanah Gibson-Mount wrote:
However, there are two solutions to that allow adding a footer when list
subscribers may have DKIM signed email:
a) As noted in the OpenDKIM
license than what
OpenSSL was previously offered under.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev mailing list
To unsubscribe
Forwarded Message --
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman
, but nothing comes immediately to my
mind as to why that'd be the case. CLA's just generally seem to be the
default starting position with legal teams, in my experience. ;)
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source
--On Thursday, December 03, 2015 11:28 AM -0800 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
After adding "make depend" to occur before "make all", it now succeeds.
However, this worked on prior releases, so it seems that requiring "make
depend" is new to
--On Thursday, December 03, 2015 7:18 PM + Matt Caswell
<m...@openssl.org> wrote:
On 03/12/15 19:10, Quanah Gibson-Mount wrote:
make[5]: *** No rule to make target `../../include/openssl/idea.h',
needed by `e_idea.o'. Stop.
Hmmm. I don't get that. Can you post your build
NATURE-
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collabo
--On Monday, May 18, 2015 3:32 PM -0700 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
We've been seeing a problem with openssl deadlocking in the 1.0.1j
release that didn't occur in previous releases. I've looked over the
change log fixes for the k, l, and m releases, but I haven'
--On Thursday, December 03, 2015 12:30 PM -0800 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
--On Monday, May 18, 2015 3:32 PM -0700 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
We've been seeing a problem with openssl deadlocking in the 1.0.1j
release that didn't occur
prior 1.0.1[a-p],
and all the releases of 1.0.0 and 0.9.8 that I used prior to moving to the
1.0.1 series.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
.1 tree.
We've made many changes to make various structures SSL, SSL_CTX, RSA, EVP
objects., etc., opaque. (Among other things, this makes future shared
lib updates easier.) So pulling down the master branch and doing a build
and seeing what breaks will be helpful.
Great, I'll do that. :)
--
ye. What surprises are we talking about? ;)
I can do some testing for OpenLDAP. I honestly haven't been paying
exceedingly close attention to the 1.1 tree.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source m
--On Tuesday, August 04, 2015 3:35 PM -0700 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
Just curious -- Any update on this? Is OpenSSL going to use something
GPLv2 compatible? etc.
Thanks,
Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
moving to apache v2 does not resolve the primary problem with the OpenSSL
license that currently exists.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
mental problems with the current license going to continue to be
blatantly ignored?
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev m
MPLv2 and
the APLv2? If so, that would keep the patent protections and allow both
GPLv2 and GPLv3 compatibility.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collabo
h_other_licenses>
<https://www.mozilla.org/en-US/MPL/2.0/>, see section 1.12
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
opens
the time to look into it. :) If
compatibilty with the GPLv2 and GPLv3 could be resolved with relicensing
while keeping the patent portions in place, it would be a major win for the
community. :)
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open
E ORIGINAL LICENSE TERMS ARE REPRODUCED
BELOW ONLY AS A REFERENCE]
(etc).
Since you already cannot mix GPLv2 and GPLv3, then those who need openssl
for GPLv2 reasons could elect to choose the MPLv2, and those who need
openssl for GLPv3 reasons could elect to choose the APLv2.
--Quanah
--
<http://en.swpat.org/wiki/Patent_clauses_in_software_licences#Apache_License_2.0>
<http://en.swpat.org/wiki/MPL_and_patents>
Both contain a retaliation clause and a patent grant.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in o
erhaps contributors, when approached by OpenSSL, can simly say they will
not release their rights unless the project adopts a truly open license in
the spirit of the original BSD style license minus the advertising clause.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbr
$(PLAT) -g -O2 -DOPENSSL_NO_HEARTBEATS; \
So we've only just recently started using openssldir, but it does exactly
what we want it to do. ;)
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collabo
ly.
Yeah, I'm primarily noting it so that if it comes up in the future, there's
an idea as to what the solution is for the end user (fix their path, etc).
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging an
/blob/master/libraries/libldap/tls_o.
c#L475
Any update on this request?
Thanks,
Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev
ulling in a different perl than the system perl.
I'll see if I can track down exactly what the issue was.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
o
--On Sunday, January 24, 2016 11:30 PM +0100 Richard Levitte
<levi...@openssl.org> wrote:
In message <DE9F941D87C9EE5AEFAAB903@[192.168.1.9]> on Sun, 24 Jan 2016
12:36:29 -0800, Quanah Gibson-Mount <qua...@zimbra.com> said:
quanah> --On Sunday, January 24, 2016 9:32 AM
--On Thursday, August 25, 2016 12:36 AM + Viktor Dukhovni
<openssl-us...@dukhovni.org> wrote:
On Wed, Aug 24, 2016 at 11:17:21PM +, Quanah Gibson-Mount via RT
wrote:
When a process (nginx in this case) has this as the server cert, it core
dumps with an abort() when clients r
--On Wednesday, August 24, 2016 5:47 PM -0700 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
this is clearly a TLS client-side stack trace. Why is nginx acting
as an SSL/TLS client?
It's a proxy server... so it's proxying between the client connecting to
nginx on the IMAP
censes than the APLv2 which are also GPLv2 compatible. The MPLv2
being an example of such a license. There is also BSD, MIT/X11, etc. The
GPLv2 incompatibility of OpenSSL is a major problem.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and sup
f 2015. It appears that the feedback that the APL does not solve
these serious problems with how OpenSSL was licensed was ignored. Sad to
see that.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
licensing means that it is also available under a
no-patent-protection license which is an issue for us.
APLv2 and MPLv2 both have patent protections. How would a dual license of
APL+MPL result in a no-patent-protection license?
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corp
ense
of APL+MPL result in a no-patent-protection license?
MPL allows GPL which has no patent protection.
It doesn't mean the code is no longer covered by the MPL. See
<https://www.mozilla.org/en-US/MPL/2.0/combining-mpl-and-gpl/>, "Unmodified
MPL-licensed Files - MPL-only".
--Q
useful starting point. Has dual licensing been
considered? Both in 2015 and now, the lack of GPLv2 compatibility has
shown to be a serious drawback to the APLv2.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by
--On Friday, March 24, 2017 7:47 PM +0100 Kurt Roeckx <k...@roeckx.be>
wrote:
On Fri, Mar 24, 2017 at 10:18:40AM -0700, Quanah Gibson-Mount wrote:
--On Friday, March 24, 2017 6:12 PM + "Salz, Rich" <rs...@akamai.com>
wrote:
> > Thanks Rich, that's a more usef
sumers of OpensSL vs the MPLv2, and there are
definite reasons as to why the APLv2 is problematic.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--
openssl-dev mailing list
To
s correct. From
<http://blogs.fsfe.org/ciaran/?p=58> (See update), it appears you need an
explicit 95% permission rate to legally relicense and zero objections. So
far one objection has already surfaced.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, ce
--On Friday, March 24, 2017 9:02 PM +0100 Florian Weimer <f...@deneb.enyo.de>
wrote:
* Quanah Gibson-Mount:
Zero people that I know of are saying to switch to the GPL. What is
being pointed out is that the incompatibility with the current
OpenSSL license with the GPLv2 has been a
s such an exception. I ran into that a
few times in the past, and had to work with the authors to adjust their
license (in one case) and move to alternatives for other cases.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions
e from whatever OS their application may be running on top of.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl
rs time, I've yet to see one valid argument to using the APLv2 vs
the MPLv2 originate from the OpenSSL team.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--
openssl-dev
, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
__size = \002\000\000\000\000\000\000\000\070[\000\000\001, '\000'
repeats 26 times, __align = 2}
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader
= 2}
Can you provide a stack trace when you get the deadlock?
Hi Stephen,
The first comment is a full stack trace. Did you download it from RT?
http://rt.openssl.org/Ticket/Attachment/34714/18567/
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
__
OpenSSL Project http://www.openssl.org
Development
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
__
OpenSSL Project http://www.openssl.org
Development Mailing List
It would be invaluable to have this support in OpenSSL to admins around the
world. This subject comes up repeatedly because people expect it to work.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
into
OpenSSL? Do you have a version of your patch that works with the 1.0.1
series?
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev
patches for it. Supposedly it was going to go into 1.0.2.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev mailing list
/Display.html?id=2051 already exists and has
for ages? I would suggest RT3717 be marked as a duplicate of 2051.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
/openssl/src$ sha1sum -c
openssl-1.0.1m.tar.gz.sha1
openssl-1.0.1m.tar.gz: OK
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-dev mailing list
/idea.h', needed
by `e_idea.o'. Stop.
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https
This patch fixes small grammar errors in s_client.c.
<https://github.com/openssl/openssl/pull/481>
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra :: the leader in open source messaging and collabo
003b02b8) at main.c:1017
i = 9
no_detach = 0
rc = 0
urls = 0x1d8a000 "ldap://ldap02e.zimbra.com:389
ldaps://ldap02e.zimbra.com:636 ldapi:///"
username = 0x1d7a010 "root"
groupname = 0x0
sandbox = 0x0
c=3, argv=0x7ffc53c4a278) at
src/core/nginx.c:407
Let me know what further information I can provide.
--Quanah
--
Quanah Gibson-Mount
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4658
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
77 matches
Mail list logo