Does:
- Fixes a typo in s_client.pod (2x in the).
- Changes .pod to reflect reality: it is SSL_CONF_CTX_finish(),
not SSL_CONF_finish().
- While here it seems best to change the remaining SSL_CONF_cmd(),
SSL_CONF_cmd_argv() and SSL_CONF_cmd_value_type() to have
a SSL_CONF_CTX_ prefix,
Oh yes: and on top of that former patch there really where also
dangling SSL_CTX_cmd() use cases in .pod files, which are thus and
finally changed to SSL_CONF_CTX_cmd via the attached patch, too.
Thank you.
--steffen
diff --git a/doc/ssl/SSL_CONF_CTX_cmd.pod b/doc/ssl/SSL_CONF_CTX_cmd.pod
index
Hello,
and finally i propose three new values for the Protocol slot of
SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
I included OLDEST for completeness sake, NEWEST is in effect what
i've always forced for my thing whenever possible, and encouraged
users to use themselve, but of course it
Richard Moore richmoor...@gmail.com wrote:
|On 8 December 2014 at 19:20, Steffen Nurpmeso via RT r...@openssl.org wrote:
| and finally i propose three new values for the Protocol slot of
| SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
|
|In Qt we've added an enum value for TLS versions
Richard Moore richmoor...@gmail.com wrote:
|On 9 December 2014 at 11:35, Steffen Nurpmeso sdao...@yandex.com wrote:
| Richard Moore richmoor...@gmail.com wrote:
||On 8 December 2014 at 19:20, Steffen Nurpmeso via RT r...@openssl.org
| wrote:
|| and finally i propose three new values
Kurt Roeckx via RT r...@openssl.org wrote:
|On Mon, Dec 08, 2014 at 08:20:44PM +0100, Steffen Nurpmeso via RT wrote:
| and finally i propose three new values for the Protocol slot of
| SSL_CONF_CTX_cmd(): OLDEST, NEWEST and VULNERABLE.
|
|I actually find the option unfortunate and I think
Kurt Roeckx via RT r...@openssl.org wrote:
|On Mon, Dec 08, 2014 at 07:58:31PM +0100, Steffen Nurpmeso via RT wrote:
| set ssl-protocol=ALL,-SSLv2
|
| This results in the obvious problem that when they (get)
| upgrade(d) their OpenSSL library they will see a completely
| intransparent
|Kurt Roeckx via RT r...@openssl.org wrote:
||been one that sets the minimum and maximum version. But I think
||we're too late 1.0.2 process to still change this.
Attached a git format-patch MBOX for 1.0.2 (on top of [6806b69]).
It boils anything down into two changesets (SSL_CONF_CTX and
Salz, Rich rs...@akamai.com wrote:
|I think magic names -- shorthands -- are a very bad idea. \
I _completely_ disagree.
| They are point-in-time statements whose meaning evolves, \
|if not erodes, over time.
Because i don't think that a normal user, or even normal
administrators and
Hello,
Stephen Henson via RT r...@openssl.org wrote:
|On Mon Dec 08 19:58:31 2014, sdao...@yandex.com wrote:
| If people start using SSL_CONF_CTX as they are supposed to with
| v1.0.2, then it can be expected that users start using strings
| like, e.g. (from my thing),
|
| set
Salz, Rich via RT r...@openssl.org wrote:
| Personally i am willing to put enough trust in the OpenSSL team *even
| insofar* as i now do 'set ssl-protocol=ALL,-VULNERABLE'
| and leave the task of deciding what is VULNERABLE up to you.
|
|That is not a responsibility we want. No how, no way.
Yoav Nir ynir.i...@gmail.com wrote:
| On Dec 9, 2014, at 1:24 PM, Steffen Nurpmeso via RT r...@openssl.org \
| wrote:
| Salz, Rich rs...@akamai.com wrote:
||I think magic names -- shorthands -- are a very bad idea. \
|
| I _completely_ disagree.
|
|| They are point-in-time statements
Salz, Rich via RT r...@openssl.org wrote:
| Y causes a ciphersuite (or TLS version) to be dropped into VULNERABLE,
|I am more concerned about the case where a common crypto type \
|is broken, and zillions (a technical term :) of websites are \
|now at-risk because there wasn't an immediate
Salz, Rich via RT r...@openssl.org wrote:
| I'd love to see a version of bettercrypto.org that only \
| has to say to configure
| OpenSSL version 1.0.3 and higher, you should use the string BEST_PRACTICE
|
|That can happen but not by embedding magic strings into code. See
But isn't TLSv1.2
Hi.
Richard Moore richmoor...@gmail.com wrote:
| Programs which use the OpenSSL library generally just want to flip a
| switch and know that they've turned on security, instead of trying to
|My experience suggests that while that might be what some developers want,
|that's not what users
Salz, Rich via RT r...@openssl.org wrote:
| So you want a separate openssl-conf package. Fine, then provide it and
| give an easy mechanism for applications to hook into it.
| And for users to be able to overwrite system defaults.
| But this has not that much to do with #3627.
|
|Yes it
Dr. Stephen Henson st...@openssl.org wrote:
|On Thu, Dec 11, 2014, Steffen Nurpmeso via RT wrote:
| are hard (not only to parse) for users but there is a lot of
| information for good in very few bytes; sad is
|
| Received SIGPIPE during IMAP operation
| IMAP write error: error:
So i follow Rich Salz and am adding support for
SSL_CONF_modules_load_file() (but i'm still wondering a bit why
i do that) and while testing (with v1.0.2 beta4) i see messages
like
error:02001002:system library:fopen:No such file or directory
error:0200100D:system library:fopen:Permission
Hello,
while following Rich Salz's suggestion to make use of
CONF_modules_load_file() i stumbled personally over the
restriction that only a global openssl.cnf seems to be supported.
There is no support for automatic loading of a $HOME/.openssl.cnf
on top of the global version.
And whereas
..so that even after OpenSSL_add_all_algorithms(3)
EVP_get_cipherbyname(3) fails to load aes-128 as an alias for
aes-128-cbc.
--steffen
diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
index 41791ad..88e8b79 100644
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -282,7 +282,7 @@ authentication
Stephen Henson via RT r...@openssl.org wrote:
All i can parse from your answer is that the statement that is
long in OpenSSL documentation and was referred to by Rich Salz
(unless i'm mistaken) in a different #issue, namely the following
paragraph from OPENSSL_config(3):
It is strongly
Hello,
for certificates which get renewed -- mine do twice a year, for
example -- the fingerprint changes
?0[tmp]$ openssl x509 -fingerprint -noout cert.old
SHA1 Fingerprint=00:10:F0:2C:EA:50:1F:11:FE:8D:CC:A0:A9:40:91:A2:D0:4D:65:4E
?0[tmp]$ openssl x509 -fingerprint -noout cert.crt
And on [1] (at least) the link Please see the list of new or open
bugs and requests. leads to nowhere.
Ciao,
[1] http://openssl.org/support/rt.html
--steffen
___
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
I hope i don't "open" this one!
Richard Levitte via RT wrote:
|On Thu Jun 02 15:50:31 2016, stef...@sdaoden.eu wrote:
|> I have never seen something like this:
|>
|> Parser.c: loadable library and perl binaries are mismatched (got
|> handshake key 0xdb00080, needed
Yep:
-rw--- 1 steffen steffen 1848 Jun 2 14:46 VhXl383LiQ
-rw--- 1 steffen steffen 1612 Jun 2 14:46 F1RkvxEZi0
-rw--- 1 steffen steffen 1848 Jun 2 14:46 qg_wML0XIF
-rw--- 1 steffen steffen 1848 Jun 2 14:46 4MUN7KIs69
-rw--- 1 steffen steffen 1840 Jun 2
Oh yes, please!
--steffen
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4555
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hello.
I have never seen something like this:
Parser.c: loadable library and perl binaries are mismatched (got handshake
key 0xdb00080, needed 0xdb80080)
This is v5.24 on a Linux system, and it flawless afaik.
Thanks.
--steffen
--
Ticket here:
Against [80f397e]
diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
index fb39f94..7b38489 100644
--- a/doc/ssl/SSL_CONF_cmd.pod
+++ b/doc/ssl/SSL_CONF_cmd.pod
@@ -124,8 +124,8 @@ than the deprecated alternative commands below.
=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>,
Richard Levitte via RT wrote:
|On Thu Sep 01 13:18:44 2016, stef...@sdaoden.eu wrote:
|> From the documentation i cannot tell what is wrong with the
|> following:
|>
|> echo abc > a; echo def > b; echo ghi > c
|> openssl genpkey -algorithm RSA -out k.prv
|> openssl pkey
Richard Levitte via RT wrote:
|On Thu Sep 01 13:13:44 2016, stef...@sdaoden.eu wrote:
|> Before sending the last message i looked around on the website (it
|> has become particularly complicated to find the bug tracker), and
|> looking at the "go-back" list i saw dozens of
Before sending the last message i looked around on the website (it
has become particularly complicated to find the bug tracker), and
looking at the "go-back" list i saw dozens of "OpenSSL" entries,
rather than rt, "Getting started as a contributor", etc.
--steffen
--
Ticket here:
Hello.
>From the documentation i cannot tell what is wrong with the
following:
echo abc > a; echo def > b; echo ghi > c
openssl genpkey -algorithm RSA -out k.prv
openssl pkey -in k.prv -pubout -out k.pub
openssl dgst -sha512 -sign k.prv -out .sig a b c
openssl dgst -sha512 -verify
"Salz, Rich" wrote:
..
|for and fix? (I'm kinda slow sometimes)
Do you know the story of the couple that had been married for
decades when suddenly, at a Sunday morning breakfast, it has been
revealed that she, who was given the upper half of the bread rolls
for so long --
33 matches
Mail list logo