> On Jun 12, 2018, at 6:56 PM, Richard Levitte wrote:
>
> Some implementations of the iconv library take the empty string as
> the locale-specific encoding, but that is in no way universal, and
> isn't specified in the standard:
>
> http://pubs.opengroup.org/onlinepubs/009695399/functions/ico
In message <333784c8-4870-4ddb-a892-13d552724...@dukhovni.org> on Tue, 12 Jun
2018 16:02:16 -0400, Viktor Dukhovni said:
openssl-users>
openssl-users>
openssl-users> > On Jun 12, 2018, at 3:39 PM, Richard Levitte
wrote:
openssl-users> >
openssl-users> >> The flags I'd like to see are:
opens
> On Jun 12, 2018, at 3:39 PM, Richard Levitte wrote:
>
>> The flags I'd like to see are:
>>
>> -latin1: Passphrase is a stream of octets, each of which is a single
>> unicode
>> character in the range 0-255.
>
> I would prefer to call it -binary or something like that... it
In message on Tue, 12 Jun
2018 11:06:40 -0400, Viktor Dukhovni said:
openssl-users>
openssl-users>
openssl-users> > On Jun 7, 2018, at 3:40 PM, Salz, Rich
wrote:
openssl-users> >
openssl-users> > I think you forgot that this is not what I suggested. One
flag indicates it's utf-8 encoded,
> On Jun 7, 2018, at 3:40 PM, Salz, Rich wrote:
>
> I think you forgot that this is not what I suggested. One flag indicates
> it's utf-8 encoded, don't touch it. The other flag indicates it might have
> high-bit chars, don't touch it.
The flags I'd like to see are:
-latin1: Passphras
> On Jun 11, 2018, at 11:46 AM, Salz, Rich wrote:
>
> And the docs for this *new flag* explain that the behavior could change in
> the future.
There must be no "change in the future". Whatever flags
we add now, must implement a stable interface. A flag
that changes behaviour is useless.
-
) in the OpenSSL git
repository.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken who also
developed the fix.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20180612.txt
Note: the online version of the advisory may be updated with
On 12/06/18 10:16, Matt Caswell wrote:
> This is the PR for the CVE. I forgot to add the branches to the
> PR...this is for 1.1.0 and 1.0.2. Please can someone approve the
> backport asap?
This is now done (thanks Tim).
Now looking for an approval for the web updates:
https://github.com/opens
This is the PR for the CVE. I forgot to add the branches to the
PR...this is for 1.1.0 and 1.0.2. Please can someone approve the
backport asap?
Thanks
Matt
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/list
In message <2418fe0a-8a61-47ad-9e60-f40bd0c79...@openssl.org> on Mon, 11 Jun
2018 19:29:09 +0200, Richard Levitte said:
levitte>
levitte>
levitte> "Salz, Rich" skrev: (11 juni 2018 18:54:37 CEST)
levitte> >>Except that, because of the way PKCS12_gen_mac() works, this
isn't
levitte> >
10 matches
Mail list logo