Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Richard Levitte
In message <20180907.025152.1131079938025695690.levi...@openssl.org> on Fri, 07 
Sep 2018 02:51:52 +0200 (CEST), Richard Levitte  said:

> For example, *all* two-prime RSA keys from pre-1.1.1 become unreadable

That was a bit of an over-statement...  but it seems that there are
things in the wild that were accepted in 1.1.0 (because LONG is used)
that aren't accepted in 1.1.1.  A regression still, even though with
less drama.

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Paul Dale
PR for 7133 submitted.

 

 

Pauli

-- 

Oracle

Dr Paul Dale | Cryptographer | Network Security & Encryption 

Phone +61 7 3031 7217

Oracle Australia

 

From: Tim Hudson [mailto:t...@cryptsoft.com] 
Sent: Friday, 7 September 2018 8:51 AM
To: openssl-project@openssl.org
Subject: Re: [openssl-project] Release Criteria Update

 

All PRs except #7145 now reviewed and marked ready.

 

Tim 

 

On Fri, Sep 7, 2018 at 8:41 AM, Matt Caswell mailto:m...@openssl.org"m...@openssl.org> wrote:

We currently have 8 1.1.1 PRs that are open. 3 of which are in the
"ready" state. There are 2 which are alternative implementations of the
same thing - so there are really on 4 issues currently being addressed:

#7145 SipHash: add separate setter for the hash size

Owner: Richard
Awaiting review (CIs are failing)


#7141 Ensure certificate callbacks work correctly in TLSv1.3

Owner: Matt
Trivial change. Awaiting review


#7139 Remove a reference to SSL_force_post_handshake_auth()

Owner: Matt
Trivial change. Awaiting review


#7114 Process KeyUpdate and NewSessionTicket messages after a close_notify
Alternative implementation for #7058

Owner: Matt
Awaiting review. Anyone?


There 5 1.1.1 issues open - 3 of which should be solved by outstanding
PRS. The remaining 2 are:


#7014 TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of
18-Aug)

We thought we had a fix for this, but the PR in question does not seem
to have solved the OPs issue


#7133 X509_sign SIGSEGVs with NULL private key

Should be an easy fix


Matt
___
openssl-project mailing list
HYPERLINK "mailto:openssl-project@openssl.org"openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

 
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

[openssl-project] Release Criteria Update

2018-09-06 Thread Matt Caswell
We currently have 8 1.1.1 PRs that are open. 3 of which are in the
"ready" state. There are 2 which are alternative implementations of the
same thing - so there are really on 4 issues currently being addressed:

#7145 SipHash: add separate setter for the hash size

Owner: Richard
Awaiting review (CIs are failing)


#7141 Ensure certificate callbacks work correctly in TLSv1.3

Owner: Matt
Trivial change. Awaiting review


#7139 Remove a reference to SSL_force_post_handshake_auth()

Owner: Matt
Trivial change. Awaiting review


#7114 Process KeyUpdate and NewSessionTicket messages after a close_notify
Alternative implementation for #7058

Owner: Matt
Awaiting review. Anyone?


There 5 1.1.1 issues open - 3 of which should be solved by outstanding
PRS. The remaining 2 are:


#7014 TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of
18-Aug)

We thought we had a fix for this, but the PR in question does not seem
to have solved the OPs issue


#7133 X509_sign SIGSEGVs with NULL private key

Should be an easy fix


Matt
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Viktor Dukhovni



> On Sep 6, 2018, at 6:25 PM, Matt Caswell  wrote:
> 
> I'm not keen on that. What do others think?

No objections to issuing a release.  We're unlikely to have to change the
API/ABI or feature set based on further beta feedback.  Any late bugs can
be fixed in 1.1.1a, and unless they trigger CVEs, there's no compelling
reason to wait.  Barring specific concerns, I am not opposed to release
as planned.

-- 
Viktor.

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Tim Hudson
We need to get this release out and available - there are a lot of people
waiting on the "production"release - and who won't go forward on a beta
(simple fact of life there).

I don't see the outstanding items as release blockers - and they will be
wrapped up in time.

Having the release date as a drive I think helps for a lot of focus - and
more stuff has gone into 1.1.1 that we originally anticipated because we
held it open waiting on TLSv1.3 finalisation.

So a +1 for keeping to the release date.

Tim.


On Fri, Sep 7, 2018 at 8:25 AM, Matt Caswell  wrote:

>
>
> On 06/09/18 17:32, Kurt Roeckx wrote:
> > On Tue, Sep 04, 2018 at 05:11:41PM +0100, Matt Caswell wrote:
> >> Current status of the 1.1.1 PRs/issues:
> >
> > Since we did make a lot of changes, including things that
> > applications can run into, would it make sense to have an other
> > beta release?
>
> I'm not keen on that. What do others think?
>
> Matt
>
> ___
> openssl-project mailing list
> openssl-project@openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
>
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Matt Caswell



On 06/09/18 17:32, Kurt Roeckx wrote:
> On Tue, Sep 04, 2018 at 05:11:41PM +0100, Matt Caswell wrote:
>> Current status of the 1.1.1 PRs/issues:
> 
> Since we did make a lot of changes, including things that
> applications can run into, would it make sense to have an other
> beta release?

I'm not keen on that. What do others think?

Matt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Kurt Roeckx
On Tue, Sep 04, 2018 at 05:11:41PM +0100, Matt Caswell wrote:
> Current status of the 1.1.1 PRs/issues:

Since we did make a lot of changes, including things that
applications can run into, would it make sense to have an other
beta release?


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] Release Criteria Update

2018-09-06 Thread Benjamin Kaduk
On Wed, Sep 05, 2018 at 06:04:08PM -0500, Benjamin Kaduk wrote:
> On Wed, Sep 05, 2018 at 11:59:34PM +0100, Matt Caswell wrote:
> > Today's update is that we still have 6 open PRs for 1.1.1. 5 of these
> > are the same as yesterday. The 1 that was marked as "ready" yesterday
> > has now been merged, and a new PR addressing issue #7014 has been opened.
> > 
> > There are still 2 open issues for 1.1.1 but both of these are now being
> > addressed by one of the open PRs.
> > 
> > That means there are still 4 "critical path" PRs open:
> > 
> > #7115 Restore historical SSL_get_servername() behavior
> > 
> > Updates made following earlier review. Ready for another round of reviews??
> > Owner: Ben.
> 
> I believe it's ready for another round of reviews, yes.
> Do we think we want to wait for confirmation from @MSP-Greg?

I see that Matt has marked this one as Ready.
I'm going to be "on a plane" (not exactly, but effectively so) for the next
9-ish hours and am not confident that I'll be able to merge it until
tomorrow.  I also see that the original reporter is still not having
success; is anyone in a position to try to set up those Ruby EventMachine
tests (it's unclear if it needs to be on windows or not)?

-Ben
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project