On Thu, Jul 09, 2015 at 01:13:30PM +, Salz, Rich wrote:
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
In other words, if you are not using those specific releases -- i.e., the
ones that came out less than 30 days ago -- you do not need to upgrade.
More
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
ok, i have a crash in CMS_verify that suggests i'm not
setting up the store of CAs properly, or i may have made
an error setting up the CA. what should i be looking at
with this error?
(gdb) bt
#0 0x77909b6c in X509_STORE_get_by_subject ()
On Thu, Jul 09, 2015 at 09:47:00AM -0500, Tom Browder wrote:
I get the following warnings from compiling the latest openssl with gcc 4.7.2:
ecp_nistp224.c: In function 'batch_mul':
ecp_nistp224.c:1105:29: warning: array subscript is above array bounds
[-Warray-bounds]
In my copy of 1.0.2d,
On 09/07/15 15:47, Tom Browder wrote:
I get the following warnings from compiling the latest openssl with gcc 4.7.2:
ec_key.c: In function 'EC_KEY_set_public_key_affine_coordinates':
ec_key.c:369:26: warning: variable 'is_char_two' set but not used
[-Wunused-but-set-variable]
I don't get
I get the following warnings from compiling the latest openssl with gcc 4.7.2:
ec_key.c: In function 'EC_KEY_set_public_key_affine_coordinates':
ec_key.c:369:26: warning: variable 'is_char_two' set but not used
[-Wunused-but-set-variable]
ecp_nistp224.c: In function 'batch_mul':
On Thu, Jul 09, 2015, Richard Welty wrote:
how does one set a content type for a signed CMS object?
i am creating it with a call to CMS_sign (with flag CMS_PARTIAL
set among others), then when i call CMS_set1_eContentType
it crashes.
That should work because that's what the cms utility
On Thu, Jul 9, 2015 at 10:25 AM, Matt Caswell m...@openssl.org wrote:
On 09/07/15 15:47, Tom Browder wrote:
I get the following warnings from compiling the latest openssl with gcc
4.7.2:
ec_key.c: In function 'EC_KEY_set_public_key_affine_coordinates':
ec_key.c:369:26: warning: variable
On Thu, Jul 9, 2015 at 10:22 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Thu, Jul 09, 2015 at 09:47:00AM -0500, Tom Browder wrote:
...
ecp_nistp224.c: In function 'batch_mul':
ecp_nistp224.c:1105:29: warning: array subscript is above array bounds
...
In my copy of 1.0.2d, line
On Thu, Jul 09, 2015 at 11:50:25AM -0500, Tom Browder wrote:
On Thu, Jul 9, 2015 at 10:22 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Thu, Jul 09, 2015 at 09:47:00AM -0500, Tom Browder wrote:
...
ecp_nistp224.c: In function 'batch_mul':
ecp_nistp224.c:1105:29: warning: array
On Thu, Jul 9, 2015 at 2:14 AM, Matthew Donald
matthew.b.don...@gmail.com wrote:
One of Imapfilter's users is having problems verifying certificates. They
are running Imapfilter on OSX, which I don't have access to. In addition, I
understand that OSX runs a custom version of OpenSSL, which
One of Imapfilter's users is having problems verifying certificates. They
are running Imapfilter on OSX, which I don't have access to. In addition,
I understand that OSX runs a custom version of OpenSSL, which has changes
to the way certificates are verified.
Could someone help me debug the
Hi All,
We are getting the below error in syslog file in FIPS mode.
sshd[5939]: error: openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1
This is hitting when connecting between two servers using ssh
authentication.
Please let me know how can I solve this issue.
Openssl version :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.2d released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2d of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1p released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.1p of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During certificate verification, OpenSSL
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
In other words, if you are not using those specific releases -- i.e., the ones
that came out less than 30 days ago -- you do not need to upgrade.
___
openssl-users mailing list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
how does one set a content type for a signed CMS object?
i am creating it with a call to CMS_sign (with flag CMS_PARTIAL
set among others), then when i call CMS_set1_eContentType
it crashes.
thanks,
richard
-BEGIN PGP SIGNATURE-
Comment:
On Debian and Macports, the script below returns Verify return code:
0 (ok). Effectively, it claims Google's CA is certifying Microsoft
properties.
Some folks claim this is expected behavior. s_client(3) does not
discuss the expected behavior, so I'm not sure what should be
expected. (I thought
On 09/07/2015 21:52, Karl Vogel wrote:
On 08/07/2015 20:23, Salz, Rich wrote:
1. Is there any good reason to remove this code?
R Yes. If it's not tested, reviewed, or in general use, then it's
R more likely to be harmful (source of bugs) than useful.
On Wed, 08 Jul 2015 20:47:43 +0200,
OpenSSL is a critical part of security in too many places for us to take on
any unnecessary technical debt.
This is a somewhat empty argument as long as no one bothers to properly
determine if a piece of code is a debt or an asset.
I claim that we are being careful and doing the proper
On 09/07/2015 23:09, Salz, Rich wrote:
OpenSSL is a critical part of security in too many places for us to take on
any unnecessary technical debt.
This is a somewhat empty argument as long as no one bothers to properly
determine if a piece of code is a debt or an asset.
I claim that we are
Because both methods confirm your prior decisions, you therefore conclude
that you were always right in the first place.
Provably wrong. I wanted to get rid of Netware support as the first example
that comes to mind. As the second, I want to move all uses of RC4 and MD5 to
LOW strength
On 08/07/2015 20:23, Salz, Rich wrote:
1. Is there any good reason to remove this code?
R Yes. If it's not tested, reviewed, or in general use, then it's
R more likely to be harmful (source of bugs) than useful.
On Wed, 08 Jul 2015 20:47:43 +0200, Jakob Bohm replied:
J That's an overly
On 09/07/15 22:46, Jakob Bohm wrote:
On 09/07/2015 15:10, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 7/9/15 9:53 AM, Dr. Stephen Henson wrote:
On Thu, Jul 09, 2015, Richard Welty wrote:
how does one set a content type for a signed CMS object? i am
creating it with a call to CMS_sign (with flag CMS_PARTIAL set
among others), then when i
On 09/07/2015 15:10, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During
26 matches
Mail list logo