Re: LibreSSL 2.0.3 released

2014-07-23 Thread Dongsheng Song
On Tue, Jul 22, 2014 at 10:01 AM, Bob Beck b...@openbsd.org wrote: We have released an update, LibreSSL 2.0.3 - which should be arriving in the LibreSSL directory of an OpenBSD mirror near you very soon. This release includes a number of portability fixes based on the the feedback we have

[PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Hanno Böck
Hi, Quick background: Some router firmwares from F5 have a bug that they fail if the SSL handshake is between 256 and 511 bytes. Following up that openssl and other major ssl implementations introduced a TLS padding extension that does nothing else than padding the handshake if it is between

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Loganaden Velvindron
On Wed, Jul 23, 2014 at 10:20:23AM +0200, Hanno B?ck wrote: Hi, Quick background: Some router firmwares from F5 have a bug that they fail if the SSL handshake is between 256 and 511 bytes. F5 should issue fixes for their firmware. Following up that openssl and other major ssl

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Hanno Böck
On Wed, 23 Jul 2014 01:28:45 -0700 Loganaden Velvindron lo...@elandsys.com wrote: On Wed, Jul 23, 2014 at 10:20:23AM +0200, Hanno B?ck wrote: Quick background: Some router firmwares from F5 have a bug that they fail if the SSL handshake is between 256 and 511 bytes. F5 should issue fixes

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Stuart Henderson
On 2014/07/23 10:36, Hanno Böck wrote: On Wed, 23 Jul 2014 01:28:45 -0700 Loganaden Velvindron lo...@elandsys.com wrote: On Wed, Jul 23, 2014 at 10:20:23AM +0200, Hanno B?ck wrote: Quick background: Some router firmwares from F5 have a bug that they fail if the SSL handshake is between

resume vs wsmoused vs X vs pms

2014-07-23 Thread Martin Pieuchot
Diff below changes pms(4) to make sure only one thread can change the state, thus generating I/O, of the underlying device at the same time. It fixes a race easily reproducible when a machine having wsmoused(8) and X running is resumed. The problem is that the first program trying to activate

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Bob Beck
An interesting thought Hanno - do we know what other implementations (Polar, GnuTLS, etc.) do by default? I'm inclined to agree that it never should have been done. Having said that, before we nuke it we kind of need to know if this is has become de-facto standard behaviour thanks to OpenSSL

Re: LibreSSL 2.0.3 released

2014-07-23 Thread Martin Hecht
On 07/23/2014 10:09 AM, Dongsheng Song wrote: On Tue, Jul 22, 2014 at 10:01 AM, Bob Beck b...@openbsd.org wrote: We have released an update, LibreSSL 2.0.3 - which should be arriving in the LibreSSL directory of an OpenBSD mirror near you very soon. This release includes a number of

Re: LibreSSL 2.0.3 released

2014-07-23 Thread Brent Cook
On Jul 23, 2014, at 8:16 AM, Martin Hecht he...@hlrs.de wrote: On 07/23/2014 10:09 AM, Dongsheng Song wrote: On Tue, Jul 22, 2014 at 10:01 AM, Bob Beck b...@openbsd.org wrote: We have released an update, LibreSSL 2.0.3 - which should be arriving in the LibreSSL directory of an OpenBSD mirror

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Brent Cook
On Jul 23, 2014, at 8:04 AM, Bob Beck b...@obtuse.com wrote: An interesting thought Hanno - do we know what other implementations (Polar, GnuTLS, etc.) do by default? PolarSSL does not generate the extension, but tolerates it on the server side. GnuTLS generates it if you enable the %COMPAT

IEEE80211_DEBUG

2014-07-23 Thread Nathanael Rensen
The IEEE80211_DEBUG kernel option needs a little help to compile. Index: ieee80211_pae_input.c === RCS file: /cvs/src/sys/net80211/ieee80211_pae_input.c,v retrieving revision 1.19 diff -u -p -r1.19 ieee80211_pae_input.c ---

Re: LibreSSL 2.0.3 released

2014-07-23 Thread Michał Markowski
2014-07-23 15:16 GMT+02:00 Martin Hecht he...@hlrs.de: ...the same (PASS: 42) for Ubuntu 12.04 Scientific Linux 6.5 SLES 11 SP 1 LTSS Count in current Arch Linux (x86_64): # TOTAL: 42 # PASS: 42 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 -- Michał Markowski

Re: IEEE80211_DEBUG

2014-07-23 Thread Chris Cappuccio
Nathanael Rensen [nathan...@list.polymorpheus.com] wrote: The IEEE80211_DEBUG kernel option needs a little help to compile. Index: ieee80211_pae_input.c === RCS file: /cvs/src/sys/net80211/ieee80211_pae_input.c,v retrieving

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Bob Beck
I think we can consider removing it, but I think it might be best to wait until after the forthcoming OpenBSD release. On Wed, Jul 23, 2014 at 8:01 AM, Brent Cook bust...@gmail.com wrote: On Jul 23, 2014, at 8:04 AM, Bob Beck b...@obtuse.com wrote: An interesting thought Hanno - do we know

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Ted Unangst
On Wed, Jul 23, 2014 at 10:20, Hanno Böck wrote: Hi, Quick background: Some router firmwares from F5 have a bug that they fail if the SSL handshake is between 256 and 511 bytes. Following up that openssl and other major ssl implementations introduced a TLS padding extension that does

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Theo de Raadt
Quick background: Some router firmwares from F5 have a bug that they fail if the SSL handshake is between 256 and 511 bytes. Following up that openssl and other major ssl implementations introduced a TLS padding extension that does nothing else than padding the handshake if it is

Re: [PATCH, libressl] discuss: removal of padding extension?

2014-07-23 Thread Claus Assmann
On Wed, Jul 23, 2014, Ted Unangst wrote: On Wed, Jul 23, 2014 at 10:20, Hanno B??ck wrote: Quick background: Some router firmwares from F5 have a bug that they fail if the SSL handshake is between 256 and 511 bytes. Is this the same problem discussed in Message-ID: