Rich Salz via RT | 30 Jan 03:50 2015
Picon

[openssl.org #3681] function pointers in BIO set_callback

set_callback takes a void*, not a function pointer. Strictly speaking that's
not portable. And there are other some other issues. See bio/bio_conn.c the
#if0 section, and and the FIXME comment in ssl_callback_ctrl in ssl/ssl_bio.c

There is also internal commentary at
https://gitlab.openssl.org/openssl/openssl/merge_requests/245
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

David Ramos via RT | 29 Jan 20:33 2015
Picon

[openssl.org #3680] NULL pointer dereference in tls1_check_chain (ssl/t1_lib.c)

Hello,

Our UC-KLEE tool found a NULL pointer dereference bug in tls1_check_chain (ssl/t1_lib.c) affecting
OpenSSL 1.0.2. The bug appears to have been introduced in commit
6660baee66e474058229911950e26e56f31fb0bf (12/26/2012).

The bug is triggered if either of the “goto end” statements are taken on lines (w.r.t. commit 4ac03295)
4125 or 4128, as these jumps bypass the assignment pf ‘cpk’ on line 4129.

The code then triggers a NULL pointer dereference when it dereferences ‘cpk’ on lines 4316 or 4332.

Please let me know if you have any questions.

Thanks,
-David

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Gisle Vanem | 29 Jan 13:09 2015
Picon

crypto/threads/th-lock.c error

I'm truly amazed that this error has been in there so long.
 From MingW's gcc:
   crypto/threads/th-lock.c:130:13: error: static declaration of 'CRYPTO_thread_cleanup' follows
non-static declaration
   crypto/threads/th-lock.c:89:6: note: previous declaration of 'CRYPTO_thread_cleanup' was here

Patch:

--- a/crypto/threads/th-lock.c    2015-01-28 22:47:16 +0000
+++ b/crypto/threads/th-lock.c    2015-01-29 13:05:34 +0000
 <at>  <at>  -127,7 +127,7  <at>  <at> 
      return (1);
  }

-static void CRYPTO_thread_cleanup(void)
+void CRYPTO_thread_cleanup(void)
  {
      int i;

----------

--

-- 
--gv
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Picon

Poodle Vulnerable

Hi,

 

For poodle vulnerability we have upgraded the openssl to 0.9.8zc version. But still result shows as vulnerable. (downloaded poodle.sh script from the link https://access.redhat.com/articles/1232123 to verify)

 

Thanks,

Kannan Narayanasamy.

 

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
David Ramos via RT | 28 Jan 10:49 2015
Picon

[openssl.org #3679] Memory leak in ssl_cert_dup (ssl/ssl_cert.c)

Hello,

Our UC-KLEE tool found a memory leak in ssl_cert_dup (ssl/ssl_cert.c). The bug affects commit
43257b9f51de749262258668c77c2f0f99d7a15b from the 1.0.2 branch, but it appears to date back many years.

On line 222 of ssl/ssl_cert.c, ssl_cert_dup() allocates a new CERT:

    ret = (CERT *)OPENSSL_malloc(sizeof(CERT));

If any of the subsequent allocations or _dup()’s fail, we jump to ‘err’, which frees many of the
fields within ‘ret’, but forgets to free ‘ret’ itself (leaking 728 bytes on my x86_64 Linux
build). I believe there needs to be a call to:

    OPENSSL_free(ret);

before the 'return NULL' at line 440.

Please let me know if you have any questions.

Thanks,
-David

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Devchandra L Meetei via RT | 28 Jan 10:43 2015
Picon

[openssl.org #3678] [PATCH] Correct the BIO_new_bio_pair example in man page

Hi all
Please check if the man page correction for BIO_new_bio_pair.
The earlier one was hard to understand and had to scratch hair for a long
time

Also it corrects syntax error in BIO_new_bio_pair.

-- 
Warm Regards
--Dev
OpenPegasus Developer

"I'm one of those people that think Thomas Edison and the light bulb
changed the world more than Karl Marx ever did," Steve Jobs

diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod
index 8d0a55a..51179d1 100644
--- a/doc/crypto/BIO_s_bio.pod
+++ b/doc/crypto/BIO_s_bio.pod
 <at>  <at>  -136,9 +136,9  <at>  <at>  without having to go through the SSL-interface.

  BIO *internal_bio, *network_bio;
  ...
- BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
+ BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0);
  SSL_set_bio(ssl, internal_bio, internal_bio);
- SSL_operations();
+ SSL_operations(); //e.g SSL_read and SSL_write
  ...

  application |   TLS-engine
 <at>  <at>  -147,9 +147,13  <at>  <at>  without having to go through the SSL-interface.
              |     /\    ||
              |     ||    \/
              |   BIO-pair (internal_bio)
-    +----------< BIO-pair (network_bio)
+             |   BIO-pair (network_bio)
+             |     ||     /\
+             |     \/     ||
+    +-----------< BIO_operations()
     |        |
-  socket     |
+    |        |
+   socket

   ...
   SSL_free(ssl);		/* implicitly frees internal_bio */
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Jerabek, Petr via RT | 28 Jan 10:42 2015
Picon

[openssl.org #3677] bug report - open ssl interactive command interface

Hello,

I found bug in interactive command inteface of openssl.
I did not check whether it is related only to specific windows build of openssl. Please do test of behavior in
other builds first.

Used openssl version: OpenSSL 1.0.1h 5 Jun 2014; Windows build
Bug description:
By mistake pressed tab key in command interface to expand path for enter path (tab path expansion is working
in common windows command prompt) to certificate for verification (command x509). Tab expansion is of
course not working in openssl. Problem is that using tab,backspace key sequence corrupts command buffer
and some way memory of open ssl is corrupted.

See attachment for content of corupted session.
First command in file was the one where I used tab, backspace key sequence.
Characters xw at the end of first command line were not possible to delete.

Regards,

Petr Jerabek

OpenSSL> OpenSSL> x509 -noout -dates -fingerprint -text -checkend 1209600 -certopt
no_issuer,no_validity,no_serial,no_signame,no_sigdump,no_pubkey,no_aux,no_version,ext_default
-in c:\temp  xw
Error opening Certificate c:\temp\cx
','rb')ror:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:398:fopen('c:\temp\cx
1916:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:400:
unable to load certificate
error in x509
OpenSSL> x509 -noout -dates -fingerprint -text -checkend 1209600 -certopt
no_issuer,no_validity,no_serial,no_signame,no_sigdump,no_pubkey,no_aux,no_version,ext_default
-in c:\temp\cxwi.cer
Error opening Certificate c:\temp\cxwi.cer
','rb')ror:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:398:fopen('c:\temp\cxwi.cer
1916:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:400:
unable to load certificate
error in x509
OpenSSL> x509 -noout -dates -fingerprint -text -checkend 1209600 -certopt
no_issuer,no_validity,no_serial,no_signame,no_sigdump,no_pubkey,no_aux,no_version,ext_default
-in c:\temp\cxwi.cer
Error opening Certificate c:\temp\cxwi.cer
','rb')ror:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:398:fopen('c:\temp\cxwi.cer
1916:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:400:
unable to load certificate
error in x509
OpenSSL> x509 -noout -dates -fingerprint -text -checkend 1209600 -certopt
no_issuer,no_validity,no_serial,no_signame,no_sigdump,no_pubkey,no_aux,no_version,ext_default
-in c:\temp\cxwi.cer
Error opening Certificate c:\temp\cxwi.cer
','rb')ror:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:398:fopen('c:\temp\cxwi.cer
1916:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:400:
unable to load certificate
error in x509
OpenSSL> x509 -noout -dates -fingerprint -text -checkend 1209600 -certopt
no_issuer,no_validity,no_serial,no_signame,no_sigdump,no_pubkey,no_aux,no_version,ext_default
-in c:\temp\cxwi.cer
Error opening Certificate c:\temp\cxwi.cer
','rb')ror:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:398:fopen('c:\temp\cxwi.cer
1916:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:400:
unable to load certificate
error in x509
OpenSSL> x509 -noout -dates -fingerprint -text -checkend 1209600 -certopt
no_issuer,no_validity,no_serial,no_signame,no_sigdump,no_pubkey,no_aux,no_version,ext_default
-in c:\temp\cxwi.cer
Error opening Certificate c:\temp\cxwi.cer
','rb')ror:0200107B:system library:fopen:Unknown error:.\crypto\bio\bss_file.c:398:fopen('c:\temp\cxwi.cer
1916:error:20074002:BIO routines:FILE_CTRL:system lib:.\crypto\bio\bss_file.c:400:
unable to load certificate
error in x509
OpenSSL> ?
' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms
crl               crl2pkcs7         dgst              dh
dhparam           dsa               dsaparam          ec
ecparam           enc               engine            errstr
gendh             gendsa            genpkey           genrsa
nseq              ocsp              passwd            pkcs12
pkcs7             pkcs8             pkey              pkeyparam
pkeyutl           prime             rand              req
rsa               rsautl            s_client          s_server
s_time            sess_id           smime             speed
spkac             srp               ts                verify
version           x509

Message Digest commands (see the `dgst' command for more details)
md4               md5               mdc2              rmd160
sha               sha1

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
aes-256-cbc       aes-256-ecb       base64            bf
bf-cbc            bf-cfb            bf-ecb            bf-ofb
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb
des               des-cbc           des-cfb           des-ecb
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb
des-ofb           des3              desx              idea
idea-cbc          idea-cfb          idea-ecb          idea-ofb
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc
rc2-cfb           rc2-ecb           rc2-ofb           rc4
rc4-40            seed              seed-cbc          seed-cfb
seed-ecb          seed-ofb

OpenSSL> version
' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms
crl               crl2pkcs7         dgst              dh
dhparam           dsa               dsaparam          ec
ecparam           enc               engine            errstr
gendh             gendsa            genpkey           genrsa
nseq              ocsp              passwd            pkcs12
pkcs7             pkcs8             pkey              pkeyparam
pkeyutl           prime             rand              req
rsa               rsautl            s_client          s_server
s_time            sess_id           smime             speed
spkac             srp               ts                verify
version           x509

Message Digest commands (see the `dgst' command for more details)
md4               md5               mdc2              rmd160
sha               sha1

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb
aes-256-cbc       aes-256-ecb       base64            bf
bf-cbc            bf-cfb            bf-ecb            bf-ofb
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb
des               des-cbc           des-cfb           des-ecb
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb
des-ofb           des3              desx              idea
idea-cbc          idea-cfb          idea-ecb          idea-ofb
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc
rc2-cfb           rc2-ecb           rc2-ofb           rc4
rc4-40            seed              seed-cbc          seed-cfb
seed-ecb          seed-ofb

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Picon

[openssl.org #3676] [PATCH] Export ASN1 templates for DH and ECDH groups

Add missing forward declarations and export declarations for DHparams
and EC[PK]PARAMETERS.

Add public functions to convert between EC_GROUP objects and EC[PK]PARAMETERS
objects: EC_GROUP_new_from_ec[pk]parameters(), EC_GROUP_get_ec[pk]parameters().

Signed-off-by: Dr. Matthias St. Pierre <msp <at> ncp-e.com>
---
 crypto/ec/ec.h      | 38 ++++++++++++++++++++++++++++++++++++++
 crypto/ec/ec_asn1.c | 30 ++++++++++++++++++++++++++----
 util/libeay.num     | 10 ++++++++++
 3 files changed, 74 insertions(+), 4 deletions(-)

This patch makes the ASN1 templates used internally by OpenSSL for
serializing DH and ECDH group parameters publicly available for reuse.

For example, if one wants to save a set of [EC]DH Groups together with
application defined data (like, group-name, group-id) to a file, it is
much easier to define a small set of ASN1 rules extending the existing
ones and let OpenSSL do the serialization, than having to fiddle around
with i2d_DHparams(), i2d_ECParameters(), etc., to embed the curve data
as a blob into an opaque ASN1 octet string.

diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index 98edfdf..97ccee8 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
 <at>  <at>  -128,6 +128,9  <at>  <at>  typedef struct ec_group_st

 typedef struct ec_point_st EC_POINT;

+typedef struct ecpk_parameters_st ECPKPARAMETERS;
+typedef struct ec_parameters_st ECPARAMETERS;
+
 /********************************************************************/
 /*               EC_METHODs for curves over GF(p)                   */
 /********************************************************************/
 <at>  <at>  -393,6 +396,38  <at>  <at>  EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
  */
 EC_GROUP *EC_GROUP_new_by_curve_name(int nid);

+/** Creates a new EC_GROUP object from an ECPARAMETERS object
+ *  \param  params  pointer to the ECPARAMETERS object
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params);
+
+/** Creates an ECPARAMETERS object for the the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPARAMETERS object or NULL
+ *  \return pointer to the new ECPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                        ECPARAMETERS *params);
+
+/** Creates a new EC_GROUP object from an ECPKPARAMETERS object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object, or NULL
+ *  \return newly created EC_GROUP object with specified curve, or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params);
+
+/** Creates an ECPKPARAMETERS object for the the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object or NULL
+ *  \return pointer to the new ECPKPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params);
+
 /********************************************************************/
 /*               handling of internal curves                        */
 /********************************************************************/
 <at>  <at>  -702,6 +737,9  <at>  <at>  int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
 /*                       ASN1 stuff                                 */
 /********************************************************************/

+DECLARE_ASN1_ITEM(ECPKPARAMETERS)
+DECLARE_ASN1_ITEM(ECPARAMETERS)
+
 /*
  * EC_GROUP_get_basis_type() returns the NID of the basis type used to
  * represent the field elements
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 2924374..d84c6d2 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
 <at>  <at>  -306,6 +306,28  <at>  <at>  static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
 static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
                                                   ECPKPARAMETERS *);

+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+{
+    return ec_asn1_parameters2group(params);
+}
+
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                        ECPARAMETERS *params)
+{
+    return ec_asn1_group2parameters(group, params);
+}
+
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+{
+    return ec_asn1_pkparameters2group(params);
+}
+
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params)
+{
+    return ec_asn1_group2pkparameters(group, params);
+}
+
 /* the function definitions */

 static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
 <at>  <at>  -540,7 +562,7  <at>  <at>  static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
 }

 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
-                                              ECPARAMETERS *param)
+                                              ECPARAMETERS *params)
 {
     int ok = 0;
     size_t len = 0;
 <at>  <at>  -555,13 +577,13  <at>  <at>  static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
         goto err;
     }

-    if (param == NULL) {
+    if (params == NULL) {
         if ((ret = ECPARAMETERS_new()) == NULL) {
             ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
             goto err;
         }
     } else
-        ret = param;
+        ret = params;

     /* set the version (always one) */
     ret->version = (long)0x1;
 <at>  <at>  -631,7 +653,7  <at>  <at>  static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
     ok = 1;

  err:if (!ok) {
-        if (ret && !param)
+        if (ret && !params)
             ECPARAMETERS_free(ret);
         ret = NULL;
     }
diff --git a/util/libeay.num b/util/libeay.num
index 4a11d78..bf0adc5 100755
--- a/util/libeay.num
+++ b/util/libeay.num
 <at>  <at>  -4412,3 +4412,13  <at>  <at>  ECDSA_METHOD_get_app_data               4770	EXIST::FUNCTION:ECDSA
 X509_VERIFY_PARAM_add1_host             4771	EXIST::FUNCTION:
 EC_GROUP_get_mont_data                  4772	EXIST::FUNCTION:EC
 i2d_re_X509_tbs                         4773	EXIST::FUNCTION:
+DHparams_it                             4774	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH
+DHparams_it                             4774	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH
+ECPARAMETERS_it                         4775	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
+ECPARAMETERS_it                         4775	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
+ECPKPARAMETERS_it                       4776	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:EC
+ECPKPARAMETERS_it                       4776	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:EC
+EC_GROUP_new_from_ecparameters          4777	EXIST::FUNCTION:EC
+EC_GROUP_get_ecparameters               4778	EXIST::FUNCTION:EC
+EC_GROUP_new_from_ecpkparameters        4779	EXIST::FUNCTION:EC
+EC_GROUP_get_ecpkparameters             4780	EXIST::FUNCTION:EC
--

-- 
2.0.5

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Satish.KumarYarru | 28 Jan 06:07 2015

Loading of different Server CA certificates

Hi,

 

I want to connect with different SSL servers. So I need to load different Server CA certs into SSL Context.

 

Is it possible to load different server CA certs of different SSL servers in a single SSL Context?

If yes, when I am connecting with SSL server, SSL client can traverse all the CA certificates in the SSL context, and can find the CA certificate that is fit for the Server URL?

 

If not, can you please help me how to address this issue?

 

Regards,
Satish

 

 

This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Gustavo Zacarias | 27 Jan 22:30 2015
Picon

[PATCH] Make c_rehash match commands starting with - (minus) instead of minus in any starting position, otherwise a directory named a-b breaks it

Signed-off-by: Gustavo Zacarias <gustavo <at> zacarias.com.ar>
---
 tools/c_rehash.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index 887e927..1df2fab 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
 <at>  <at>  -15,7 +15,7  <at>  <at>  my $symlink_exists=eval {symlink("",""); 1};
 my $removelinks = 1;

 ##  Parse flags.
-while ( $ARGV[0] =~ '-.*' ) {
+while ( $ARGV[0] =~ '^-.*' ) {
     my $flag = shift  <at> ARGV;
     last if ( $flag eq '--');
     if ( $flag =~ /-old/) {
--

-- 
2.0.5

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Salz, Rich | 27 Jan 20:48 2015

TSLEXT_TYPE_opaque_prf_input

This is an implementation of an IETF draft that expired seven years ago.  Is anyone using it?

 

-- 

Principal Security Engineer, Akamai Technologies

IM: rsalz <at> jabber.me Twitter: RichSalz

 

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Gmane