Rich Salz via RT | 29 Aug 17:55 2014
Picon

[openssl.org #2996] PATCH: cygwin (and probably others) support broken by long time

As Andy explained, this is a mis-configuration issue. Not an openssl bug.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 17:52 2014
Picon

[openssl.org #3246] CSR version is not printed properly

Fixed in head:
-commit b09eb246e2385ff629e365043290bbb485e99588
Author: Rich Salz <rsalz <at> akamai.com>
Date: Tue Aug 26 22:31:11 2014 -0400

RT3246: req command prints version number wrong

Make X509_REQ_print_ex do the same thing that
X509_REQ_print does.

Reviewed-by: Matt Caswell <matt <at> openssl.org>

-
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 17:44 2014
Picon

[openssl.org #2990] Bug Report:openssl timezone issue

This is, unfortunately, the tip of an iceberg. The timezone offset is actually
stored in the ASN1 string, it's just not displayed. There's a bunch of
RFC-compliant issues involved, date and time parsing, etc.

--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Frank Meier | 29 Aug 16:19 2014
Picon

openssl 1.0.1i ignores ciphers in cipherlist


While testing different ciphersuites I found a quite drastic change in 
the behavior between openssl version 1.0.1h to 1.0.1i. While using a 
cipherlist like "ECDHE-RSA-AES128-SHA256:RC4" with 1.0.1h the 
"ECDHE-RSA-AES128-SHA256" cipher is used. With 1.0.1i uses "RC4-SHA".

example:
$ openssl s_server -cert server.pem
....
$ openssl s_client -cipher "ECDHE-RSA-AES128-SHA256:RC4" -connect 
localhost:4443
....
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : ECDHE-RSA-AES128-SHA256

I guess following patch is responsible for the change in behavior: 
http://rt.openssl.org/Ticket/Display.html?id=3374. There it says the 
SSLv2 client-hello does not include enough information to establish a 
connection with ECDHE, so this ciphers are not included in the 
cipherlist. But the test with 1.0.1i shows that it works at least 
against my openssl s_server.

I think this behavior could force established applications to use 
"lower-strength" ciphers with openssl 1.0.1i than before with 1.0.1h. 
(Continue reading)

Rich Salz via RT | 29 Aug 06:05 2014
Picon

[openssl.org #1781] make makefiles traceable in 0.9.8i

Not doing this because of portability concerns.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 05:55 2014
Picon

[openssl.org #2948] thousands of getpid called inside libcrypto.sl.0.9.8

working as designed and required. no bug. closing ticket.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 05:51 2014
Picon

[openssl.org #1673] ssl handshake failure when protocol specified (0.9.8g)

old release, cannot reproduce, closing ticket.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 05:50 2014
Picon

[openssl.org #1155] openssl-0.9.8 causes MS Windows fatal error when executing 'openssl exngine xxx'

old release. cannot reproduce. closing ticket.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 05:46 2014
Picon

[openssl.org #1867] Fw:About OpenSSL crashed in 0.9.8g

very old release. not enough information to reproduce. closing ticket.
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 05:44 2014
Picon

[openssl.org #2845] Impact on OpenSSL 0.9.8h from upcoming Microsoft patch

not an issue
--
Rich Salz, OpenSSL dev team; rsalz <at> openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev <at> openssl.org
Automated List Manager                           majordomo <at> openssl.org

Rich Salz via RT | 29 Aug 01:13 2014
Picon

[openssl.org #1665] Contribution of aes.pod

commit c7497f34fbf3824dd4a0881d598e598980f2edb1
Author: Rich Salz <rsalz <at> akamai.com>
Date: Thu Aug 14 10:50:26 2014 -0400

RT1665,2300: Crypto doc cleanups

RT1665: aes documentation.

Paul Green wrote a nice aes.pod file.
But we now encourage the EVP interface.
So I took his RT item and used it as impetus to add
the AES modes to EVP_EncryptInit.pod
I also noticed that rc4.pod has spurious references to some other
cipher pages, so I removed them.

RT2300: Clean up MD history (merged into RT1665)

Put HISTORY section only in EVP_DigestInit.pod. Also add words
to discourage use of older cipher-specific API, and remove SEE ALSO
links that point to them.

Make sure digest pages have a NOTE that says use EVP_DigestInit.

Review feedback:
More cleanup in EVP_EncryptInit.pod
Fixed SEE ALSO links in ripemd160.pod, sha.pod, mdc2.pod, blowfish.pod,
rc4.d, and des.pod. Re-order sections in des.pod for consistency

Reviewed-by: Matt Caswell <matt <at> openssl.org>

(Continue reading)


Gmane