logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: OpenSSL 0.9.8i released
Author
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Wed 17 Sep '08 23:50    Post subject: OpenSSL 0.9.8i released Reply with quote

Don't know how important any of this is, I guess the one in RSA is worthy of an upgrade. If you roll-your-own like I do it's no skin off you butt to do it now and not wait till 2.2.10 is release.

I love how they use the term "SOL" in this change log, funny!

Changes between 0.9.8h and 0.9.8i [15 Sep 2008]

*) Fix a state transitition in s3_srvr.c and d1_srvr.c
(was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
[Nagendra Modadugu]

*) The fix in 0.9.8c that supposedly got rid of unsafe
double-checked locking was incomplete for RSA blinding,
addressing just one layer of what turns out to have been
doubly unsafe triple-checked locking.

So now fix this for real by retiring the MONT_HELPER macro
in crypto/rsa/rsa_eay.c.

[Bodo Moeller; problem pointed out by Marius Schilder]

*) Various precautionary measures:

- Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).

- Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
(NB: This would require knowledge of the secret session ticket key
to exploit, in which case you'd be SOL either way.)

- Change bn_nist.c so that it will properly handle input BIGNUMs
outside the expected range.

- Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
builds.

[Neel Mehta, Bodo Moeller]

*) Add support for Local Machine Keyset attribute in PKCS#12 files.
[Steve Henson]

*) Fix BN_GF2m_mod_arr() top-bit cleanup code.
[Huang Ying]

*) Expand ENGINE to support engine supplied SSL client certificate functions.

This work was sponsored by Logica.
[Steve Henson]

*) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
keystores. Support for SSL/TLS client authentication too.
Not compiled unless enable-capieng specified to Configure.

This work was sponsored by Logica.
[Steve Henson]

*) Allow engines to be "soft loaded" - i.e. optionally don't die if
the load fails. Useful for distros.
[Ben Laurie and the FreeBSD team]
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Thu 18 Sep '08 21:28    Post subject: Reply with quote

Yep, I am late nowadays with updates.

I had a HW failure (Raid card broken) on my DEV box, repaired now. So I make coming days a 2.2.9b build with APR 1.3.3, APR-Util 1.3.4 and OpenSSL 0.9.8i

Steffen

ps.
Hope my DEV box holds it, need a new one, but still short of money.
I plan to replace my server (Dell PowerEdge SC400) with a new one and use then my current server as DEV box.

Anyone experience with the new Dell PowerEdge T100 ?
Back to top


Reply to topic   Topic: OpenSSL 0.9.8i released View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout