Is this bug "memory leak with mod_ssl and zlib compression (CVE-2008-1678) " is resolved in openssl 0.9.8h
Please help Thanks Joshi On Thu, Oct 9, 2008 at 4:09 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > You would probably need a FIPS_mode_set(1) somewhere after the openssl > library initialization, and it would be a good thing to never keep any > keys in the clear. As well, it would need to statically link to > openssl 0.9.7m built with the fipscanister module. (If it uses > features specific to openssl 0.9.8, you cannot create a FIPS-validated > version at this time.) > > This is not an openssh support list, and I have not looked at the > openssh sources to see what else would need to be changed. > > You must ALWAYS follow the FIPS security policy when dealing with > anything FIPS. If the security policy says that some constraint must > be met, that constraint must be met -- no matter how it impacts the > function or even possibility of doing what you want. > > -Kyle H > > 2008/10/9 joshi chandran <[EMAIL PROTECTED]>: > > Hi All, > > > > I am trying to make openssh compatible with the fips enabled openssl . > can > > anybody tell me what all changes i have make in openssh > > > > Please help > > > > Thanks > > > > Joshi > > > > > > > > > > > > problem was solved by updating openssl to the latest release 0.9.8i > > (the one I used was 0.9.8a.) But I still don't know the root cause of > > that aborting. Anyway, it works now. > > > > Thanks, > > Elven > > > >> Date: Wed, 8 Oct 2008 01:21:08 -0700 > >> Subject: Re: how to enable debug mode of openssl > >> From: [EMAIL PROTECTED] > >> To: [EMAIL PROTECTED] > >> > >> Hi Elven, > >> > >> I suggest try using ERR_print_errors (http://openssl.org/docs/crypto/ > >> ERR_print_errors.html#) to get an idea of what error you are getting. > >> You can call it right after your call to PEM_read_bio_X509. It is most > >> likely to be a problem with the certificate data that you are feeding > >> to OpenSSL. Have you tried verifying that the data is valid? > >> > >> --- Kah > >> > >> On Oct 8, 2:46 pm, [EMAIL PROTECTED] (曹飞) wrote: > >> > I am using openssl in arm embedded platform. I want to support https, > so > >> > it will use openssl. But I have encouterd some problem. The > application > >> > aborted for some unknown reason. I tried to trace the problem and > found the > >> > it aborted on call "PEM_read_bio_X509" (ssl_rsa.c). And I can't t race > deep > >> > more. > >> > >> > > > >> > > So is there any way to enable debug mode of openssl so that I can > >> > > trace more deeply to find out the problem? > >> > > > >> > > Thanks. > >> > > Elven > >> > > _________________________________________________________________ > >> > > 一点即聊,MSN推出新功能"点我!"http://im.live.cn/click/ > >> > > >> > >> > >> ________________________________ > >> MSN上小游戏,工作休闲两不误! 马上就开始玩! > > > > > > -- > > Regards > > Joshi Chandran > > > -- Regards Joshi Chandran
