Is there any patches to resolve the bug "memory leak with mod_ssl and zlib compression (CVE-2008-1678) ".
Please help Thanks Joshi 2008/10/13 joshi chandran <[EMAIL PROTECTED]> > Is this bug "memory leak with mod_ssl and zlib compression (CVE-2008-1678) > " is resolved in openssl 0.9.8h > > Please help > > Thanks > > Joshi > > > On Thu, Oct 9, 2008 at 4:09 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > >> You would probably need a FIPS_mode_set(1) somewhere after the openssl >> library initialization, and it would be a good thing to never keep any >> keys in the clear. As well, it would need to statically link to >> openssl 0.9.7m built with the fipscanister module. (If it uses >> features specific to openssl 0.9.8, you cannot create a FIPS-validated >> version at this time.) >> >> This is not an openssh support list, and I have not looked at the >> openssh sources to see what else would need to be changed. >> >> You must ALWAYS follow the FIPS security policy when dealing with >> anything FIPS. If the security policy says that some constraint must >> be met, that constraint must be met -- no matter how it impacts the >> function or even possibility of doing what you want. >> >> -Kyle H >> >> 2008/10/9 joshi chandran <[EMAIL PROTECTED]>: >> > Hi All, >> > >> > I am trying to make openssh compatible with the fips enabled openssl . >> can >> > anybody tell me what all changes i have make in openssh >> > >> > Please help >> > >> > Thanks >> > >> > Joshi >> > >> > >> > >> > >> > >> > problem was solved by updating openssl to the latest release 0.9.8i >> > (the one I used was 0.9.8a.) But I still don't know the root cause of >> > that aborting. Anyway, it works now. >> > >> > Thanks, >> > Elven >> > >> >> Date: Wed, 8 Oct 2008 01:21:08 -0700 >> >> Subject: Re: how to enable debug mode of openssl >> >> From: [EMAIL PROTECTED] >> >> To: [EMAIL PROTECTED] >> >> >> >> Hi Elven, >> >> >> >> I suggest try using ERR_print_errors (http://openssl.org/docs/crypto/ >> >> ERR_print_errors.html#) to get an idea of what error you are getting. >> >> You can call it right after your call to PEM_read_bio_X509. It is most >> >> likely to be a problem with the certificate data that you are feeding >> >> to OpenSSL. Have you tried verifying that the data is valid? >> >> >> >> --- Kah >> >> >> >> On Oct 8, 2:46 pm, [EMAIL PROTECTED] (曹飞) wrote: >> >> > I am using openssl in arm embedded platform. I want to support https, >> so >> >> > it will use openssl. But I have encouterd some problem. The >> application >> >> > aborted for some unknown reason. I tried to trace the problem and >> found the >> >> > it aborted on call "PEM_read_bio_X509" (ssl_rsa.c). And I can't t >> race deep >> >> > more. >> >> >> >> > > >> >> > > So is there any way to enable debug mode of openssl so that I can >> >> > > trace more deeply to find out the problem? >> >> > > >> >> > > Thanks. >> >> > > Elven >> >> > > _________________________________________________________________ >> >> > > 一点即聊,MSN推出新功能"点我!"http://im.live.cn/click/ >> >> > >> >> >> >> >> >> ________________________________ >> >> MSN上小游戏,工作休闲两不误! 马上就开始玩! >> > >> > >> > -- >> > Regards >> > Joshi Chandran >> > >> > > > > -- > Regards > Joshi Chandran > -- Regards Joshi Chandran
