Greetings In researching the vulnerability CVE-2009-0590 reported against OpenSSL the documentation I have read states the following.
"This issue only affects CMS users: CMS is only present in OpenSSL 0.9.8h and later where it is disabled by default and 0.9.9-dev." We are using OpenSSL 0.9.8i. My questions are as follows. 1) Can someone tell me how to enable and disable this functionality. I see nothing in the documentation or our installation documents that tells me this. Basically, is this a compile time enabling or a run time or an install time enabling? 2) In reading the quote I can read it as saying that CMS by default is disable in versions 0.9.8h and later or is it disabled by default for versions past 0.9.8h (i.e. 0.9.8i, etc). Which is it? 3) When and why would I enable this functionality? Steve
