On Thu, May 09, 2013 at 08:13:57PM +0200, Dr. Stephen Henson wrote:
> > One of the servers is:
> >
> > OpenSSL 0.9.9-dev 09 May 2008
> > built on: NetBSD 5.1_STABLE
> > platform: NetBSD-x86_64
> > options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int)
> > blowfish(idx)
> > compiler: gcc version 4.1.3 20080704 (prerelease) (NetBSD nb3 20111107)
> > OPENSSLDIR: "/etc/openssl"
> >
> > does that ring any bells? Can anyone think of a specific ticket-related
> > bug fixed between 0.9.9-dev and 1.0.0 that can account for malformed
> > handshakes with zero-length finished messages?
> >
> > With any luck this issue is limited to a small number of older
> > NetBSD servers running 0.9.9-dev.
> >
>
> In case it isn't clear there never was an official 0.9.9 release so this is
> presumably based on a development version snapshot.
Yes, I know. Some NetBSD releases in development concurrently with
what was OpenSSL 0.9.9 at the time ended up shipping some snapshot
of 0.9.9-dev when they were released ahead of OpenSSL 1.0.0,
presumably with some backported patches over time.
So perhaps they got the trouble they deserve by shipping an unstable
library in an unstable release.
If possible I would like to know which bug fix made the problem go
away, so that we can be sure it is really gone, and perhaps we can
tell users which versions are likely to have problems.
If the bug was eliminated "accidentally" as part of a rewrite or
while fixing related issues, then I may not get the answer I'm
looking for.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
