I just tracked down an obscure bug in our certificate authentication code to a change in in the global mask for ASN.1 strings in crypto/asn1/a_strnid.c. (https://github.com/openssl/openssl/commit/3009244da47b989c4cc59ba02cf81a4e9d8f8431) I have a couple of questions about this:
1. Was this change made for a security related reason? That is, by changing global_mask back to the 1.0.1g initialized value, are we introducing a security vulnerability? 2. Is there a changelist somewhere in the source tarball that lists the 1.0.1g to 1.0.1h revisions? Or a list that outlines changes in the default settings? This would be extremely helpful to incorporating newly released 1.0.1 subversions. The file CHANGES appears to only list security vulnerabilities. Any help is greatly appreciated. Andy Schmidt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
