No. NATAWUT SUKRAT @jack
ในวันที่ พ. 13 มิ.ย. 2018 12:51 <openssl-users-requ...@openssl.org> เขียนว่า: > Send openssl-users mailing list submissions to > openssl-users@openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users > or, via email, send a message with subject or body 'help' to > openssl-users-requ...@openssl.org > > You can reach the person managing the list at > openssl-users-ow...@openssl.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of openssl-users digest..." > > > Today's Topics: > > 1. OpenSSL Security Advisory (OpenSSL) > 2. Re: OpenSSL 1.1.0: How to get X509_STORE from X509_LOOKUP? > (Matt Caswell) > 3. Re: 2 openssl installed? (Jan Just Keijser) > 4. Re: Advantech openssl compatibility issue (Brian.Chou) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 12 Jun 2018 10:18:03 +0000 > From: OpenSSL <open...@openssl.org> > To: openssl-proj...@openssl.org, OpenSSL User Support ML > <openssl-users@openssl.org>, OpenSSL Announce ML > <openssl-annou...@openssl.org> > Subject: [openssl-users] OpenSSL Security Advisory > Message-ID: <20180612101803.ga31...@openssl.org> > Content-Type: text/plain; charset=us-ascii > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > OpenSSL Security Advisory [12 June 2018] > ======================================== > > Client DoS due to large DH parameter (CVE-2018-0732) > ==================================================== > > Severity: Low > > During key agreement in a TLS handshake using a DH(E) based ciphersuite a > malicious server can send a very large prime value to the client. This will > cause the client to spend an unreasonably long period of time generating a > key > for this prime resulting in a hang until the client has finished. This > could be > exploited in a Denial Of Service attack. > > Due to the low severity of this issue we are not issuing a new release of > OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL > 1.1.0i > and OpenSSL 1.0.2p when they become available. The fix is also available in > commit ea7abeeab (for 1.1.0) and commit 3984ef0b7 (for 1.0.2) in the > OpenSSL git > repository. > > This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken who > also > developed the fix. > > References > ========== > > URL for this Security Advisory: > https://www.openssl.org/news/secadv/20180612.txt > > Note: the online version of the advisory may be updated with additional > details > over time. > > For details of OpenSSL severity classifications please see: > https://www.openssl.org/policies/secpolicy.html > -----BEGIN PGP SIGNATURE----- > > iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlsfnTgACgkQ2cTSbQ5g > RJE9Twf/VSgXaFPlW+JyA2BAiwGREMr/oMQe8mhmka3WQgNb7oMQRxk4ZqwRvLi2 > ggPVOQilJ+tkXgeifEQ3SDRxDnnmcUvxbWB8Lt+7tjhM6O+GYGbGbzupnkBs2IIY > 72vll4l7ySMQ8/fcdU/uuNyObfigLC9XndH3tEewxffs6uvDxMyGhZmNQpq1aZNj > rGj3dETUuO/Ln8siAD7nkv9xodRINViMP76fSKAtdaikvZa3uhLBMhX5tOzpR/ta > tc2+6uthdU9JjSRZZpfDlzzhsOFqMrLfOLrJQIIXshxUNeOZyJCkmT9ED8XZRDMB > twb1kOxCKz8Ky+Xm/Rki9uRVoZFjBg== > =kKic > -----END PGP SIGNATURE----- > > > ------------------------------ > > Message: 2 > Date: Tue, 12 Jun 2018 11:32:21 +0100 > From: Matt Caswell <m...@openssl.org> > To: openssl-users@openssl.org > Subject: Re: [openssl-users] OpenSSL 1.1.0: How to get X509_STORE from > X509_LOOKUP? > Message-ID: <3766b295-2914-b3a1-a259-0d9a81a25...@openssl.org> > Content-Type: text/plain; charset=utf-8 > > > > On 12/06/18 10:58, Stephan M?hlstrasser wrote: > > In OpenSSL 1.0.2 this was no problem as the "X509_STORE *store_ctx" > > member of the X509_LOOKUP structure was directly accessible. But in > > OpenSSL 1.1.0 the X509_LOOKUP structure is opaque, and as far as I can > > see there is no API function available that would retrieve the > > X509_STORE pointer from a X509_LOOKUP pointer. > > > > Is this intentional, or was this an omission when making the X509_LOOKUP > > structure opaque in OpenSSL 1.1.0? > > It was an omission that is fixed in the latest dev version of OpenSSL > 1.1.0. See this commit: > > > https://github.com/openssl/openssl/commit/6912debb881e669f7a7fb621588e20347111c4f0 > > This will be in 1.1.0i when it gets released (no released date as yet). > > Matt > > > > ------------------------------ > > Message: 3 > Date: Tue, 12 Jun 2018 18:30:08 +0200 > From: Jan Just Keijser <janj...@nikhef.nl> > To: openssl-users@openssl.org, Sampei <sampe...@tiscali.it> > Subject: Re: [openssl-users] 2 openssl installed? > Message-ID: <a983eb13-92a8-f054-dfac-0c881ad8d...@nikhef.nl> > Content-Type: text/plain; charset=utf-8; format=flowed > > Hi, > > On 07/06/18 06:14, Sampei wrote: > > > > t?s a server installed many many years ago and there are applications > > which are no used. > > Server is too late and I have new server (latest Centos 6) for > > migrating where I installed latest version. > > I?d like to take to new server all certificate database (certificated > > included) which I created. > > Openssl is only tool to create test certificates. > > I don?t know if there are apps which are using the e configs, but I > > think no. > > > this has little to do with OpenSSL itself and more with PKI management. > Basically, your problem seems to be that you have an older server and > you don't know where the certificates and private keys (i.e. the PKI) > were stored. What you need to do, is find out where the certifcates are > held, together with the index.txt file. In order to do so, you could use > something like > ? find / -name '*.pem' > or > ? find / -name index.txt > and check all directories where such files are found. This will be a > lengthy process, as the find command has to traverse the entire filesystem. > > good luck, > > JJK > > > > ------------------------------ > > Message: 4 > Date: Wed, 13 Jun 2018 05:40:01 +0000 > From: Brian.Chou <brian.c...@advantech.com.tw> > To: "openssl-users@openssl.org" <openssl-users@openssl.org> > Cc: "Brian.Ng" <brian...@advantech.com>, "Mojo.Huang" > <mojo.hu...@advantech.com.tw> > Subject: Re: [openssl-users] Advantech openssl compatibility issue > Message-ID: <ea8de7a39ca24fd9bb6db14301d15...@taipei08.advantech.corp> > Content-Type: text/plain; charset="us-ascii" > > Subscribe and send again. > > From: Brian.Chou > Sent: Wednesday, June 13, 2018 1:21 PM > To: 'openssl-users@openssl.org' > Cc: Brian.Ng; Mojo.Huang > Subject: Advantech openssl compatibility issue > > Dear support team > > We met openssl crash issue on our Intel Atom C3000 SoC platform. > Openssl crashes when run "s_client -connect IP:Port" command. > In win10 event viewer it show "Faulting module name:LIBEAY32.dll, > version:1.0.2.8......". (Figure 1) > The issue only happened to "1.0.2h" or older version. (Table 1) > And other CPU/Chipset on our side can work normally with same command. > Can you help to explain what changes are made between "1.0.2h" and > "1.0.2i" that may cause this issue? > Please let me know if you need more info, thank you. > > Note: We found similar issue by google, not sure if it's related. ( > https://forum.filezilla-project.org/viewtopic.php?f=6&t=32837&sid=14d3d99cb60f1a6867d16aba89403015 > < > https://urldefense.proofpoint.com/v2/url?u=https-3A__forum.filezilla-2Dproject.org_viewtopic.php-3Ff-3D6-26t-3D32837-26sid-3D14d3d99cb60f1a6867d16aba89403015&d=DwMFAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=lgpGrPZI_ai301hZxt6u5Jb3XQrxd6ed5-1gL-SJmDE&s=cNoUfknWBgsh-JRnghh6TVNsW72g89P7uuSrJLnLn8g&e= > >) > > Table 1.Test under Winsvr 2016/Win10 > Openssl version > > Connect by "s_client -connect IP:Port" > > 1.0.2g > > Fail > > 1.0.2h > > Fail > > 1.0.2i > > Pass > > 1.0.2o > > Pass > > 1.0.0d > > Pass > > > > Figure 1 > [cid:image002.jpg@01D40273.2D91C710] > Best regards, > Brian Chou > Application Engineering of Industrial IoT Group > Advantech Co., Ltd. > Tel: 886-2-2792-7818 ext,1431 > e-mail:brian.c...@advantech.com.tw<mailto:brian.c...@advantech.com.tw> > > > > Best regards, > Brian Chou > Application Engineering of Industrial IoT Group > Advantech Co., Ltd. > Tel: 886-2-2792-7818 ext,1431 > e-mail:brian.c...@advantech.com.tw<mailto:brian.c...@advantech.com.tw> > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mta.openssl.org/pipermail/openssl-users/attachments/20180613/0053e43a/attachment.html > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: image001.jpg > Type: image/jpeg > Size: 30883 bytes > Desc: image001.jpg > URL: < > http://mta.openssl.org/pipermail/openssl-users/attachments/20180613/0053e43a/attachment.jpg > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > openssl-users mailing list > openssl-users@openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-users > > > ------------------------------ > > End of openssl-users Digest, Vol 43, Issue 16 > ********************************************* >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
