> On Mar 30, 2020, at 6:12 AM, Jeremy Harris wrote:
>
> On 30/03/2020 10:12, Viktor Dukhovni wrote:
>> On Mon, Mar 30, 2020 at 09:37:51AM +0100, Jeremy Harris wrote:
>>
>>> On 30/03/2020 08:41, Dan Fulger wrote:
Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
But CentOS
On Mon, Mar 30, 2020 at 09:37:51AM +0100, Jeremy Harris wrote:
> On 30/03/2020 08:41, Dan Fulger wrote:
> > Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
> > But CentOS 8.1 was released in January, with OpenSSL 1.1.1c.
>
> Fortunately, with Viktor's help, the application fix is a
>
On 30/03/2020 08:41, Dan Fulger wrote:
> Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
> But CentOS 8.1 was released in January, with OpenSSL 1.1.1c.
Fortunately, with Viktor's help, the application fix is a
one-liner and is compatible across versions.
--
Cheers,
Jeremy
Indeed, CentOS 8.0 has OpenSSL 1.1.1 with very few updates.
But CentOS 8.1 was released in January, with OpenSSL 1.1.1c.
On Fri, Mar 27, 2020 at 10:10:16PM +, Jeremy Harris wrote:
> >> A simple code addition to avoid that call in the client case sounds
> >> in order.
>
> Testing, it appears to work - I get resumption and not that error.
> And the Exim testsuite shows no regressions, at least on my laptop
> (wh
On 27/03/2020 21:52, Viktor Dukhovni wrote:
> On Fri, Mar 27, 2020 at 09:25:28PM +, Jeremy Harris wrote:
>
>>> If the distro started with 1.1.1 and only backported security fixes, you
>>> could be running an OpenSSL version with the unintentional bidirectional
>>> setting.
>>
>> .. either this
On Fri, Mar 27, 2020 at 09:25:28PM +, Jeremy Harris wrote:
> > If the distro started with 1.1.1 and only backported security fixes, you
> > could be running an OpenSSL version with the unintentional bidirectional
> > setting.
>
> .. either this, or even an unpatched basic 1.1.1 .
>
> A simpl
On 27/03/2020 21:07, Viktor Dukhovni wrote:
> That function should only affect the server -> client direction.
> Briefly, in OpenSSL 1.1.1 it affected both the client and server
> directions, but this was fixed in OpenSSL 1.1.1a.
If Centos is following the same pattern in 8 as they did in 7,
they
On Fri, Mar 27, 2020 at 08:20:55PM +, Jeremy Harris wrote:
> > Right, you're running out of space by trying to send too many
> > CA names. It is better to have this fail, so you can figure
> > what is trying to dump your entire trusted CA list (of names)
> > to the server, than to actually ha
On 26/03/2020 00:58, Viktor Dukhovni wrote:
> On Thu, Mar 26, 2020 at 12:40:08AM +, Jeremy Harris wrote:
>
>> Looks like I'm wrong, from the behaviour.
>>
>> It's the second of the possible places, and "i" is 129.
>> It appears to be failing the WPACKET_sub_allocate_bytes_u16()
>> call. %rs
On Thu, Mar 26, 2020 at 12:40:08AM +, Jeremy Harris wrote:
> Looks like I'm wrong, from the behaviour.
>
> It's the second of the possible places, and "i" is 129.
> It appears to be failing the WPACKET_sub_allocate_bytes_u16()
> call. %rsi before the call, which I think should be
> the "na
On 24/03/2020 20:25, Viktor Dukhovni wrote:
>>> I'm guessing it is not the first. The second would an issue with a
>>> particular issuer on the CA list (does Exim configure a list of CAs to
>>> send to the server?),
>>
>> I don't think so
Looks like I'm wrong, from the behaviour.
It's the second
در تاریخ سهشنبه ۲۴ مارس ۲۰۲۰، ۵:۲۰ Viktor Dukhovni <
openssl-us...@dukhovni.org> نوشت:
> On Mon, Mar 23, 2020 at 05:27:55PM -0700, Benjamin Kaduk via openssl-users
> wrote:
>
> > > I *think* possibly also the precise nature of that client cert
> > > matters; a testcase I set up away from my prod
On Mon, Mar 23, 2020 at 05:27:55PM -0700, Benjamin Kaduk via openssl-users
wrote:
> > I *think* possibly also the precise nature of that client cert
> > matters; a testcase I set up away from my production
> > system failed to induce the error. The client cert
> > is loaded using SSL_CTX_use_cer
On Mon, Mar 23, 2020 at 11:46:43PM +, Jeremy Harris wrote:
> OpenSSL 1.1.1 on Centos 8
> Ticket-based resumption
I'm testing posttls-finger with OpenSSL 1.1.1 on FreeBSD.
>
> I'm getting a repeatable error from a client call to SSL_connect()
> of "14228044:SSL routines:construct_ca_names:i
On Mon, Mar 23, 2020 at 11:46:43PM +, Jeremy Harris wrote:
> OpenSSL 1.1.1 on Centos 8
> Ticket-based resumption
>
>
> I'm getting a repeatable error from a client call to SSL_connect()
> of "14228044:SSL routines:construct_ca_names:internal error".
>
> Packet capture shows an Alert being s
OpenSSL 1.1.1 on Centos 8
Ticket-based resumption
I'm getting a repeatable error from a client call to SSL_connect()
of "14228044:SSL routines:construct_ca_names:internal error".
Packet capture shows an Alert being sent by the client before
anything is received from the server.
The error only
17 matches
Mail list logo
