Andy Schmidt
2014-09-17 22:27:33 UTC
I just tracked down an obscure bug in our certificate authentication
code to a change in in the global mask for ASN.1 strings in
crypto/asn1/a_strnid.c.
(https://github.com/openssl/openssl/commit/3009244da47b989c4cc59ba02cf81a4e9d8f8431)
I have a couple of questions about this:
1. Was this change made for a security related reason?
That is, by changing global_mask back to the 1.0.1g initialized value,
are we introducing a security vulnerability?
2. Is there a changelist somewhere in the source tarball that lists
the 1.0.1g to 1.0.1h revisions? Or a list that outlines changes in the
default settings?
This would be extremely helpful to incorporating newly released 1.0.1
subversions. The file CHANGES appears to only list security
vulnerabilities.
Any help is greatly appreciated.
Andy Schmidt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
code to a change in in the global mask for ASN.1 strings in
crypto/asn1/a_strnid.c.
(https://github.com/openssl/openssl/commit/3009244da47b989c4cc59ba02cf81a4e9d8f8431)
I have a couple of questions about this:
1. Was this change made for a security related reason?
That is, by changing global_mask back to the 1.0.1g initialized value,
are we introducing a security vulnerability?
2. Is there a changelist somewhere in the source tarball that lists
the 1.0.1g to 1.0.1h revisions? Or a list that outlines changes in the
default settings?
This would be extremely helpful to incorporating newly released 1.0.1
subversions. The file CHANGES appears to only list security
vulnerabilities.
Any help is greatly appreciated.
Andy Schmidt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org