FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 02-12-2008, 07:19 PM
Steve Langasek
 
Default Openssl in experimental: please test.

On Tue, Feb 12, 2008 at 08:54:26PM +0100, Kurt Roeckx wrote:

> I've uploaded openssl 0.9.8g-6 to experimental. It adds support for TLS
> extensions. This changes some structs in the public header files
> causing ABI changes. I believe those are harmless and shouldn't cause
> any problems. But I'd like some people to test it before I upload this
> to unstable.

> Please see bug #462596 for more info.

FWIW, I expect that this is a waste of time. Packages in experimental don't
get any significant amount of testing, and if any packages are affected by
the ABI change, it's going to be lesser-used packages which are doing
relatively naughty things with OpenSSL structs.

So I highly recommend uploading this to unstable ASAP, since the only thing
that's likely to get you sensible feedback is a reasonable length of time
spent in unstable.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-14-2008, 10:30 AM
Marc Haber
 
Default Openssl in experimental: please test.

On Tue, 12 Feb 2008 20:54:26 +0100, Kurt Roeckx <kurt@roeckx.be>
wrote:
>I've uploaded openssl 0.9.8g-6 to experimental. It adds support for TLS
>extensions.

Does this include MAC Padding? If so, expect some interoperability
issues with symbian-based mobile devices.

Greetings
Marc

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
 
Old 02-14-2008, 10:08 PM
Kurt Roeckx
 
Default Openssl in experimental: please test.

On Thu, Feb 14, 2008 at 12:30:07PM +0100, Marc Haber wrote:
> On Tue, 12 Feb 2008 20:54:26 +0100, Kurt Roeckx <kurt@roeckx.be>
> wrote:
> >I've uploaded openssl 0.9.8g-6 to experimental. It adds support for TLS
> >extensions.
>
> Does this include MAC Padding? If so, expect some interoperability
> issues with symbian-based mobile devices.

I guess you mean "random length MAC padding". This change has
nothing to do with that. They might add that at some point, and
I doubt it's going to compile time option changing the ABI.

This change is about:
*) Add initial support for TLS extensions, specifically for the server_name
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
have new members for a host name. The SSL data structure has an
additional member SSL_CTX *initial_ctx so that new sessions can be
stored in that context to allow for session resumption, even after the
SSL has been switched to a new SSL_CTX in reaction to a client's
server_name extension.

New functions (subject to change):

SSL_get_servername()
SSL_get_servername_type()
SSL_set_SSL_CTX()

New CTRL codes and macros (subject to change):

SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- SSL_CTX_set_tlsext_servername_callback()
SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
- SSL_CTX_set_tlsext_servername_arg()
SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name()

openssl s_client has a new '-servername ...' option.

openssl s_server has new options '-servername_host ...', '-cert2 ...',
'-key2 ...', '-servername_fatal' (subject to change). This allows
testing the HostName extension for a specific single host name ('-cert'
and '-key' remain fallbacks for handshakes without HostName
negotiation). If the unrecogninzed_name alert has to be sent, this by
default is a warning; it becomes fatal with the '-servername_fatal'
option.

Anyway, it's been uploaded to unstable now.


Kurt


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 08:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org