similar to: [Bug 1991] New: openssl version checking needs updating

https://bugzilla.mindrot.org/show_bug.cgi?id=2212 Bug ID: 2212 Summary: openssl version check should ignore status nibble Product: Portable OpenSSH Version: 6.5p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

Hello All, After seeing what is probably the zillionth "OpenSSL headers don't match library" bug report I made the following mod to configure.ac. It always writes the versions of the library and headers to config.log and prints them to stdout if they don't match. Hopefully this will help diagnose these problems in future. Example output below. -Daz. $ ./configure [snip]

Well, I've finally gotten around to compiling and testing OpenSSH 2.5.2p1, in order to update the contrib/solaris packaging scripts. Somehow on my test system, I'm getting errors that indicate that I've still got some old copy of OpenSSL being found somewhere...but I can't for the life of me tell where. The compile went fine (it found the OpenSSL 0.9.5a libraries that I had

Hi, Below a message I had originally sent to openssl-bugs. The version mismatch mentioned below was OpenSSL 0x0090603f vs. OpenSSL 0x0090601f Meanwhile Richard Levitte <levitte at stacken.kth.se> has sent me the following: >>>>>>>>> Begin excerpt from levitte (first msg.) peb> If, on the other hand, the libraries from 0.9.6a and 0.9.6c are peb> binary

On 2016-11-02, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > If the standard way works, I am happy to include the original patch I > sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER. > If they keep this promise, then we should have no worries about things > breaking up. Diff below is what I've added to OpenBSD ports. The libressl API is not cast in

Hi all. Solaris 10's default libcrypto does not have support for AES 192 and 256 bit functions. The attached patch, against -current, and based partially on an earlier one by djm, will use OpenSSH's builtin rijndael code for all AES crypto functions and thus will allow it to build and function on Solaris 10 without the extra crypto packages (SUNWcry, SUNWcryr) or a locally built OpenSSL.

https://bugzilla.mindrot.org/show_bug.cgi?id=2130 Bug ID: 2130 Summary: Bugs intended to be fixed in 6.4 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

---------- Forwarded message ---------- Date: Fri, 18 Jan 2013 10:19:35 +1100 (EST) From: Damien Miller <djm at mindrot.org> To: Iain Morgan <Iain.Morgan at nasa.gov> Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv() On Thu, 17 Jan 2013, Iain Morgan wrote: > > Could you tell me the declaration of the function pointer do_cipher in > > OpenSSL's evp.h on your

On Fri, 12 Oct 2018, Jakub Jelen wrote: > Something like this can be used to properly initialize new OpenSSL > versions: > > @@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver) > void > ssh_OpenSSL_add_all_algorithms(void) > { > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > OpenSSL_add_all_algorithms(); > > /* Enable use of crypto

Here's my proposed patch to change RST handling so that ESTABLISHED connections are subject to strict RST checking, but connections in other states are only subject to the "within the window" check. Part 2 of the patch is simply a patch to netstat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic...

# HG changeset patch # User David Hicks <david at hicks.id.au> # Date 1373085976 -36000 # Sat Jul 06 14:46:16 2013 +1000 # Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e # Parent 1fbac590b9d4dc05d81247515477bfe6192c262c login-common: Add support for ECDH/ECDHE cipher suites ECDH temporary key parameter selection must be performed during OpenSSL context initialisation before ECDH and

>openssl version Libressl 2.4.4 Patch for dovecot: perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-dcrypt/dcrypt-openssl.c; perl -i -ple 's/^(#if OPENSSL_VERSION_NUMBER < 0x10100000L\s*)$/$1 || defined (LIBRESSL_VERSION_NUMBER)/' ./src/lib-ssl-iostream/dovecot-openssl-common.c; perl -i -ple 's/^(#if

---------- Forwarded message ---------- Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by blues.jpj.net (backatcha) with ESMTP id CAA13949; Fri, 14 Nov 1997 02:08:13 -0500 (EST) Received: from unknown@netspace.org (port 25452 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <818-20257>; Fri, 14 Nov 1997 01:41:22 -0500 Received: from NETSPACE.ORG by

After doing some testing by myself, I noticed that libressl, for some unknown reason, defines #define OPENSSL_VERSION_NUMBER 0x20000000L No idea why they decided to advertise that they are OpenSSL v2.0.0. A local fix, if you need one, is to use #if OPENSSL_VERSION_NUMBER == 0x20000000L #define OPENSSL_VERSION_NUMBER 0x1000100L #endif in dcrypt-openssl.c after includes. Aki On

It does work today, I am just bit worried that it will keep on breaking with libressl as they evolve their API. I would personally like to avoid more ifdef hell if possible... Aki On 02.11.2016 13:22, Michael A. Peters wrote: > Standard way to fix it (on the LibreSSL page) is to check for > LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think > catches them all where

If the standard way works, I am happy to include the original patch I sent, amended so that it checks for presence of LIBRESSL_VERSION_NUMBER. If they keep this promise, then we should have no worries about things breaking up. Aki On 02.11.2016 14:24, Michael A. Peters wrote: > Indeed, which is why I use it. > > But it also is in the minority which is why I find it acceptable for

IMHO it would be acceptable to have a LibreSSL patch that is maintained by the people who want it. It's free software, and that kind of is the point of Open Source. On 11/02/2016 04:36 AM, Michael A. Peters wrote: > They have stated they are going to remain API compatible with 1.0.1h (or > g, forget which they forked) - their new stuff is outside of libcrypto. > > On 11/02/2016

Indeed, which is why I use it. But it also is in the minority which is why I find it acceptable for FLOSS projects like dovecot to elect to only un-officially support LibreSSL via a community maintained patch. One of the reasons why OpenSSL was forked is because they were trying to support so many platforms that it made the code a real mess. Don't want the same to happen to another

They have stated they are going to remain API compatible with 1.0.1h (or g, forget which they forked) - their new stuff is outside of libcrypto. On 11/02/2016 04:25 AM, Aki Tuomi wrote: > It does work today, I am just bit worried that it will keep on breaking > with libressl as they evolve their API. I would personally like to avoid > more ifdef hell if possible... > > Aki >

Standard way to fix it (on the LibreSSL page) is to check for LIBRESSL_VERSION_NUMBER - e.g. the patch attached which I think catches them all where needed. Note the word think. It certainly appears to be working anyway with it. On 11/02/2016 04:07 AM, Aki Tuomi wrote: > After doing some testing by myself, I noticed that libressl, for some > unknown reason, defines > > #define