On Mon, Jan 18, 2016 at 06:00:09PM +0000, Jeremy Harris wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> The ftp site:
>
> ftp://ftp.exim.org/pub/exim/exim4/test/
>
> now has RC3 of Exim 4.87 available. Built and
> signed by myself.
>
> Changes of interest since RC2:
> - - DKIM: fix quoted-printable decode
> - - Malware: Fix potential spin-on-read-error with kavdaemon
> - - dnslists: permit use with explicit key(s) in nonsmtp ACLs. Bug 1748
> - - Pretty print for -bP config
> - - Consolidate base64 encode/decode routines
> - - New expansion operator base64d, and base64 as synonym for str2b64. Bug 1746
> - - Support certificates in base64 expansion operator. Bug 1762
> - - DKIM: use TLS library where possible in preference to embedded PolarSSL copy
> - - add requirement on good HELO in the example configuration
> - - OpenSSL: Default the SINGLE_DH_USE option flag set
> - - Expansions: fix memory-usage bug in ${run }. Bug 1778
> - - Permit an ACL to override the default 252 VRFY response. Bug 1769
> - - Restrict line lengths in bounces. Bug 1760
>
>
> No feature-introductions will be accepted in the mainline code branch
> between now and 4.87 final release. Bug fixes are still welcome.
>
> Please report issues here in the exim-dev or
> exim-users mailinglist, or by raising bugs
> on http://bugs.exim/org
>
>
openssl 1.1 concern
gcc tls.c
In file included from tls.c:124:
tls-openssl.c: In function `rsa_callback':
tls-openssl.c:247: warning: `RSA_generate_key' is deprecated (declared at /usr/contrib/include/openssl/rsa.h:322)
tls-openssl.c: In function `tls_client_stapling_cb':
tls-openssl.c:1191: dereferencing pointer to incomplete type
In file included from tls.c:124:
tls-openssl.c: In function `vaguely_random_number':
tls-openssl.c:2560: warning: `RAND_pseudo_bytes' is deprecated (declared at /usr/contrib/include/openssl/rand.h:98)
*** Error code 1
Stop.
*** Error code 1
Stop.
concern 3 RAND_pseudo_bytes should be replaced by RAND_bytes in OpenSSL 1.1
concern 1
man RSA_generate_key_ex
man: Formatting manual page...
RSA_generate_key(3) OpenSSL RSA_generate_key(3)
NAME
RSA_generate_key_ex, RSA_generate_key - generate RSA key
pair
SYNOPSIS
#include <openssl/rsa.h>
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
Deprecated:
#if OPENSSL_API_COMPAT < 0x00908000L
RSA *RSA_generate_key(int num, unsigned long e,
void (*callback)(int,int,void *), void *cb_arg);
#endif
DESCRIPTION
RSA_generate_key_ex() generates a key pair and stores it
in the RSA structure provided in rsa. The pseudo-random
number generator must be seeded prior to calling
RSA_generate_key_ex().
The modulus size will be of length bits, and the public
exponent will be e. Key sizes with num < 1024 should be
considered insecure. The exponent is an odd number,
typically 3, 17 or 65537.
A callback function may be used to provide feedback about
the progress of the key generation. If cb is not NULL, it
will be called as follows using the BN_GENCB_call()
function described on the BN_generate_prime(3) page.
o While a random prime number is generated, it is called
as described in BN_generate_prime(3).
o When the n-th randomly generated prime is rejected as
not suitable for the key, BN_GENCB_call(cb, 2, n) is
called.
o When a random p has been found with p-1 relatively
prime to e, it is called as BN_GENCB_call(cb, 3, 0).
The process is then repeated for prime q with
BN_GENCB_call(cb, 3, 1).
RSA_generate_key is deprecated (new applications should
use RSA_generate_key_ex instead). RSA_generate_key works
in the same was as RSA_generate_key_ex except it uses "old
style" call backs. See BN_generate_prime(3) for further
details.
RETURN VALUE
If key generation fails, RSA_generate_key() returns NULL.
1.1.0-pre3-dev 2016-01-18 1
RSA_generate_key(3) OpenSSL RSA_generate_key(3)
The error codes can be obtained by ERR_get_error(3).
BUGS
BN_GENCB_call(cb, 2, x) is used with two different
meanings.
RSA_generate_key() goes into an infinite loop for illegal
input values.
SEE ALSO
ERR_get_error(3), rand(3), rsa(3), RSA_free(3),
BN_generate_prime(3)
1.1.0-pre3-dev 2016-01-18 2
Any work around?
Concern 2
STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses;
Why does this happen under OpenSSL 1.1 ?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Birthdate 29 Jan 1969 Redhill, Surrey, UK