Change in default behavior from 1.0.1g to 1.0.1h

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Change in default behavior from 1.0.1g to 1.0.1h

Andy Schmidt
I just tracked down an obscure bug in our certificate authentication
code to a change in in the global mask for ASN.1 strings in
crypto/asn1/a_strnid.c.
(https://github.com/openssl/openssl/commit/3009244da47b989c4cc59ba02cf81a4e9d8f8431)
I have a couple of questions about this:

1. Was this change made for a security related reason?
That is, by changing global_mask back to the 1.0.1g initialized value,
are we introducing a security vulnerability?

2. Is there a changelist somewhere in the source tarball that lists
the 1.0.1g to 1.0.1h revisions? Or a list that outlines changes in the
default settings?
This would be extremely helpful to incorporating newly released 1.0.1
subversions. The file CHANGES appears to only list security
vulnerabilities.

Any help is greatly appreciated.

Andy Schmidt
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]