[Pkg-openssl-devel] Re: [jaenicke@openssl.org: Re: Potential
security hole in openssl]
Julian Gilbey
jdg at polya.uklinux.net
Thu Mar 1 19:00:52 CET 2007
On Thu, Mar 01, 2007 at 10:27:49AM +0100, Moritz Muehlenhoff wrote:
> Hi,
> FYI, you appear to be not on CC. Please include the originating CCs
> when replying.
>
> Cheers,
> Moritz
>
> ----- Forwarded message from Lutz Jaenicke <jaenicke at openssl.org> -----
>
> From: Lutz Jaenicke <jaenicke at openssl.org>
> To: openssl-team at openssl.org
> Cc: security at debian.org, openssl at packages.debian.org,
> openssl-security at openssl.org
> Subject: Re: Potential security hole in openssl
>
> On Wed, Feb 28, 2007, Julian Gilbey wrote:
>
> > I've been trying to get proxytunnel to tunnel via HTTPS. I've been
> > trying the latest version of proxytunnel (1.7.0, available from
> > proxytunnel.sourceforge.net), but the openssl library segfaults. (I
> > am working on a Debian testing system.) I have also tested this on
> > the unstable version - see below.
> > [...]
>
> Using "openssl s_client -ssl2 -connect localhost:443" does not exhibit
> any problem, it however doesn't do anything with memory allocations
> in the s_client demo application so we might not detect a corruption...
>
> Can you run give s_client a try? If it crashes we could at least
> rule out proxytunnel...
s_client works fine :-/
burnside:~ $ openssl s_client -ssl2 -connect localhost:443
CONNECTED(00000003)
[...]
Verify return code: 10 (certificate has expired)
---
CONNECT burnside:8080 HTTP/1.0
Proxy-Connection: Keep-Alive
HTTP/1.0 200 Connection Established
Proxy-agent: Apache/2.2.3 (Debian) mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8 mod_ssl/2.2.3 OpenSSL/0.9.8e mod_perl/2.0.2 Perl/v5.8.8
SSH-2.0-OpenSSH_4.3p2 Debian-8
burnside:~ $
Julian
More information about the Pkg-openssl-devel
mailing list