Date: Fri, 11 Apr 2003 12:23:39 +0200 From: Martin Schulze <joey@...odrom.org> To: xvendor@...ts.openwall.com Subject: Re: openssl blinding and threads? Ryan W. Maple wrote: > > On Wed, Apr 09, 2003 at 09:38:11AM -0700, Seth Arnold wrote: > > > Yesterday, I saw someone on IRC mention that Red Hat's OpenSSL update > > > (either to turn on blinding, or the oracle fix) broke threading, backed up > > > with the idea that recompiling stunnel to use fork() instead of whatever > > > thread library it had been using, caused some problems of his to go away. > > > > > > I wasn't able to drag out better information from him before he > > > dissapeared, but I thought I'd mention it as a heads-up, in case any of > > > you run into similar problems. > > > > There's been some traffic about this on the openssl development list as > > well. Apparently the blinding changes aren't safe for threaded apps, > > and fixes are coming in 0.9.6j and 0.9.7b (and should be in the current > > snapshots, too), probably Thursday. > > This looks like it here: > > http://marc.theaimsgroup.com/?l=openssl-cvs&m=104927702431768&w=2 If you use it, use the 'Download message RAW' link since the url above contains a broken patch, the raw message contains the correct one (or at least one without that showstopper). Regards, Joey -- The only stupid question is the unasked one.
Powered by blists - more mailing lists
Please check out the xvendor mailing list charter.