Re: [Ltib] openssl

[Mark Bishop]

Also, one thing I have noticed is that the most recent version in the  
GPP is 0.98k but when I do a ./ltib -m listpkgs it gives lists version  
0.98g.  I am trying to figure out how to get the newer versions  
straight from the GPP in ltib (and then do a patch/spec file if need  
be).  I am sure the procedure is in the documentation on the website.   
I am still sifting through it.

I guess I could just download/compile it all manually if I can't  
figure out how to get this to work in ltib, but it wouldn't be as fun.

And this ltib version came from a Freescale BSP.  I am using the older  
ltib, I just want a newer openssl.  Unless someone says it is a bad  
idea.


Quoting Mark Bishop <address@hidden>:

> OpenSSL CHANGES
>  _______________
>
>  Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
>
>   *) Disable renegotiation completely - this fixes a severe security
>      problem (CVE-2009-3555) at the cost of breaking all
>      renegotiation. Renegotiation can be re-enabled by setting
>      SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
>      run-time. This is really not recommended unless you know what
>      you're doing.
>      [Ben Laurie]
>
>
> They have also started to release the 1.0 Beta's.
>
>
> Quoting Stuart Hughes <address@hidden>:
>
> > Hi Mark,
> >
> > It's always good to get updates.  If you get it ported, please post  
> > your  patch/spec file to the list.
> >
> > BTW: what's changed for this later version?
> >
> > Regards, Stuart
> >
> > Mark Bishop wrote:
> > > I am going to deploy the most recent openssl with ltib.  I am  
> > > going to start with the current .spec file for the version that is  
> > > in there.  Is this something that would be worthwhile to upload to  
> > > the ltib project or should I not worry about it?
>
>
>
> _______________________________________________
> LTIB home page: http://ltib.org
>
> Ltib mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/ltib