Author lemburg
Recipients alex, jeremy.kloth, lemburg, ned.deily, python-dev, steve.dower, zach.ware
Date 2015-04-13.22:44:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <552C46CB.2080903@egenix.com>
In-reply-to <1428964193.47.0.105386952837.issue23686@psf.upfronthosting.co.za>
Content
On 14.04.2015 00:29, Ned Deily wrote:
> 
> For what it's worth, the resolution of Issue23476 uses an API that was added in OpenSSL 1.0.2.

Hmm, I don't think that's a good move at this time.

Most Linux users won't benefit from this since their system OpenSSL
will be 1.0.1 and 1.0.2 still has major security bugs being resolved:

https://www.openssl.org/news/secadv_20150319.txt
(look at the number of 1.0.2 only security bugs)

apart from 1.0.2a being the first 1.0.2 version which works at all:

https://github.com/openssl/openssl/pull/218
(certificate expiry checks not working)
History
Date User Action Args
2015-04-13 22:44:32lemburgsetrecipients: + lemburg, ned.deily, alex, jeremy.kloth, python-dev, zach.ware, steve.dower
2015-04-13 22:44:32lemburglinkissue23686 messages
2015-04-13 22:44:32lemburgcreate