Message254966
Thanks for the updated info Marc-Andre.
Yeah, while generally speaking OpenSSL doesn't ship betas, it does provide them as tarballs. I have a beta of 1.0.2 floating around somewhere on my machine that I was using for ALPN testing back in 2014, and so I can speak from personal experience and say that people do actually work with betas sometimes. On this issue (defending ourselves from a CVE) my instinct is to be conservative. However, we should allow later patch releases of OpenSSL 1.0.0 to have this optimisation if they're safe.
Therefore, I've uploaded a new patch that does allow for 1.0.0m and later to use this optimisation too. It makes the conditional a little more complex, but c'est la vie. |
|
Date |
User |
Action |
Args |
2015-11-20 11:10:00 | Lukasa | set | recipients:
+ Lukasa, lemburg, janssen, pitrou, giampaolo.rodola, christian.heimes, benjamin.peterson, alex, dstufft |
2015-11-20 11:10:00 | Lukasa | set | messageid: <1448017800.19.0.946147791129.issue25672@psf.upfronthosting.co.za> |
2015-11-20 11:10:00 | Lukasa | link | issue25672 messages |
2015-11-20 11:09:59 | Lukasa | create | |
|