[prev in list] [next in list] [prev in thread] [next in thread] List: apache-modssl Subject: [ANNOUNCE] mod_ssl 2.8.13 From: "Ralf S. Engelschall" <rse () engelschall ! com> Date: 2003-03-18 14:43:16 [Download message RAW] Another maintainance release of mod_ssl 2.8 for Apache 1.3 delivers to you mod_ssl 2.8.13 for Apache 1.3.27. Changes are listed below. Grab it from the following locations: o http://www.modssl.org/source/ o ftp://ftp.modssl.org/source/ Yours, Ralf S. Engelschall rse@engelschall.com www.engelschall.com Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003) *) Always enforce RSA blinding on RSA private keys in order to be resistent to timing attacks. *) Added timeout also to the "pre-sucking" of the trailing data in POST request handling. *) Correctly shutdown shared memory pools on fork+exec situations. *) Bugfix SSL client certificate verification: OpenSSL was not informed with SSL_set_verify_result(ssl, X509_V_OK) in case mod_ssl forced the verification to be ok. *) Consistently use OPENSSL_free() instead of plain free() to deallocate memory chunks allocated inside OpenSSL. *) Fixed various memory leaks related to X509 certificates. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org Official Announcement Mailing List modssl-announce@modssl.org Automated List Manager majordomo@modssl.org [prev in list] [next in list] [prev in thread] [next in thread] Configure Your Environment | About MARC | We're Hiring! | Want to add a list? Tell us about it. | 10East
Today is 2003/03/25 but mod_ssl in portage not upgrade brief changlog ====== *) Fixed logic in the destruction of a temporary certificate structure and this way avoid a crash due to freeing NULL object. *) Removed one newly introduced X509_free() call in the context of SSL_get_certificate(), because this function does not increment a reference count (although SSL_get_peer_certificate() does). *) Fixed hash-table based shared memory session cache (shmht) implementation by making sure that the underlying hash table library does not crash if memory cannot be allocated. =========
glsa sent