-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 12 Dec 2012 11:54:19 +0200 Timo Teras <timo.teras@...> wrote:
> On Wed, 12 Dec 2012 10:08:39 +0100 Götz Babin-Ebell
> <g.babin-ebell@...> wrote:
> > Am 12.12.12 08:33, schrieb Timo Teras:
> > > On Mon, 03 Dec 2012 16:33:31 +0100 Götz Babin-Ebell
> > > <g.babin-ebell@...> wrote:
> > >
> > >> Attached patch is a somewhat smarter X509 subject name compare.
> > >> X509 names may contain entries with different encodings (like
> > >> UTF-8) The old code (some copy from the ancient openssl 0.9.7
> > >> release) did not handle that. The new code does only handle
> > >> stripping of the wildcards from the name and let openssl do the
> > >> compare of all non wildcard entries...
> > >
> > >> (OK, it requires an newer OpenSSL version than 0.9.7, whoever
> > >> still uses 0.9.7 has more pressing problems...)
> > >
> > > Since no one is objecting - I'm willing to commit this. However,
> > > please update configure.ac to check for proper version of openssl.
> > >
> > > Currently we seem to need 0.9.6. Please check which will be the
> > > minimum requirement after your change, and update the autoconf
> > > check accordingly.
> > OpenSSL 0.9.6 ?
> > Ough.
> > OpenSSL 0.9.6 is not maintained any more since March 2004.
> > OpenSSL 0.9.7 is not maintained any more since February 2007
> > current OpenSSL version is 1.0.1c
> > Still maintained is OpenSSL 0.9.8 (last release being 0.9.8x)
> > To me it feels wrong to allow an OpenSSL version that is not
> > maintained any more or contains known security vulnerabilities in a
> > security sensitive program / module like ipsec-tools / racoon.
> > So to me it seems the question is not
> > "what is the minimum required OpenSSL version"
> > but
> > "in which OpenSSL version are all relevant security issues fixed".
> > According to the issues listed in
> > http://www.openssl.org/news/vulnerabilities.html
> > This seems to be 0.9.8s.
> > The attached patch should fix this
> I agree.
> Will commit this first, and the other patch after this unless someone
I think this should be it for 0.8.1 release. I'll start to prepare the
release. Should get it out still this year :)
- - Timo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----