[ANNOUNCE] mod_ssl 2.8.10

[ANNOUNCE] mod_ssl 2.8.10

am 24.06.2002 13:24:41 von rse

Another bugfixing round in the maintainance of mod_ssl 2.8 for Apache 1.3.

Fetch it and upgrade from:

o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/

Yours,
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002)

*) Fixed off-by-one buffer overflow bug in the compatibility
functionality (mapping of old directives to new ones).

*) Fixed memory leak in processing of CA certificates.

*) In case there is actually a certificate chain in the session cache,
we now use the value of SSL_get_peer_certificate(ssl) to verify as
it will have been removed from the chain before it was put in the
cache.

*) Seed the PRNG with a maximum of 1K from the internal scoreboard.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: [ANNOUNCE] mod_ssl 2.8.10

am 30.08.2002 14:17:51 von Martin Kraemer

Zum Thema Security und so:
Ich habe gesehen, dass seit 67 Tagen keine Datei im mod_ssl Repository
(so, wie es per rsync geliefert wird) mehr modifiziert wurde.

Ist das aus Sicherheitsgruenden, oder hat sich das Repository tatsaechlich
nicht veraendert?

Gruss,
Martin
--
| Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org