|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|||
Please Put OpenSSL Out of Its Misery
From http://queue.acm.org/detail.cfm?id=2602816 an analysis by FreeBSD and Varnish developer Poul-Henning Kamp:
Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
OpenBSD has started a massive strip-down and cleanup of OpenSSL
Quote:
Quote:
http://www.undeadly.org/cgi?action=a...&mode=expanded http://www.undeadly.org/ Last edited by comet--berkeley; 16th April 2014 at 09:35 PM. Reason: fix url |
|
|||
Quote:
The only mention of "BSD" in anything related to OpenSSL, is its 4-clause BSD License.
__________________
May the source be with you! |
|
|||
Quote:
However, as comet-berkeley has linked, the OpenBSD developers have taken on the task of correcting all of the ills of OpenSSL found in OpenBSD. Rapid & frequent changes are now being checked into OpenBSD's CVS repository chopping out all kinds of cruft. |
|
|||
Thanks for clarifying that, ocicat. That's what I suspected.
I've read about this overhaul by the OpenBSD team yesterday. It's definitely good considering how bad things are. I hope the changes get accepted upstream, and if they don't, I hope 1) it doesn't become a fork that is too much of a burden for the OpenBSD project to maintain and 2) it doesn't deviate too much that it becomes incompatible with all the software that rely on this particular implementation.
__________________
May the source be with you! |
|
|||
PolarSSL
Has anyone here used polarSSL? It's said to be much cleaner, code-wise, but I haven't looked at it myself, other than to change a couple lines to compile it together with curl. It seemed to work OK on my cursory looksee, and It's dual licensed, commercial and gpl2. There are other alternatives, but I suspect some are problematic license wise...
|
|
|||
I have to agree with phk about the certificate system. The current system of certificates seems ridiculously akin to stealing candy from babies...
The banks just keep on paying ($billions) because they're stll able to eek out a profit post exploit-madness. Tell's you how high the profits are... |
|
||||
NEWS: An official fork of OpenSSL
We have three threads now for the Heartbleed bug. This, that, and the other. I had a choice where to post this, so I picked this thread as it is one of the ones in the News subforum. I am not inclined to start a fourth thread.
LibreSSL is the name of the OpenBSD Project's official fork of OpenSSL. You can follow the development via the fork's website, freshmeat.org, or opensslrampage.org. Last edited by jggimi; 22nd April 2014 at 05:38 PM. Reason: link, clarity |
|
|||
Arstechnic has an article about LibreSSL :
OpenSSL code beyond repair, claims creator of “LibreSSL” fork
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Just thought I would mention that The Register had a rather nice write up of the fork - http://www.theregister.co.uk/2014/04...fork_libressl/
I thought their (actually somewhat critically honest) write up of the effort to pump cash into OpenSSL had an interesting quote at the end: Quote:
It's nice to see a major news site echo Carpetsmoker's sentiment rather than just go with corporate line that throwing money at OpenSSL will make everything better, which a lot of prominent sites (Ars *cough cough*) are embracing to a large extent. Last edited by guitarfreak; 25th April 2014 at 05:27 AM. Reason: typo |
|
|||
Just one nit I have with this article (and they certainly aren't alone in this).
In college I had a couple friends who were devout muslims. Every time they said Allah they had to also say peace be upon him. It's like the tech. press and the part of the free software crowd outside the BSDs have a similar, but of opposite sentiment, tic when invoking Theo's name. They can't do it, whatever the context, without an extra adjective or two about him being cantankerous (but usually it's less politely put). It's tiresome. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenSSL challenge | Ooonak | OpenBSD Security | 1 | 9th July 2012 02:47 PM |
OpenSSL fixes DoS bug in recent bug fix | J65nko | News | 0 | 20th January 2012 12:02 AM |
Security Six security flaws fixed in OpenSSL | J65nko | News | 0 | 6th January 2012 06:17 PM |
New version of OpenSSL fixes two vulnerabilities | J65nko | News | 0 | 9th December 2010 02:56 AM |
OpenSSL updates fix vulnerabilities | J65nko | News | 0 | 4th June 2010 12:48 PM |