Monthly Status Report (November)

Matt Caswell matt at openssl.org
Wed Dec 9 17:42:12 UTC 2020


As well as normal reviews, responding to user queries, wiki user
requests, OMC business, support customer issues, handling security
reports, etc., key activities this month:

- Investigated and prepared a fix where the nginx "ssl_reject_handshake"
feature does not work in OpenSSL.
- Completed and merged the PR to remove low-level DH use from libssl
- Ongoing involvement in the regular OTC meetings (currently twice a week)
- Improved the output from conf_diagnostics (some issues were being
incorrectly suppressed from the error output)
- Performed the alpha8 and alpha9 releases for OpenSSL 3.0
- Fixed the reading of DSA parameters files in the dsaparam app
- Corrected system guessing for solaris64-x86_64-* targets
- Fixed issues with the error "mark" system to enable multiple nested marks
- Continued work on and merged the PR to change the default key
generation type for DH/DSA
- Cleaned up some functions in the apps to remove redundant error messages
- Provided initial fix for clang10 issues (later superseded by a fix by
Pauli)
- Created a fix for RC4 based ciphersuites
- Investigated and created an initial patch for the EDIPARTYNAME
security issue
- Investigated and fixed an issue where OSSL_STORE was forgetting the
data type that we read from the PEM header when decoding the DER
- Completed and merged the PR to ensure that the dhparam app no longer
needs to use low level APIs
- Investigated and fixed a fuzzing error in the Thawte Strong Extranet
X509 extension
- Removed deprecation warning suppression from genpkey
- Fixed an error in missingcrypto111.txt related to ERR_load_KDF_strings
- Moved some libssl global variables into SSL_CTX
- Undeprecated the -dsaparam option in the dhparam app. The original
motivation for this deprecation no longer applies
- Implemented a Github CI solution as a replacement for Travis
- Fixed no-rc2
- Fixed no-posix-io
- Fixed no-err
- Fixed no-engine
- Completed and merged the PR to fully deprecate the DH low level APIs
- Fixed the run-checker ubsan build
- Fixed builds combining no-dh and no-ed


Matt


More information about the openssl-project mailing list