[openssl-users] How to access a bug fix ?

Benjamin Kaduk bkaduk at akamai.com
Fri Nov 13 16:48:19 UTC 2015

On 11/13/2015 10:14 AM, jonetsu wrote:
> Hello,
>  I would like to see the bug fix for RT3515 'Use 3DES in pkcs12 if built with no-rc2' although the opnssl tree I got recently does not show it:

The bug fix is just the patch contained in the initial submission.

> % git status
> On branch master
> Your branch is up-to-date with 'origin/master'.
> % git show 92830dc1ca0bb2d12bf05a12ebb798709595fa5a
> fatal: bad object 92830dc1ca0bb2d12bf05a12ebb798709595fa5a
> I tried with checking out a few branches:
>   remotes/origin/OpenSSL-fips-2_0-stable
>   remotes/origin/OpenSSL_1_0_1-stable
>   remotes/origin/OpenSSL_1_0_2-stable

Checking out a different branch will not make any difference; "git show"
checks for all objects in a given repository, whether accessible from
the current HEAD or otherwise.

> And still not shown.  Did that bug fix ever made it to the OpenSSL tree as such, or was it bundled in the 33,000+ lines commit 7e1b7485706c2b11091b5fa897fe496a2faa56cc ?

It seems to be only in that mega-commit, which is not a real git merge
commit despite having 'merge' in the commit message.

> Alternatively, in which 1.0.1 version was this bug fix included ?  I grepped the CHANGES file of some versions after 1.0.1e although these do not list the bug numbers.

Looking at the pkcs12.c version in the OpenSSL_1_0_2-stable branch and
OpenSSL_1_0_1-stable branch, the bugfix is not present.  You would need
to apply it manually or convince a committer to push the change to the
stable branches.

-Ben Kaduk

More information about the openssl-users mailing list