Closed tomato42 closed 9 years ago
One more thing, but it's related to your recommended way to build it rather the code as such - to test for CRIME you need to compile with zlib
flag to ./Configure
, otherwise openssl won't advertise support for compression in ClientHello
Thanks for reporting these issues, I'm going to merge the latest sources (and some #RT issues) from beta 4 and will verify the checkhost patches. As for comment #2 - I'll add this option to the default instructions on this repository and https://www.onwebsecurity.com/cryptography/openssl
With regards to comment 1.. As far as I can see patch http://marc.info/?l=openssl-cvs&m=135473253505363 hasn't made it onto the OpenSSL_1_0_2-stable tree. I cannot seem to find a branch where this patch is actually located. @tomato42 , do you know if this patch made it onto a branch ? If not, I can apply the patch manually and try to get it applied 'upstream'. Thanks!
aah, I got confused, the options I was thinking of were -verify_hostname
and -verify_ip
, which are supported by both your branch and upstream, they are just not documented in the -help
message in your branch and upstream - both your branch and upstream has the same documentation bug so I'm closing this issue and moving this discussion upstream.
Thanks for the prompt response!
I've noticed that the version in 1.0.2-chacha branch doesn't include the patches that implement the
-checkhost
option to s_client, even though it is listed in-help
message. Could you look into it?