Closed tomato42 closed 9 years ago
tomato42
commented
9 years ago One more thing, but it's related to your recommended way to build it rather the code as such - to test for CRIME you need to compile with zlib flag to ./Configure, otherwise openssl won't advertise support for compression in ClientHello
PeterMosmans
commented
9 years ago Thanks for reporting these issues, I'm going to merge the latest sources (and some #RT issues) from beta 4 and will verify the checkhost patches. As for comment #2 - I'll add this option to the default instructions on this repository and https://www.onwebsecurity.com/cryptography/openssl
PeterMosmans
commented
9 years ago With regards to comment 1.. As far as I can see patch http://marc.info/?l=openssl-cvs&m=135473253505363 hasn't made it onto the OpenSSL_1_0_2-stable tree. I cannot seem to find a branch where this patch is actually located. @tomato42 , do you know if this patch made it onto a branch ? If not, I can apply the patch manually and try to get it applied 'upstream'. Thanks!
tomato42
commented
9 years ago aah, I got confused, the options I was thinking of were -verify_hostname and -verify_ip, which are supported by both your branch and upstream, they are just not documented in the -help message in your branch and upstream - both your branch and upstream has the same documentation bug so I'm closing this issue and moving this discussion upstream.
Thanks for the prompt response!
I've noticed that the version in 1.0.2-chacha branch doesn't include the patches that implement the
-checkhostoption to s_client, even though it is listed in-helpmessage. Could you look into it?