On Sat, Dec 17, 2016 at 09:09:49AM +0000, Eric Wong wrote:
> Kazuki Yamaguchi <k / rhe.jp> wrote:
> > On Sat, Dec 17, 2016 at 01:31:12AM +0000, Eric Wong wrote:
> > > k / rhe.jp wrote:
> > > > Feature #12324: Support OpenSSL 1.1.0 (and drop support for 0.9.6/0.9.7)
> > > > https://bugs.ruby-lang.org/issues/12324
> > > >
> > > rhe: did you commit all of these?
> > > 
> > > I notice SSL_CTX_clear_options is still missing on an ancient
> > > CentOS 5.x machine with 0.9.8e.  Thanks.
> > 
> > I dropped that patch. I found the OpenSSL 0.9.8e package in RHEL/CentOS
> > 5 has backported SSL_CTX_clear_options() as part of CVE-2009-3555 fix,
> > and no one except them would use < 0.9.8m anymore.
> 
> Thanks for the response.  I'll work with my sysadmins and see
> if they're willing to upgrade OpenSSL; but they may not :<
> 
> If they are not, would you be willing to add
> SSL_CTX_clear_options?  I could carry the patch myself, but
> maybe there are other ancient places who don't patch :<

I'm fine with adding if it helps. I don't want to imagine such systems
with 6 years unpatched OpenSSL, though.

I've added to the GitHub repository now:

  https://github.com/ruby/openssl/commit/fd2ea0c41d55f3d0b34edb1d25c673bc004f6913

Will import to trunk in a few days together with a few more minor bug fixes.

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>