Current OpenSSL-Bugs Milestones and Bugs

1 items todo for release: 0.9.7e  
465 [patch] X509_LOOKUP_hash_dir with multiple directories problem  
10 items todo for release: 0.9.8  
61 OPENSSL_SYS_MSDOS is confusing Normal 
92 Prototypes SSL_write() & SSL_read() problem in openssl/ssl.h for 64-bit applications  
153 Public API for sending SSL/TLS alerts wanted Nice to have 
266 [PATCH] Proposed proxy client functionality in s_client Nice to have 
270 API: certificate chain handling incomplete  
448 [Fwd: Bug#176062: openssl: Expired certificates and recertification] Normal 
478 make uninstall Wishlist 
480 Support for local ip address binding for connect BIO's. Nice to have 
601 extend opensslconf.h to have a flag for every available feature  
773 No OAEP support for S/MIME Wishlist 
679 items not filed  
547 SSL_CTX_free messes with external session cache  
597 SSL_set_session() problem (?)  
598 OpenSSL: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry  
611 Fw: Bug in SSL_Shutdown?  
636 Example in man page for BIO_new_bio_pair incorrect?  
684 Memory Leaks in RSA_eay_private_decrypt  
738 enhancement request  
786 0.9.7: OPENSSL_NO_SHA flag  
791 CBC padding patch for FIPS-81  
795 Uninitialized Variables, Prototype Mismatches, Portability  
799 extending openssl config to add X509v3 extension support  
828 [PATCH] "openssl smime -verify" on binary files  
838 REQ: Creating a BIO from a FILE* should retain (TEXT) access modes  
843 EBCDIC patches for 0.9.7c  
844 [Fwd: Bug#235600: openssl: CA.pl and -signcert: some minor issues]  
937 uid  
955 Implementation of SSL_SESSION_get_session_id  
1019 renegotiation failure - bug report.  
1051 SSL_CTX_set_default_paths  
1052 openssl ca: generate subjectAltName from config  
1055 [Fwd: Bug#272281: include musclecard engine support in openssl]  
1068 X509_NAME_add_entry: inserting with loc == 0 and set == 0 creates wrong set  
1099 Problem with keysize operations  
1132 Re: submission of OpenSSL changes for smime  
1162 add a "discover-server-ciphers" to s_client  
1181 [PATCH] adds RFC 3280 compatible mail attribute  
1189 Bug Report and Patch : -subj option of the req command does not refer openssl.cnf to check the minimum and maximum limits of each field  
1215 Bug Report for OpenSSL  
1222 Please introduce versioned symbols  
1234 Failing to load zlib.so results in other errors later.  
1241 apps/s_client.c: 2 changes in initial handshake  
1244 changing TMP_D causes build to fail  
1290 [PATCH] Convert destest.c to use DES_* functions.  
1291 [PATCH] Remove old libdes support?  
1292 SSL_add_dir_cert_subjects_to_stack does not check for read access of file, breaking TLS enabled LDAP clients  
1298 OpenSSL bug in libcrypto.so:RAND_poll() crashes apache2 @ startup  
1327 Bug in openssl/util/mkdef.pl (HEAD)  
1328 FW: (Repost) SSL_shutdown and SSL_free issues  
1353 memory leak in EVP sign and verification functions  
1369 BUG Openssl executable 0.9.8a (Unix) fails when setuid/setgid  
1378 Contribution: twopipe patch for speed test  
1400 spurious CRs in S/MIME clearsigned mails  
1401 Proxy module  
1416 [PATCH] display UPN if in subjectAltName  
1424 Re: CRL update revision for X509_add_crl  
1425 Request: make X509_NAME_oneline() use same formatter as X509_NAME_print_ex()  
1444 Insufficient error reporting in openssl ca  
1449 [PATCH] Suspend and reinstate certificates in CA application  
1454 RSA key exponents different from 3 and F4  
1466 X.509 name's printing  
1470 [PATCH] fix some memory leaks in asn1 crypto  
1482 [PATCH] add "ciphertext stealing" support to the EVP library  
1491 [BUG][PATCH] malloc and friends returns not checked  
1518 [PATCH] Securing private RSA keys  
1534 [Bug report] Verification fails caused by too many CA certs  
1540 apps.c:app_get_pass -- bug with -pass{in,out} on same file:filename  
1541 quick patch in ssl/t1_enc.c  
1542 others quick patches for memory leaks in pk7_smime.c and pk7_mime.c  
1543 memory leak in crypto/asn1/x_x509a.c  
1544 bug report: openssl applications crashing due to uninitialized variables  
1556 CRYPTO_set_id_callback/CRYPTO_set_idptr_callback issues  
1584 INSTALL.W32 Configure prefix must be unix format directory delimeters  
1600 Man page bugs  
1608 [BUG] SSL_get_error returns SSL_ERROR_SSL if read() returns -1 / EINTR  
1617 Bug report: RAND_poll problem on Solaris - select call failing  
1634 [PATCH] FIPS186 PRNG for OpenSSL  
1639 BUG in BN_mod_inverse  
1642 patch purify errors  
1656 Clients compiled with tls extention can't talk to some servers.  
1670 SSL_CTX_load_verify_locations() fails without error with invalid files  
1678 PATCH: Timeout bugs on windows in RAND_poll()  
1682 BIO_snprintf can NOT work properly on HPUX 11.23 IA for 32bits mode  
1683 OPENSSL_NO_{RSA,DSA,DH} defines not honored  
1688 Re: [PATCH] Fix parallel build  
1698 potential bugs discovered by interprocedural code analysis for version 0.9.8g of Openssl  
1711 DTLS: Handshake does not detect missing/incomplete records in flight.  
1714 DTLS: Memory leak when server receives close alert from unknown peer  
1715 DTLS: Finished message is not buffered for retransmition  
1716 Bug report for DTLS  
1729 Bug in add_cert_dir - crypto/x905/by_dir.c  
1739 [PATCH] [openssl 0.9.8c] Using a private key in an engine to timestamp.  
1747 capi engine and mingw  
1755 config silently ignores standard compiler search path on AIX and reverts from gcc to cc  
1767 bug of EVP_Cipher when use openssl engine  
1769 bug report: Array overruns  
1775 0.9.9-today: bug: size_tification missed a few spots --> compile issues on native Win32/64 + SuSE64: patch/diff included  
1797 re: unable to verify timestamps sgined with a certificate that is now expired  
1808 enc(1) Salt option: -S  
1816 bug in DES_xcbc_encrypt() for decrypting 8 bytes of input (?)  
1817 smime does not add CRs  
1818 RSA_verify man page not accurate  
1825 Segmentation Fault  
1830 [PATCH] TLS Key Material Extractor  
1832 PATCH: force IPv4/IPv6 for s_client  
1848 Bug found in BN_is_prime_fasttest_ex( )  
1852 [BUG] Invalid Proxy Certificates Pass Validation  
1873 SMIME_write_PKCS7 and CRLF in base64 signature  
1875 Fwd: [PATCH] Small bug fixes and coding style corrections  
1876 cross compilation patch from TANDBERG  
1878 [PATCH] Fix RSA blinding locking hole  
1886 [PATCH] Null chiper support PSK/PKI for 0.9.8j  
1893 Fwd: X509_STORE_add_crl does not replace CRLs  
1912 BIO_printf/BIO_vprintf error in 0.9.8k  
1915 Bug Report : Abort when race condition occurs in ERR_get_state  
1916 [PATCH] Fix for memleaks, use after free and optimizations  
1919 Bug in buffer_ctrl in BIO_f_buffer?  
1927 [PATCH] openssl ocsp app to autodetect ocsp_uri and issuer  
1928 interface bug on Windows 64  
1956 [enhancement request] load_key in ts.c  
1971 [PATCH 09/14] Only test speeds up to 4K packets.  
1975 [PATCH 13/14] Add support for CPU usage reporting.  
2018 BUG: rsautl reports "RSA operation error" when decryption output is empty  
2021 sni bug  
2024 [doc bug] missing .pods  
2108 [PATCH] Message digest functions  
2146 [Fwd: Re: unexpected message during renegotiate attempt]  
2150 make -n install DOES ACTUALLY INSTALL everything  
2172 [BUG] Incorrect input checking in openssl enc  
2185 security vulnerability fixed  
2187 winsock.h inclusion in dtls1.h (bug?)  
2201 1.0 beta5, Solaris cc compile options  
2213 Unable to read Class 3 type CA certificates properly using EVP_EncodeUpdate & EVP_EncodeFinal functions.  
2216 OBJ_NAME_* and EVP_PBE_*interfaces are not MT-safe  
2217 OpenSSL_add_all_algorithms() (and similar) aren't very suitable for library use  
2232 OpenSSL 1.0.0 - Mac OS X Univesal Binary Build Link errors  
2237 Building Openssl on OpenVMS using "extended parse-style"  
2238 RE: Memory leak in \crypto\objects\o_names.c in method 'OBJ_NAME_add'.  
2242 Win64 build enhancements  
2248 CVS HEAD: bug in evp_locl.h - wrong number of bytes/bits passed to encrypt routine in loop  
2256 CVS HEAD: question: must this be hardcoded '8' or is it 'md_len' in disguise? :-S  
2257 CVS HEAD: [quite probable] bug in ssl3_write: does not indirect through callback like it sibling ssl3_read  
2267 Thread-safety issue: build_SYS_str_reasons() calls strerror()  
2270 CVS HEAD: bugfix for BIO printf() code: floating point does not print + other wrongs in that code path  
2274 SSL demo programs in openssl-1.0.0  
2280 Bug in 1.0.0: X509_VERIFY_PARAM_new does not check malloc return value  
2281 Bug in 1.0.0: SSL_new() leaks s->param if s->method->ssl_new() fails  
2285 [patch] use winsock2.h  
2287 A bug of PKCS8?  
2288 [PATCH] Support optional caching of the certificate chain when using external session caching  
2289 [PATCH 1/3] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it properly  
2290 [PATCH 2/3] apps/speed: fix digest speed measurement and add hmac-sha1 test  
2291 [PATCH 3/3] engine/padlock: implement sha1/sha224/sha256 acceleration  
2298 Build failure on WinCE platform openssl-1.0.0 & 1.0.0a  
2299 [PATCH] Null cipher support PSK/PKI for 1.0.0  
2303 BUG: rc5_skey.c:122: error: unsupported inline asm while trying to compile with llvm-2.7  
2317 Whitespace bug in ./config for Openssl 1.0.0a (OS X 10.6.4)  
2325 memory corruption after libssl is unloaded from memory  
2330 [BUG] lack of debug-mingw build target. just mingw and ming64.  
2337 [PATCH] Openssl asm BN/AES/SHA1 acceleration for SH4 and MIPS32  
2349 build problems with 1.0.0a windows 64 bit AMD  
2352 PATCH: Add new extended key usage ipsecIKE  
2357 openssl-1.0.0a -- PATCH for 'make -n install'  
2362 Bug report  
2369 mail/rfc822Mailbox should be encoded as IA5String, not DirectoryString  
2378 Bug report: interoperability problem  
2383 OpenSSL line break bugs  
2384 [PATCH] no-hw Install Fail  
2386 Bug Report and Patch: Incompatible types in SKM_ASN1_SET_OF_d2i  
2388 out-of-date comment for renegotiation handling  
2389 [PATCH] Supporting the -md and -sigopt options in OCSP utility  
2392 Haiku patch for openssl-1.0.0c  
2398 [PATCH] gost code cleanup  
2402 PATCH: config and Configure for Xcode Awareness  
2406 Argument type warning on i2d_ASN1_SET  
2414 [critical bug]openssl1.0.0c coredump, if compile option "shared" is enabled  
2415 [possible bugs]insignificant bugs in md_rand.c?  
2420 patch enabling OpenSSL to be built with LSB compilers  
2422 Re: What is the REALLY proper way to use an ENGINE?  
2426 [PATCH] fix Borland C++ 5.5 compilation  
2427 [PATCH] fix Borland C++ 5.5 redefine  
2428 [PATCH] fix Borland C++ 5.5 compilation /2  
2429 [PATCH] fix Borland C++ 5.5 compilation /3  
2431 Member of Te4 in aes_core.c needs to be cast to u32 before being shifted  
2436 pkcs12 enhancements  
2437 [PATCH] config on aix assumes cc is not gcc, can cause build to fail  
2439 bug report: memory leak  
2445 openssl-1.0.0c loses base64 data if newline missing  
2447 possible weakness, encryption password truncation (FreeBSD 8.0; OpenSSL 0.9.8n)  
2450 bug report: open ssl configuration problem with "no-idea"  
2460 OCSP server uses only IP6  
2461 Windows: Crypto DllMain() invokes getenv() CRT function  
2473 openssl-0.9.8i : How generate Import libraries for the export symbols in shared libraray  
2479 Fix for runtime exception when linking against win64a static libraries  
2485 Heap walking in RAND_poll causes deadlock in process on Windows Server 2008 R2 (x64) that uses libCurl, OpenSSL and ADO  
2487 Possible bug  
2493 [PATCH] Engines: Eliminate the unneccesary null check  
2494 [SEC FIX]: Add premaster cleaning for GOST ciphersuites: All platforms, 1.0.0d  
2496 [PATCH] Fix compile problems when various ciphers are disabled  
2498 [PATCH] iOS Support  
2500 [bug-report] Configure with shared option on BSD systems  
2509 BUG/ENHANCEMENT: ciphers(1ssl) doesn't list some algos (or their selection is not possible at all)  
2510 [PATCH] ebcdic issues: Bad time value when issuing openssl x509 -text -in  
2512 [PATCH] Fix for BIO_new_accept()  
2515 patch - add new aes xts modes to lookup table  
2520 Bug Report  
2521 Enhancement Request  
2523 Patch to use standard RFC 5054 constants and behavior for TLS-SRP (OpenSSL 1.0.1)  
2525 [PATCH] Enhancement: Output Format for req Keys  
2530 crypto/dsa/dsa_gen.c::dsa_builtin_paramgen has potential uninitialized seed  
2532 [PATCH] Fix insufficient privilege checking  
2534 Hardcoded MIN_LEN prevents using VALID passphrase from stdin  
2536 Memory leak in d2i_RSA_PUBKEY() (concise test code included)  
2539 bug: OpenSSL 1.0.0d - unexpected DTLS handshake retransmits  
2545 Openssl-1.0.0d fails to install on MacBook Air  
2547 [Bug report / Linux / openssl 0.9.8k-7ubuntu8.6] openssl genrsa creates world readable private key files  
2552 PATCH: add ability to print root certificate 'issuer' field when using openssl verify  
2554 Patch: AF_ALG dynamic engine for linux >= 2.6.38  
2558 [patch] make windres controllable via build env var settings  
2561 Memory leak with SSL built-in compressions  
2565 More tolerant detection of XMPP starttls sequence  
2574 [PATCH] ECC point coordinate blinding  
2583 confusing output on windows build in openssl1.0.0d  
2584 ssltest -test_cipherlist bug incorrectly skipping ciphers  
2585 Diffie  
2590 change commonName entry for default openssl config file  
2591 bug report : cryptlib.c : within CRYPTO_thread_id() use pthread_self() instead of getpid()  
2595 Capitalize X509 subject key STREET according to rfc1779  
2597 bug report (pkcs12.c)  
2599 Support for SHA256 and other MDs in X509 SubjectKeyIdentifier - PATCH  
2601 Support for use of sha256 for certificate comparisons - PATCH  
2610 Bug(?): both the "!SSLv3" and the "!TLSv1" cipher strings seem to mutually delete the ciphersuites from the other set as well  
2611 [PATCH] Support of TLSv1 in s_time  
2612 Segfault protection in X509v3 extension API - PATCH  
2615 BIO_flush segmentation fault with SSL BIO  
2616 Missing initialization in the CHIL engine  
2617 pkeyutl fails depending on order of options - PATCH  
2622 Buffer overflow using UI_add_input_string  
2630 Segmentation-fault in ssleay_rand_bytes() after generating a large (INT_MAX) random buffer  
2631 Incompatibility with iOS 5 ?  
2634 Fail to verify server with a trusted CA root in the middle of the chain  
2638 s_client -servername BLAH not honoured with -starttls xmpp  
2640 [PATCH] support xmpp servers in starttls  
2641 Move the libraries needed for static linking to Libs.private  
2643 Possible bug in 1.0.0e - make fails when using "no-ecdh" config option  
2649 'make' or 'make install' failed when in another Makefile  
2650 major ssl read/ write performance improvement - updated  
2654 [PATCH] support LDFLAGS in Makefiles  
2659 Problem with DH Exchange with the Oakley Groups (RFC 2412)  
2662 NPN patch breaks DTLS Finished exchange  
2664 config does not allow disabling npn  
2666 Enhancement request/Bug request (bit of both)  
2667 Add -starttls irc support to s_client  
2668 Compilation failure with IPV6 : patch  
2670 [BUG] OpenSSL 1.0.1 beta 1 released (on VMS FAILED)  
2674 [PATCH] Fix compilation on GNU/Hurd and GNU/kFreeBSD  
2676 1.0.1-beta1 issue: RSA exponent 1 is NOT ok  
2679 1.0.1-beta1 issue: Wrong Error Message for short RSA-key  
2680 1.0.1-beta1 issue: Public EC key is shown as private with -text option  
2688 OpenSSL 1.0.1 beta 2 report on Cygwin 1.5.25  
2691 [Bug] gost89_get_asn1_parameters fails  
2692 [OpenSSL 1.0.1 beta 2] SHLIB_VERSION_NUMBER  
2699 openssl dgst -sha1 -verify ... sais verification failure whet it is ok in a concrete set of data  
2712 Be more liberal when trying to recognize the XMPP starttls headers  
2722 ssleay_rand_add and ssleay_rand_bytes donot work stably in low resource environment  
2740 infinite loop in nonblocking SSL_shutdown() upon permanent error  
2741 [PATCH] 1.0.1-beta3 fails to build on Windows if --with-fipsdir is used  
2752 objects.txt - update of extended key usage  
2753 Patch: let application explicitly seed RNG on Unix  
2754 Ugly interaction of (openssl x509)'s option -x509toreq with -outform/-text/-noout  
2758 Bug in use of CRYPTO_ex_data  
2759 SSL_read / SSL_ERROR_WANT_READ / ENOTCONN infinite loop  
2766 TLS 1.2 Compliance - IDEA cipher not disabled  
2767 test/testssl script does not exercise TLS 1.2  
2770 openssl cryptodev fixes  
2772 Bug w/ patch: OpenSSL 1.0.1 rejects empty NewSessionTicket  
2774 OpenSSL 1.0.1 doesn't compile when configured with "no-tls1"  
2777 OpenSSL 1.0.1 TLS Version Handling Errors  
2787 [PATCH] enc: compress before compress/base64 is applied  
2801 Lost alert if client receives bad hello in dtls1_read_bytes  
2808 [PATCH] DTLS/SCTP Finished Auth Bug  
2809 [PATCH] DTLS/SCTP struct authchunks Bug  
2812 BUG: infinite loop when using s_client's xmpp starttls operation  
2815 Windows build with Cygwin perl redirecting output incorrectly  
2818 [patch] Cipher list TLSv1.2 as token; ciphers(1) update  
2819 [patch] Cipher list TLSv1.2 as token; ciphers(1) update  
2823 Bug: FTBFS compiling openssl 1.01c with musl libc  
2824 Bug ? - Not Thread-safety for SSL Key usage im requests ?  
2829 OpenSSL port in FreeBSD: DTLS networking problem  
2831 patches for openssl 1.0.1c digest stuff  
2833 BIO_CTRL_DGRAM_QUERY_MTU handling is wrong due to bad getsockopt() use  
2839 [PATCH] Support DTLS compatibility with DTLS1_BAD_VER client  
2840 [PATCH] Restore alg_section to 1.0.1c  
2851 cms command - Request to handle S/MIME v3.2 mail  
2855 [PATCH] Fix forward loops in Squid 3.2  
2856 cryptlib.c: dynlock destroy call during (un)locking  
2857 ssleay32's buffer check bug ?  
2860 [PATCH 0/4] Improve XMPP protocol support for starttls on s_client  
2864 ASN1_STRING_to_UTF8: fix uninitialized memory read  
2865 Shared build broken in 1.0.1c  
2867 des_ede3_cfb1_cipher(): output cropping  
2868 [patch] CA - change order of gencrl and revoke  
2869 [PATCH] DTLS Mobility support  
2870 OpenSSL 0.9.8o 01 Jun 2010 configuration file dir bug  
2871 bug report  
2872 Bug Report  
2873 [Bug] -noemailDN only affects Subject DN  
2877 openssl rand does not check write(2) return code  
2878 [PATCH] s_client -fd  
2880 Modification of the capi engine to support loading key from CERT_SYSTEM_STORE_LOCAL_MACHINE  
2881 [BUG][PATCH] TLS 1 & 1.1 client ciphersuites incorrectly truncated  
2883 bugs in crypto/asn1/tasn_new.c and crypto/srp/srp_vfy.c  
2885 SSL_accept segfault  
2886 openssl cms cmsout serial number output format  
2887 [PATCH] decode more message/content types in apps  
2889 safestack macros fail for C++ compilers that care about extern "C" function types  
2890 ERR_string_error passes wrong buffer size  
2891 deadlock in X509_PUBKEY_get without recursive mutexes  
2894 [Bug] openssl crl -nameopt has no effect  
2899 bug in openssl tool: User Notice Explicit Text is not shown  
2901 no-rsa build bug in 1.0.1c  
2902 [PATCH] add strings for SSL state related to Next Protocol Negotiation  
2905 Double locking bug added in openssl-1.0.0h crypto/asn1/x_pubkey.c  
2906 enhancement: test suite won't work when parent directories have spaces  
2911 enhancement request: Windows RT support  
2912 Error in SSLv23 connection to some servers  
2913 Incorrect salt length indication for RSA-PSS signatures  
2914 Crash in x_name.c on out of memory  
2916 EAP-TLS error: RSA_padding_check_PKCS1_type_1:block type is not 01  
2918 [PATCH] Testcase for GOST R 34.11-94 (openssl/engines/ccgost/gosthash.c)  
2919 [Bug] Incorrect return code and printing of modulus in dsa module  
2920 Problems building openssl-1.0.1c on 64bit PA-RISC HPUX  
2923 X509_cmp() introduces unnecessary dependency on SHA1  
2924 X509_verify_cert() fails unsafe if check_issued() fails  
2925 RSASSA-PSS trailer field and salt length representation  
2927 Domain names that exceed 61 characters  
2928 openSSL 1.0.1c serious bug in Win32 makefiles, easy to fix: linker binary variable name LINK collides with buildsystem variable LINK . please rename  
2933 [Bug] Days wrong if -enddate is passed to openssl ca  
2934 A set of fixes for non-working hardware RNG set as default  
2939 Re: [FIX] 1.0.0d: All platforms: GOST server MUST check correctness of shared UKM  
2941 Memory leaks in ca.c  
2943 Bug Report: openssl enc -bf silently ignores key data after the first 128 bits  
2944 PVS-Studio and OpenSSL  
2945 bug: linking static OpenSSL 1.0.1c on EL6 seems to cause breakage  
2947 leap year date handling  
2949 OpenSSL bug  
2953 s_server to show connection duration and transfer speed  
2957 genpkey for DH key generation does not honor recommended private length  
2960 protocol bug in s2_pkt.c  
2961 [PATCH] Enhance DH Paramgen to allow setting of "recommended private key size"  
2964 OBJ_nid2obj() result value should be const  
2965 [PATCH] dgst: Prepend digest type when reading from stdin, too  
2967 Minor Bug - Options Missing from Application Usage  
2968 Possible bug report  
2969 bug/enchancement request  
2970 Re: pkg/47521: security/openssl mastersites completion and communication with upstream -- contribution  
2976 openssl x509 is hardcoded to require CSR in PEM format  
2977 CVS still mentioned on openssl.org pages  
2980 bug report: s_time slow with -www and -reuse  
2986 aix building of openssl-1.0.1e  
2987 "openssl speed" bug with the -multi option on multi-core/processor environments  
2995 [PATCH] - Added ability to set the iteration count for the enc function of the openssl commandline tool.  
2997 Problems with build because of compiler warnings, etc.  
2998 Linking libgost.so  
2999 Incomplete fix to remove SSL3_RECORD->orig_len  
3007 BUG: OpenSSL 1.0.1e VC-WIN64A build fails when configured with 'no-ec'  
3008 Possible bug when using DTLS with a BIO pair  
3009 test failure, x64 openssl 1.0.1.e on OS X  
3010 [BUG] Dynamic engine error handling crash  
3012 bug report - excess free  
3013 Sending SCSV when TLS extensions are disabled  
3015 Bug with encoding / decoding Implicitly tagged, Optional GENERAL_NAMEs??  
3016 openssl ts fix  
3019 [PATCH] avoid null pointer dereference in ubsec_dh_generate_key()  
3028 PEM_X509_INFO_read_bio() fails to process RSA private key if in initial position (regression in OpenSSL 1.0.0 and later)  
3032 Possible openssl bug - EVP_CIPHER_CTX_iv_length dont report correct value after EVP_CTRL_GCM_SET_IVLEN  
3035 Patch to properly detect and default to 64bit on OSX  
3045 bug report: AES XTS fails for data unit size > 4KB  
3048 [Bug] openssl-1.0.1e-fips-2.0.3 Illegal instruction  
3050 x509 PEM certificate input parsing bug  
3053 [PATCH] Check for null pointer in cms envelopedData  
3056 Add secure DSA nonce flag.  
3058 support for intel compiler on Windows  
3064 [PATCH] small_prime_generation  
3069 An enhancement to EC key generation to enable compact point representation  
3072 Strange behaviour when talking to microsoft exchange  
3077 rbuf_freelist and wbuf_freelist corrupted.  
3078 Makefile: install rule builds components  
3079 FIPS Capable 1.0.1e with no-shared and -no-comp fails to compile  
3081 openssl-fips-2.0.N  
3082 [PATCH] Filter listed protocols from help options based on compile settings  
3083 [PATCH] Adds sanity checking to malloc()/calloc()/alloca() calls in OpenSSL 1.0.1c  
3084 openssl-1.0.1e: Configure lacks disable of SSLV2 and Compression by default  
3085 config on *nix does not reject incorrect arguments  
3086 Re: OpenSSL  
3088 openssl crl - verify a CRL signature  
3091 ms\ntdll.mak bug  
3092 BUG: Verify return code: 20 (unable to get local issuer certificate) with openssl 1.0.1  
3096 OpenSSL 1.0.1e: valgrind errors with -DPURIFY set  
3098 Enhancement - Validation of country code  
3099 bug report  
3100 [patch] remove some useless code in BN_uadd  
3105 [PATCH] config matches OUT with full os/compiler line  
3109 [openssl.org #3041[PATCH] DTLS message_sequence number wrong in rehandshake ServerHello  
3115 s3_srvr.c out-of-bound dereference (minor bug)  
3119 bug (minor) & suggestion for a fix  
3121 Request concerning revoke system for openSSL  
3123 [openssl.org ##2823] Bug: FTBFS compiling openssl 1.01c with musl libc  
3124 potential bug in ssl/s3_cbc.c  
3131 [PATCH] Added -signerhash flag to sign files with cades extensions.  
3133 minor make install improvement for Windows/Visual Studio in ms\nt.mak  
3135 Not all items displayed by list-cipher-commands are in OBJ_sn2nid()  
3136 [PATCH] get rid of extra space when printing -subject and -issuer in x509  
3137 The behavior of CRYPTO_set_mem_functions() in FIPS mode  
3138 80-bit Elliptic Curves with !MEDIUM !LOW !EXP cipher list  
3143 ENGINE_load_rdrand sane failure code  
3145 openssl auto install to /usr/local/lib64  
3153 [bug report] native issetugid function not used under Solaris  
3155 Bug report: S/MIME base64 decoding fails on files that have 76 base64 characters per line  
3157 PATCH Win32/64 openssl 1.0.1e fixes  
3158 [bug] bad output for 'openssl ciphers -ssl2' built with 'no-ssl2'  
3159 [Bug with PATCH] Null pointer dereference in ssleay_rand_bytes() and etc.  
3163 [PATCH] DSTU-4145-2002 engine implementation  
3164 [PATCH] require DH group of 1024 bits  
3166 RE: Possible bug/leak in OpenSSL ssl/bio_ssl.c:ssl_ctrl(BIO_CTRL_POP)  
3167 openssl pkcs8 does not convert from PKCS8 to "traditional format private key"  
3168 PKCS12 bug when using same file for export password and key passphrase  
3171 integer undefined behaviors  
3180 Brainpool Elliptic Curves in OpenSSL version 1.0.2 - Re: #2239: [PATCH] RFC 5639 support  
3181 [PATCH] OCB  
3185 Patch to add -tls switch to s_client  
3186 Problem in configuring SSL in OPENLDAP  
3187 openssl rand -hex 4294967297 generates only 1 byte (2 hex digits)  
3190 Patch to add -tls switch to s_server  
3196 Default CRYPTO_THREADID for Mac OS X with Posix Threads  
3197 Patch for config and darwin64 on Mac OS X  
3204 J-PAKE test fails  
3205 [PATCH] Bring TLS Extension Support Up To Date w/RFCs (ALPN, RFC6961, RFC6962)  
3212 smime verification failure  
3215 [bug report] SSLv23 connection fails but SSLv3 works  
3219 OpenSSL - AES in SSLv3.  
3222 [PATCH] asn1,evp: Add delete functions for app methods  
3225 make 'failure'  
3226 [PATCH] crypto/srp/srp_lib.c: add/correct some error handling  
3228 Bug report: openssl 1.0.1f build fails with "make: invalid option"  
3230 Deficiency in the Perl script openssl/crypto/objects/objects.pl  
3233 'make depend' emits warnings on OSX wth 1.0.1f  
3236 support for DNSSEC in openssl  
3240 [PATCH] Efficient 1024-bit and 2048-bit modular exponentiation for AVX512 capable x86_64 processors  
3256 [PATCH] RSA512+SHA512 incompatibility results in errors  
3258 [RFE] Enable large Discrete Logarithm Diffie-Hellman groups  
3276 Possible Bug/Opportunity for Improvement when loading ECDSA Key/Cert (Feature Request?)  
3358 openssl should create private keys with stricter permissions  
3388 Locking inefficiency  
3391 [PATCH] NULL function pointer call in n_ssl3_mac (ssl/s3_enc.c)  
3422 Misaligned pointers for buffers cast to an unsigned int* in md32_common.h  
3423 Undefined behavior in crypto/cast/c_enc.c  
3447 Build environment updates  
3454 remove OPENSSL_SYS_WIN constraint for EC_GFp_nistp224_method()  
3455 Compile error on Tandem NonStop (including patch)  
3458 PATCH: ensure debug builds with GCC include -g3 -ggdb  
3461 PATCH: expanded explanation of PEM ENCRYPTION  
3463 [PATCH] Add support of no_application_protocol alert in ALPN protocol selection  
3464 openssl s_client waiting for input on Windows  
3472 PATCH: Update info on PKCS8 command and -iter option  
3474 selected processor does not support ARM mode `mrrc p15,1,r0,r1,c14'  
3477 [PATCH] RFC3447 multi-prime RSA functionality and additional acceleration via AVX2 instructions  
3479 BIO_read_filename() does not handle UTF-8 on Windows, as BIO_new_file() does.  
3484 s3_pkt.c build failure for openssl-SNAP-20140804  
3485 Windows mingw test failure 20140805  
3487 Possible Bug: Crash in dtls1_do_write  
3491 Cert signing request verification false positive.  
3493 Fix rsa_test  
3495 Enhance SSL_load_client_CA_file  
3496 report :CVE-2014-0224 security issue not fixed in openssl 1.0.1h  
3497 Move dclean actions to clean Nice to have 
3498 RE: AW: Platform query  
3500 Adopting single-Makefile build structure  
3503 BUG: "make dclean" results in duplicate symbols on subsequent make's  
3505 rewrite c_rehash in C  
3507 [PATCH] Fix memory leaks.  
3509 Bug: RANDFILE environment variable not honored when RANDFILE is set in config file  
3510 Clang warning/error fixes  
3513 bug report - 1.0.1i x509req challenge password  
3514 BUG: openssl fails to downgrade tls protocol version during SSL handshake, when client tries to resume tls1.2 session  
3517 Cipher suites should be case-insensitive  
3518 Move RC4 and MD5 ciphers to LOW, post-1.0.2  
3520 [PATCH] 1.0.1e: Configure: Correctly Handle GCC/clang/LLVM -arch and -isysroot Options  
3521 [PATCH] 1.0.1e: Configure: Correctly Handle GCC --sysroot Option  
3522 [PATCH] 1.0.1e: Configure: Allow the apps, test and tools directories to be configured out of DIRS.  
3523 bug report: s_client writes to STDERR  
3526 [Patch] Removed the dependency on the obsolete TERMIO.h for linux 32 and 64bits.  
3527 [PATCH] OpenSSL doesn't build as a DLL on Windows  
3528 [PATCH] ssl: SSL_MODE_ASYNC_KEY_EX  
3529 [PATCH] ASN1 generation: allow bit strings ending with zero regardless of length  
3531 [PATCH] fix a crash in dsa_do_sign() from openssl-fips-2.0.7  
3532 FW: [openssl] Build on Windows fails if cloned with git (#174)  
3533 [PATCH] Ensures that EVP encryption & decryption operations check the encrypt flag on the context.  
3535 TS high-precision time malformation  
3536 [PATCH] make locking code in load_builtin_compressions() look less scary  
3537 Bug in TS_check_status_info() and misleading comments  
3543 Remove #ifdef LINT fluff  
3545 [PATCH] Fix a typo: distrubution  
3546 Remove IRIX_CC_BUG #ifdef's  
3548 Remove some unsupported platforms  
3553 [ENHANCEMENT REQUEST] AES Key Wrapping with Inverse Functions  
3555 OCSP Stapling Enhancement (diff included)  
3557 -nameopt utf8 behaviour in openssl 1.0.1i  
3559 Weak digest for (EC)DH key exchange when connecting to SNI defined host  
3561 bug report: openssl prints wrong pre_master secret in debug mode  
3562 leading dots in nameConstraints ... bug report and patch  
3563 remove team-member specific targets from Configure  
3569 [PATCH] fix NetWare compilation with branch 1.0.1 / 1.0.2  
3570 [DOC] ciphers(1) documentation  
3572 [BUG] Memory leak in DTLS re-negotiation  
3573 Building win64 openssl static library with no-ssl3 option fails on 1.0.1j  
3574 Bug Report: Misleading comments about SSLv23_method  
3579 [PATCH] support building with MinGW under msys2  
3580 [PATCH] Print correct help message (according to configure)  
3581 POODLE - Is there a way for a central ciphers configuration  
3582 Request openssl-1.0.1j Makefile: move build_tests to do in test  
3584 Bug Report/Patch: OpenSSL 1.0.1j - Helgrind/DRD reports Possible data race during write  
474 [PATCH] Crypto Engine Support for Chrysalis-ITS  
590 BUG REPORT: X509_get_signature_type() returning NID_undef  
832 ocsp and dsa key+socket option SO_REUSEADDR for responder  
1207 [PATCH] SSL compression methods free function  
1210 Bug: CRL and Certificates  
1261 [PATCH] Binary S/MIME handling in openssl smime (0.9.8a)  
1364 index.txt corruptions  
1365 PATCH: Adding IPv6 support to s_client and s_server  
1497 Issue: PKCS#12 export with empty password produces incorrect encoding of MacData in PFX object  
1596 Re: wrong AKI in cert  
1709 DTLS BUG: retransmition of handshake messages does not work  
1736 Enhancement Request: do away with error in chil engine in absence of dynamic locks  
1737 [PATCH openssl 0.9.8g] s_client: add sieve starttls protocol support  
1743 crasher due to lack of threadsafety on names_lh  
1802 Bug report: Persistent memory leak that cannot be freed  
1833 [PATCH] Abbreviated Renegotiations  
1851 [PATCH] "openssl verify -CAfile mutil_ca.pem site.cert" fails even if mutil_ca.pem contains the chain for site.cert  
1866 openssl verify needs better error reporting  
1979 Add uClibc support  
1995 Man pages for the "rsa" utility should clearly state what output formats are used  
2019 [PATCH] Optimize handling of TLS SNI extension when resuming a session (server side)  
2036 bug report: TLS session resumption not checking for existence of client finished message  
2037 GENERAL_NAME IPv6 parsing bug....  
2047 [PATCH][Beta3] Fix IPv6 handling in BIO_get_accept_socket()  
2051 [PATCH] IPv6 support for s_client, s_server and DTLS  
2071 Few more manual page (was: What does cache field in X509_STORE struct do?)  
2145 [PATCH] New parameter "signing_digest" for TS module  
2195 [PATCH] Set default field separator in do_name_ex() ("nameopt" switch)  
2212 Override DH bits restriction  
2245 [PATCH] Add /Zi to VC++ CFLAG in debug configuration (1.0.0 and 0.9.8)  
2246 dtls1.h includes winsock.h, overriding the #undefs from ossl_typ.h on Windows  
2271 bug report / enhancement request  
2275 CVS HEAD: BIO b_sock: ioctl(FIONBIO) is not available everywhere; completed BIO_socket_nbio() so the #ifdef clutter in apps/* and other spots can be discarded after this  
2302 Bug with GOST in TLS connection  
2316 Build issue on Tru64 (Dl_info must specify a type)  
2327 bug report  
2361 win32: non-blocking BIO_do_connect() returns wrong value  
2365 Limitations of ENGINE interface hamper performance on modern hardware  
2397 openssl x509 stops outputting just before printing Issuer when using nameopt dn_rev  
2399 Request: Allow "-no-xxx" options in ./config for FIPS build  
2408 [OpenSSL >= 1.0.0 Enhancement] Additions to timestamp support  
2417 [Enhancement] X509 verification with OCSP support  
2449 [BUG] openssl 1.0.0d warnings during build and ACCVIO on OpenVMS  
2459 ecdsa_method declaration prevents use in implementing a dynamic engine  
2463 [PATCH]: OpenSSL 1.0.0d: Add abbility to load server certificate by ENGINE.  
2464 [PATCH] Experimental TLS-RSA-PSK support for OpenSSL  
2480 ./config shared no-rc2 no-rc4 no-des no-ssl2 ... make test fail  
2481 Full-duplex SSL/TLS renegotiation failure (reproducible 100% of the time)  
2484 [PATCH] DTLS: wrong fragment reassembly  
2497 [PATCH] Improve RSAOaep Error Handling  
2524 openssl 1.0.0d bug report/ query  
2535 [PATCH] Add SCTP support for DTLS (RFC 6083)  
2551 [PATCH] All platforms: Option to disable sending renegotiation_info extension.  
2562 Adding cfi/fpo records to asm (fix backtrace when debugging)  
2568 enhancement request: remove ECC engine support's limitation  
2571 OCSP send request fails if OCSP server with vhost or reverse proxy  
2578 s_client bind ip  
2581 bug: Why do these 12 lines of Win32 code work on XP but hang forever in Vista and Windows 7?  
2582 [PATCH] Efficient and side channel analysis resistant 512-bit and 1024-bit modular exponentiation for optimizing RSA1024 and RSA2048 on x86_64 platforms")  
2635 1/n-1 record splitting technique for CVE-2011-3389  
2644 bug report  
2652 [PATCH] OpenSSL 1.0.1 OpenVMS issues  
2653 [BUG] OpenSSL 1.0.1 OpenVMS issues on VAX  
2669 make test failure  
2673 Bug report: OpenSSL Memory leak in B64 encode  
2698 [PATCH] Allow the use of startdate and enddate for ca -gencrl command  
2718 openssl-fips-1.2.3: testsuite failures (SIGILL / Illegal instruction)  
2720 can't build with no-tlsext  
2732 Bug: verification fails if muliple certification path (EV/Verisign)  
2747 valgrind suppressions file to suppress warnings from Python/openssl  
2749 SSL_shutdown() doesn't need to ever return 0  
2750 [BUG] spec file doesn't properly build for lib64  
2760 possible bug report: DSA_verify() doesn't correctly account for len  
2763 Possible bug - TLS 1.2 compliance  
2768 Bug: internal_verify() hides errors from callbacks after X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE  
2769 problem with openssl 1.0.1 and 512bits rsa key  
2779 OpenSSL 1.0.1 doesn't compile with NO_STDIO/NO_FP_API  
2782 BUG report: RSA private key serializer  
2784 [PATCH] Eefficient implementations of SHA256 and SHA512, using the Simultaneous Message Scheduling method  
2805 uplink-x86_64-pl-script error when running "ms\do_win64a" on windows 7-64bit command line  
2816 bug report on openssl version 1.0.0d , windows server 2008 64 bit  
2825 Bug: Unable to connect to WPA enterprise wireless  
2834 bug report: i2d(sign(10)) results in 2573 encoded  
2835 question/proposal for openssl 1.0.1c to make do_ms.bat and do_win64a.bat somewhat more consisent + solve build errors for WIN64a.  
2850 [PATCH] Efficient and side channel analysis resistant 1024-bit modular exponentiation, for optimizing RSA2048 on AVX2 capable x86_64 platforms  
2884 bug in eng_cryptodev?  
2904 genpkey ignores "-outform DER"  
2907 Unresolved external referenced in function _EC_GF2m_simple_method when linking 1.0.1c w/ fips-ecp-2.0.2  
2915 [PATCH] Add an option to Configure to set the include directory for FIPS enabled builds  
2937 Handshake performance degradation in 1.0.1 and up.  
2958 Bug report: dtls handshake loops after 'certificate verify' packet loss  
2988 Makefiles should (usually) remove target before re-generating  
2990 Bug Report:openssl timezone issue  
2993 Openssl manual pages  
3003 Enhancement Request - RFC6698 (DANE) TLSA Support  
3036 openssl-0.9.8y config removes symbolic link /dev/null on Solaris  
3041 [Bug] DTLS message_sequence number wrong in rehandshake ServerHello  
3043 Bug Report d2i_PKCS8PrivateKey_bio() doesn't work for DH keys  
3054 [PATCH] Efficient and side channel analysis resistant 1024-bit and 2048-bit modular exponentiation, optimizing RSA, DSA and DH of compatible sizes, for AVX2 capable x86_64 platforms  
3073 [Patch] ALPN Implementation for OpenSSL  
3080 Android NEON and CFLAGS options  
3089 Building OpenSSL 1.0.1e with FIPS on Win64A  
3095 Incorrect result in HMAC functions when key is null  
3097 Incorrect revocation status with indirect CRL  
3101 [PATCH] Add CMP (RFC 4210) implementation  
3110 Adding support for x86_64 Cygwin  
3113 OpenSSL’s DH implementation uses an unnecessarily long exponent, leading to significant performance loss  
3116 Incostistency using GOST engine with openssl 1.0.1e  
3117 [PATCH] A fast vectorized implementation of binary elliptic curves on x86-64 processors  
3120 Minimum size of DH  
3129 Openssl not clearing session ticket upon handshake failure  
3149 [patch] Fast and side channel protected implementation of the NIST P-256 Elliptic Curve, for x86-64 platforms  
3150 Bug Report (with trivial fix): fips module segfault  
3165 tru64-alpha-cc compatibility fixes  
3182 Bug in OpenSSL 1.0.1e 586 assembly optimized AES_cbc_encrypt  
3183 SSL_set_SSL_CTX() should apply more settings from the SSL_CTX being switched to  
3198 [PATCH] Fix missing NULL pointer checks and memory leaks in crypto/asn1 files  
3203 Normalize PFS key exchange labels  
3217 [PATCH] changes in 1.0.0l and 1.0.1f required for OpenVMS  
3231 default ciphers include insecure export cipher suites  
3234 [bug] openssl defaults to using tls compression  
3248 Bug - OpenSSL 0.9.8 crashes randomly at the call to BIO_test_flags()  
3252 OpenSSL v1.0.1f issue: decryption failed or bad record mac:s3_pkt.c:484  
3266 [PATCH] Add the SYSTEM cipher keyword  
3282 [PATCH] Fix PKCS8/PKCS12 EncryptedPrivateKeyInfo decryption when password is empty  
3297 XXX_process_heartbeat() not checking return value of OPENSSL_malloc() Normal 
3299 Allow setting custom cipher strings in the openssl config file. Wishlist 
3300 Added the .include directive in openssl configuration file. Wishlist 
3305 Cppcheck report  
3311 [PATCH] Introduce GOST R 34.11-2012 hash function Wishlist 
3315 Why does the linker complain about undefined symbols?  
3322 [PATCH] ccgost to use configured params for 28147-89 in CNT and IMIT mode  
3324 [PATCH] Remedy the coding style after heartbleed  
3328 [PATCH] Support for GOST R 34.10-2012 digital signature algorithm Wishlist 
3331 [PATCH] respect LDFLAGS during build  
3333 [PATCH] Revert "Make Makefiles OSF-make-friendly." Normal 
3349 Bug report: X509_check_akid() identifies non-self-signed certificate as its own issuer  
3383 ASM support questions for openssl 1.0.1g. in MIPS64 CPU.  
3397 Fwd: [PATCH] x86_64 asm: fix bn_mul_mont on odd-len BNs  
3404 Bug report  
3420 Magic constants in SSL_CTX_set_tlsext_ticket_key_cb() and .pod  
3421 PATCH: return appropriate error if RDRAND not available  
3424 Misaligned pointers for buffers cast to a size_t*  
3427 crypto/bio/b_print.c: 2 useless if conditions ?  
3429 PATCH: Update to X509_check_host documentation  
3435 I updated George Shaw's 0.9.8e port to OS/400 from 2007  
3439 Memory leak bug  
3451 patch for x509.c  
3470 [BUG] DTLS abort  
3471 [PATCH] md5-asm-aarch64-29regs  
3476 Faulting module name: libeay32.dll, version: 1.0.1.8, time stamp: 0x539303fb  
3483 [BUG] DTLS/sctp crashes sporadically when remote endpoint closes connection  
3488 OPENSSL_config shouldn't exit()  
3489 [PATCH] DTLS/sctp stored shutdown memory leak  
3494 Possible sign bit bug in openssl 1.0.1i handling of 128-bit serial numbers  
3499 Bug: Multiple matching certificates in CAfile  
3502 nameConstraints bypass bug  
3534 When I build openssl-1.0.1i on Solaris 10, there are some error, please help to check what is the reason. Thanks.  
3539 x509 application supports additional fingerprint digests (sha2) not shown in help.  
3541 [PATCH] BN_nist_mod_521 fails on Windows ARM  
3550 patch  
3554 [PATCH] aesni-x86_64.pl: zeroize registers, Win64 ABI fix  
3556 Problem building openssl 1.0.1i in debug mode  
3560 OpenSSL selects weak digest for (EC)DH kex signing in TLSv1.2 when connecting to SNI virtual server  
3564 Build error OpenSSL 1.0.1i  
3566 openssl-1.0.1j make depend failes  
3576 Speed up AES-256 key expansion by 1.9x  
3578 Bug report, verify using CApath not working any more  

To report a new issue not mentioned here, please send email to rt@openssl.org.