Bug 22615 - Cisco's implementation of the DTLS protocol
: Cisco's implementation of the DTLS protocol
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/openssl)
: unstable
: all Linux
: P3 normal
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2009-12-24 20:10 by
Modified: 2010-01-08 21:26 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-12-24 20:10:23
For openconnect package:

Cisco's implementation of the DTLS protocol unfortunately does not
comply with the relevant standards. We need some patches to OpenSSL to
be compatible with it.

For the 0.9.8 branch of OpenSSL, the required patch is
        http://cvs.openssl.org/chngview?cn=18037

This was included in OpenSSL CVS in April 2009 and should be in the
next release from the 0.9.8 branch, which will presumably be 0.9.8l.
OpenSSL 1.0.0-beta2 and later require no patching; all the required
support is already present.

PS: 05-Nov-2009 OpenSSL 0.9.8l is now available
------- Comment #1 From 2009-12-25 04:43:08 -------
(In reply to comment #0)
> For openconnect package:
> 
> Cisco's implementation of the DTLS protocol unfortunately does not
> comply with the relevant standards. We need some patches to OpenSSL to
> be compatible with it.
> 
> For the 0.9.8 branch of OpenSSL, the required patch is
>         http://cvs.openssl.org/chngview?cn=18037
> 
> This was included in OpenSSL CVS in April 2009 and should be in the
> next release from the 0.9.8 branch, which will presumably be 0.9.8l.
> OpenSSL 1.0.0-beta2 and later require no patching; all the required
> support is already present.
> 
> PS: 05-Nov-2009 OpenSSL 0.9.8l is now available

Unfortunately, 0.9.8l was released as 0.9.8k with just one change (so called
CVE-2009-3555 fix), without any changed available in OpenSSL_0_9_8-stable
branch at that time.

I've just fetched and pushed this change, please test:
http://git.altlinux.org/people/ldv/packages/?p=openssl.git;a=commit;h=ef8799678b107be51606d940a751fa6c3eaeb0b1
------- Comment #2 From 2009-12-25 13:52:07 -------
> I've just fetched and pushed this change, please test:
> http://git.altlinux.org/people/ldv/packages/?p=openssl.git;a=commit;h=ef8799678b107be51606d940a751fa6c3eaeb0b1

openconnect собрался успешно.
Его работу проверю позже.
Спасибо.
------- Comment #3 From 2010-01-08 21:26:51 -------
openssl098-0.9.8l-alt4 -> sisyphus:

* Fri Jan 08 2010 Dmitry V. Levin <ldv@altlinux> 0.9.8l-alt4

- Built for target linux-generic32 on ARM.
- Applied upstream crypto/{md5,sha1} build fixes (by Evgeny Sinelnikov
  and Kirill A. Shutemov).
- Applied upstream compatibility patch for Cisco VPN client DTLS
  (closes: #22615).