Re: 288-1: openssl and stunnel

To: Arthur van Dorp <arthur_vd@gmx.net>
Cc: debian-security@lists.debian.org
Subject: Re: 288-1: openssl and stunnel
From: Robert Varga <robi@piros.zold.net>
Date: Wed, 23 Apr 2003 16:29:17 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.3.96.1030423162629.23512A-100000@piros.zold.net>
In-reply-to: <[🔎] 3E9EF2EA.4050900@gmx.net>


On Thu, 17 Apr 2003, Arthur van Dorp wrote:

> Todays security advisory about openssl speaks about possibly breaking
> existing applications:
> 
> > Unfortunately, RSA blinding is not thread-safe and will cause failures
> > for programs that use threads and OpenSSL such as stunnel.  However,
> > since the proposed fix would change the binary interface (ABI),
> > programs that are dynamically linked against OpenSSL won't run
> > anymore.  This is a dilemma we can't solve.
> 
> As I use stunnel I wonder what these problems might be. I've updated my
> testing machine which is set up similar to my production server and
> didn't find a problem yet. But my testing possibilities are limited on
> this machine.

I guess you won't get these problems when you are running stunnel in
pipe or pipe-client mode. It is supposed to run in multi-threaded mode
only when it is listening on a port.

Just my guess.

Regards,

Robert Varga

Reply to:

Follow-Ups:
- Re: 288-1: openssl and stunnel
  - From: Arthur van Dorp <arthur_vd@gmx.net>
- Re: 288-1: openssl and stunnel
  - From: Andreas Barth <aba-debian@not.so.argh.org>

References:
- 288-1: openssl and stunnel
  - From: Arthur van Dorp <arthur_vd@gmx.net>

Prev by Date: Re: Kernel ptrace Hole - Fix For i386 ?
Next by Date: iptables with no module support?
Previous by thread: Re: 288-1: openssl and stunnel
Next by thread: Re: 288-1: openssl and stunnel
Index(es):
- Date
- Thread