Netgate SG-1000 microFirewall

Author Topic: HEADS UP: OpenSSL 1.0.1_4 (1.0.1c), OpenVPN, and ipsec-tools, and others.  (Read 13547 times)

0 Members and 1 Guest are viewing this topic.

Offline Mat Simon

  • Full Member
  • ***
  • Posts: 148
  • Karma: +9/-2
    • View Profile
Re: HEADS UP: OpenSSL 1.0.1_4 (1.0.1c), OpenVPN, and ipsec-tools, and others.
« Reply #15 on: February 08, 2013, 09:25:17 am »
Thanks Jim, hope to get more info after weekend. (better not completely break things before) ;-)

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21387
  • Karma: +1432/-26
    • View Profile
Re: HEADS UP: OpenSSL 1.0.1_4 (1.0.1c), OpenVPN, and ipsec-tools, and others.
« Reply #16 on: February 09, 2013, 12:03:41 am »
I wonder if it's related to this...
http://lists.freebsd.org/pipermail/freebsd-ports/2013-February/081259.html

They say 1.0.1e is coming soon because 1.0.1d was broken in various ways.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline Mat Simon

  • Full Member
  • ***
  • Posts: 148
  • Karma: +9/-2
    • View Profile
Re: HEADS UP: OpenSSL 1.0.1_4 (1.0.1c), OpenVPN, and ipsec-tools, and others.
« Reply #17 on: February 10, 2013, 01:02:57 am »
Jim, concerning LDAP - the weird thing is that it can't get the LDAP OU even without SSL so I'm not sure whether it's only an OpenSSL issue.
But first I need to get onto a snapshot with fixed OpenSSL & working route addition (other thread) before I dare test LDAP again. ;-)

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4949
  • Karma: +195/-40
  • Debugging...
    • View Profile
I was just sitting here thinking how important it be that my CAs be valid in 2038...
Because we all will be on the stuff we build today in 2038.

Offline firewalluser

  • Hero Member
  • *****
  • Posts: 862
  • Karma: +20/-15
    • View Profile
Dont know if this has been reported.

Trying to create a new Internal-CA
Key Length 4096
Hash SHA512
Days 3650
CountryCode: Mil

Fill in the rest of the fields and you will get this error message.
The following input errors were detected:

    openssl library returns: error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long


If you dont choose Mil you can create an internal CA.

FWIW.

Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

Asch Conformity, mainly the blind leading the blind.