Print

Print

@amadio commented on this pull request.

In src/XrdCrypto/XrdCryptosslCipher.cc:

> @@ -47,6 +47,21 @@
 #include <openssl/param_build.h>
 #endif
 
+// Hardcoded DH parameters that are acceptable to both OpenSSL 3.0 (RHEL9)
+// and 1.0.2 (RHEL7).  OpenSSL 3.0 reworked the DH parameter generation algorithm
+// and now produces DH params that don't pass OpenSSL 1.0.2's parameter verification
+// function (`DH_check`).  Accordingly, since these are safe to reuse, we generated
+// a single set of parameters for the server to always utilize.
+const char dh_param_enc[] =

Shouldn't this be a static const char?


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/pull/2026/review/1467008240@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/2026#pullrequestreview-1467008240", "url": "https://github.com/xrootd/xrootd/pull/2026#pullrequestreview-1467008240", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1