svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver

Dag-Erling Smørgrav des at
Wed Apr 9 14:01:29 UTC 2014

Bryan Drewery <bdrewery at> writes:
> Also, that this was a partial release of 1.0.1g is confusing a LOT of
> users. They think they are still vulnerable. They expect to see 1.0.1g
> in 'openssl version'. We could have our own version string in 'openssl
> version' to remedy this.

This is no different from what other OSes do, e.g. RHEL6.5:

% cat /etc/redhat-release 
Red Hat Enterprise Linux Workstation release 6.5 (Santiago)
% openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
% TZ=UTC rpm -qi openssl
Name        : openssl                      Relocations: (not relocatable)
Version     : 1.0.1e                            Vendor: Red Hat, Inc.
Release     : 16.el6_5.7                    Build Date: Mon 07 Apr 2014 11:34:45 AM UTC
Install Date: Tue 08 Apr 2014 05:18:52 AM UTC      Build Host:

which despite the version number and date is *not* vulnerable.

Dag-Erling Smørgrav - des at

More information about the svn-src-head mailing list