OpenSSL Security issues
Alan DeKok
aland at deployingradius.com
Tue Apr 8 21:35:16 CEST 2014
Arran Cudbard-Bell wrote:
> To be fair OpenSSL don't seem to be taking security seriously,
> this should have been caught by static analysis... except that
> code only gets submitted to Coverity sporadically, and they don't
> like using it because of the high rate of false positives.
Valgrind is almost useless with FreeRADIUS && OpenSSL, because of the
massive amounts of complaints about OpenSSL issues.
> You know what causes high rates of false positives? Weird fucked
> up code...
Yes. Valgrind isn't perfect, but I'd be surprised if all of it's
complaints about OpenSSL are wrong.
Alan DeKok.
More information about the Freeradius-Users
mailing list