On Thu, Jan 7, 2021 at 1:53 PM Jan Just Keijser <janjust@xxxxxxxxx> wrote:
On 06/01/21 21:57, Michael Wojcik wrote:
>
> The same way you'd track down an intermittent cause of Undefined Behavior in any other program: some combination of dynamic monitoring, symbolic execution, static code analysis, source code review, testing variants, tracing, fuzzing, post-mortem analysis, and so on. This isn't specific to OpenSSL.
>
> But you're asking the wrong question. The correct question is: Why are you using an outdated version of OpenSSL?
possibly because:
$ cat /etc/redhat-release && openssl version
CentOS Linux release 7.9.2009 (Core)
OpenSSL 1.0.2k-fips 26 Jan 2017
?
Yes, using this openssl version coming with the OS.
