Linux Binary & Heartbeat Security Issue

57 views
Skip to first unread message

aspe...@gmail.com

unread,
Apr 13, 2014, 2:08:25 AM4/13/14
to mongoos...@googlegroups.com
Hello Mongoose!

I am a Mongoose Linux user user.

First off I noticed your new downloads page doesn't have any linux builds. Is there plains to add this?

I got Mongoose off of this page:

https://code.google.com/p/mongoose/downloads/detail?name=mongoose-lua-sqlite-ssl-static-x86_64-5.1&can=2&q=

It says it includes ssl, and in the source it seems you statically link the binary with openssl (https://github.com/cesanta/mongoose/blob/master/mongoose.c#L133)

What version of openssl is included? Has it been patched for heartbleed? http://heartbleed.com/

Best wishes!

Sergey Lyubka

unread,
Apr 13, 2014, 3:21:21 AM4/13/14
to mongoose-users, in...@wolfssl.com

Hi,

Recent versions of Mongoose binary (since 5.3, as per http://cesanta.com/docs/ReleaseNotes.shtml) do not have built-in SSL support. Earlier versions do. However OpenSSL was never used by released Mongoose binaries, it has always been WolfSSL (http://wolfssl.com). 

WolfSSL is great and provides industry-grade SSL implementation. WolfSSL has OpenSSL compatibility layer meaning that source code that targets OpenSSL can be built with WolfSSL.


So Mongoose users that are using earlier binary releases are safe.

Sergey.



--
You received this message because you are subscribed to the Google Groups "mongoose-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongoose-user...@googlegroups.com.
To post to this group, send email to mongoos...@googlegroups.com.
Visit this group at http://groups.google.com/group/mongoose-users.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages