6f5ec8b5 | 27-Nov-2022 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
libressl: Local modifications after the upgrade (refs #3333)
libressl: - Adjust Makefiles to include a number of source files that have been either added or moved around. - Bump shlib. -
libressl: Local modifications after the upgrade (refs #3333)
libressl: - Adjust Makefiles to include a number of source files that have been either added or moved around. - Bump shlib. - Forcibly compile in engines by removing OPENSSL_NO_ENGINE which no longer seems to be valid to have a full build. We wanted to avoid doing hacks to bypass the OPENSSL_NO_ENGINE requirement. As far as we know the engine code is disabled anyways. librecrypto: - Adjust Makefiles to include a number of source files that have been either added or moved around. - Bump shlib. ldns: - Remove HAVE_EVP_DSS1 from config.h to avoid using removed LibreSSL API functions. crytpsetup: - Adjustments to use the new API. dc: - Adjustments to use the new API. nc: - Add more source files to the Makefile from libtls, which are now required.
Testing-and-fixes: @dillon, @tuxillo, @aly
show more ...
|
f015dc58 | 11-Sep-2020 |
Daniel Fojt <df@neosystem.org> |
vendor/libressl: upgrade from 3.1.3 to 3.1.4
Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates instead of only RSA certifica
vendor/libressl: upgrade from 3.1.3 to 3.1.4
Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default in the client.
show more ...
|