| #
de0e0e4d |
| 26-Nov-2022 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
vendor/LIBRESSL: Import LibreSSL 3.6.1
For a full list of changes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.6-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2
vendor/LIBRESSL: Import LibreSSL 3.6.1
For a full list of changes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.6-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.7-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.2-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.3-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.4-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.5-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.6-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.0-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.1-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt
show more ...
|
| #
8edacedf |
| 03-Nov-2020 |
Daniel Fojt <df@neosystem.org> |
vendor/libressl: upgrade from 3.1.4 to 3.2.2
Summary of notable changes:
* new TLSv1.3 implementation enabled by default for both client
and server
* new X509 certificate chain validator t
vendor/libressl: upgrade from 3.1.4 to 3.2.2
Summary of notable changes:
* new TLSv1.3 implementation enabled by default for both client
and server
* new X509 certificate chain validator that correctly handles
multiple paths through intermediate certificates
* new name constraints verification implementation which passes
the bettertls.com certificate validation check suite
* numerous leaks and out-of-bounds write fixed
* many improvements, refactoring, optimizations and code cleanups
See ChangeLog for details.
show more ...
|
| #
f015dc58 |
| 11-Sep-2020 |
Daniel Fojt <df@neosystem.org> |
vendor/libressl: upgrade from 3.1.3 to 3.1.4
Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certifica
vendor/libressl: upgrade from 3.1.3 to 3.1.4
Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as
part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous
behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of
the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a
malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order
to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default
in the client.
show more ...
|
| #
cca6fc52 |
| 18-Jul-2020 |
Daniel Fojt <df@neosystem.org> |
vendor/libressl: upgrade from 2.9.1 to 3.1.3
Summary of notable changes:
- fixed CVE-2019-1547 and CVE-2019-1563
- various side channels in DSA and ECDSA were addressed
- fixed PVK format output is
vendor/libressl: upgrade from 2.9.1 to 3.1.3
Summary of notable changes:
- fixed CVE-2019-1547 and CVE-2019-1563
- various side channels in DSA and ECDSA were addressed
- fixed PVK format output issue with openssl(1) dsa and rsa subcommand
- added cms subcommand to openssl(1)
- added -addext option to openssl(1) req subcommand
- added -groups option to openssl(1) s_server subcommand
- improved compatibility by backporting functionality and documentation
from OpenSSL 1.1.1
- added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1
- completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API
- ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
1.1.1 and enabled by default
- completed initial TLS 1.3 implementation, TLS 1.3 is now enabled
by default for the client side, with the server side to be enabled
in a future release
- provided TLSv1.3 cipher suite aliases to match the names used
in RFC 8446
For details see ChangeLog.
show more ...
|
| #
72c33676 |
| 20-Apr-2019 |
Maxim Ag <mewabg@yandex.ru> |
Update LibreSSL from version 2.4.4 => 2.9.1
Submitted-by: Maxim + v2 update to 2.9.1 stable
|
| #
f5b1c8a1 |
| 06-Sep-2016 |
John Marino <draco@marino.st> |
Import LibreSSL v2.4.2 to vendor branch
|