git: vendor/libressl: upgrade from 3.1.3 to 3.1.4
Daniel Fojt
deef at crater.dragonflybsd.org
Sat Sep 12 02:03:17 PDT 2020
commit f015dc589551ad8356ba343b70d1889885249ae4
Author: Daniel Fojt <df at neosystem.org>
Date: Fri Sep 11 16:58:25 2020 +0200
vendor/libressl: upgrade from 3.1.3 to 3.1.4
Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as
part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous
behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of
the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a
malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order
to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default
in the client.
Summary of changes:
crypto/libressl/ChangeLog | 25 +++++++++
crypto/libressl/VERSION | 2 +-
crypto/libressl/include/openssl/opensslv.h | 4 +-
crypto/libressl/ssl/ssl_locl.h | 18 +++---
crypto/libressl/ssl/ssl_sigalgs.c | 8 ++-
crypto/libressl/ssl/ssl_tlsext.c | 49 ++++++++++++++--
crypto/libressl/ssl/t1_lib.c | 23 ++++++--
crypto/libressl/ssl/tls13_client.c | 90 ++++++++++++++++++++++++------
crypto/libressl/ssl/tls13_legacy.c | 42 +++++++-------
crypto/libressl/ssl/tls13_lib.c | 7 ++-
crypto/libressl/ssl/tls13_record_layer.c | 19 ++++---
11 files changed, 218 insertions(+), 69 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f015dc589551ad8356ba343b70d1889885249ae4
--
DragonFly BSD source repository
More information about the Commits
mailing list