git: vendor/libressl: upgrade from 3.2.3 to 3.2.4
Daniel Fojt
deef at crater.dragonflybsd.org
Fri Feb 19 03:02:10 PST 2021
commit 2eb7d3b81ae617871ac1158372b5f1e8dde4ffba
Author: Daniel Fojt <df at neosystem.org>
Date: Wed Feb 17 19:29:12 2021 +0100
vendor/libressl: upgrade from 3.2.3 to 3.2.4
Bug and interoperability fixes:
* Switch back to certificate verification code from LibreSSL 3.1.x. The
new verifier is not bug compatible with the old verifier causing issues
with applications expecting behavior of the old verifier.
* Unbreak DTLS retransmissions for flights that include a CCS
* Only check BIO_should_read() on read and BIO_should_write() on write
* Implement autochain for the TLSv1.3 server
* Use the legacy verifier for autochain
* Implement exporter for TLSv1.3
* Free alert_data and phh_data in tls13_record_layer_free()
* Plug leak in x509_verify_chain_dup()
* Free the policy tree in x509_vfy_check_policy()
Summary of changes:
crypto/libressl/ChangeLog | 27 +++++++++++
crypto/libressl/VERSION | 2 +-
crypto/libressl/crypto/x509/x509_verify.c | 4 +-
crypto/libressl/crypto/x509/x509_vfy.c | 7 ++-
crypto/libressl/crypto/x509/x509_vpm.c | 4 +-
crypto/libressl/include/openssl/opensslv.h | 4 +-
crypto/libressl/ssl/d1_both.c | 15 +++---
crypto/libressl/ssl/ssl_both.c | 4 +-
crypto/libressl/ssl/ssl_lib.c | 15 ++++--
crypto/libressl/ssl/tls13_internal.h | 16 ++++++-
crypto/libressl/ssl/tls13_key_schedule.c | 24 ++++++++--
crypto/libressl/ssl/tls13_legacy.c | 6 +--
crypto/libressl/ssl/tls13_lib.c | 74 +++++++++++++++++++++++++++++-
crypto/libressl/ssl/tls13_record_layer.c | 5 +-
crypto/libressl/ssl/tls13_server.c | 26 ++++++++++-
15 files changed, 202 insertions(+), 31 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/2eb7d3b81ae617871ac1158372b5f1e8dde4ffba
--
DragonFly BSD source repository
More information about the Commits
mailing list