Changelog for
mingw32-libtls26-3.7.1-1.227.noarch.rpm :
* Sat Mar 18 2023 Jan Engelhardt
- Add more conflicts between openssl<>libressl
* Thu Mar 16 2023 Jan Engelhardt - Update to release 3.7.1
* Added UI_null()
* Added X509_STORE_
*check_issued()
* Added X509_CRL_get0_sigalg() and X509_get0_uids() accessors
* Added EVP_CIPHER_meth_
*() setter API
* Mon Dec 12 2022 Jan Engelhardt - Update to release 3.7.0
* New features:
* Added Ed25519 support both as a primitive and via OpenSSL\'s EVP interfaces.
* X25519 is now also supported via EVP.
* The OpenSSL 1.1 raw public and private key API is available with support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519. Poly1305 is not currently supported via this interface.
* Bug fixes:
* Add EVP_chacha20_poly1305() to the list of all ciphers.
* Avoid signed overflow in i2c_ASN1_BIT_STRING().
* Tue Nov 01 2022 Jan Engelhardt - Update to release 3.6.1
* Custom verification callbacks could cause the X.509 verifier to fail to store errors resulting from leaf certificate verification.
* Unbreak ASN.1 indefinite length encoding.
* Thu Oct 06 2022 Jan Engelhardt - Update to release 3.6.0
* Avoid expensive RFC 3779 checks during cert verification.
* The ASN.1 time parser has been refactored and rewritten using CBS. It has been made stricter in that it now enforces the rules from RFC 5280.
* EVP API for HKDF ported from OpenSSL and subsequently cleaned up.
* Add initial support for TS ESSCertIDv2 verification.
* Thu May 19 2022 Jan Engelhardt - Update to release 3.5.3
* Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing the passed
*der_in pointer incorrectly.
* Thu Apr 28 2022 Paolo Stivanin - Update to release 3.5.2:
* New Features:
* The RFC 3779 API was ported from OpenSSL. Many bugs were fixed, regression tests were added and the code was cleaned up.
* Certificate Transparency was ported from OpenSSL. Many internal improvements were made, resulting in cleaner and safer code. Regress coverage was added. libssl does not yet make use of it.
* Portable Improvements:
* Fixed various POSIX compliance and other portability issues found by the port to the Sortix operating system.
* Compatibility Changes:
* Most structs that were previously defined in the following headers are now opaque as they are in OpenSSL 1.1: bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h, x509.h, x509v3.h, x509_vfy.h
* Switch TLSv1.3 cipher names from AEAD- to OpenSSL\'s TLS_ OpenSSL added the TLSv1.3 ciphersuites with \"RFC names\" instead of using something consistent with the previous naming. Various test suites expect these names (instead of checking for the much more sensible cipher numbers). The old names are still accepted as aliases.
* Subject alternative names and name constraints are now validated when they are added to certificates. Various interoperability problems with stacks that validate certificates more strictly than OpenSSL can be avoided this way.
* Attempt to opportunistically use the host name for SNI in s_client- Rebase des-fcrypt.diff- Rebase extra-symver.diff
* Wed Mar 16 2022 Jan Engelhardt - Update to release 3.4.3
* A malicious certificate could cause an infinite loop in previous releases. [CVE-2022-0778]
* Thu Dec 30 2021 Jan Engelhardt - Update to release 3.4.2 [boo#1190853]
* Add support for OpenSSL 1.1.1 TLSv1.3 APIs.
* Enable the new x509 validator.
* Thu Dec 09 2021 Ferdinand Thiessen - Update to release 3.3.5
* Fixed: A stack overread could occur when checking X.509 name constraints.
* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier. This compensates for the expiry of the DST Root X3 certificate.
* Thu Aug 26 2021 Jan Engelhardt - Update to release 3.3.4
* In LibreSSL, printing a certificate could result in a crash in X509_CERT_AUX_print(). This was fixed.
* Wed May 05 2021 Jan Engelhardt - Update to release 3.3.3
* Support for DTLSv1.2.
* Continued rewrite of the record layer for the legacy stack.
* Numerous bugs and interoperability issues were fixed in the new verifier. A few bugs and incompatibilities remain, so this release uses the old verifier by default.
* The OpenSSL 1.1 TLSv1.3 API is not yet available.
* Sun Mar 21 2021 Jan Engelhardt - Update to release 3.2.5
* A TLS client using session resumption may have caused a use-after-free.
* Sat Feb 13 2021 Jan Engelhardt - Update to release 3.2.4
* Switch back to certificate verification code from LibreSSL 3.1.x. The new verifier is not bug compatible with the old verifier causing issues with applications expecting behavior of the old verifier.
* Unbreak DTLS retransmissions for flights that include a CCS.
* Implement autochain for the TLSv1.3 server.
* Use the legacy verifier for autochain.
* Implement exporter for TLSv1.3.
* Plug leak in x509_verify_chain_dup().