build - Remove openssl from base (is now permanently replaced by ressl) * Remove openssl and related code that previous commits by John Marino replaced with libressl. Remove build hooks, base now only uses libressl. * Remove crypto/openssl. This has been replaced by the openssl implementation from ressl. * Remove lib/libcrypto. This has been replaced by lib/librecrypto which generates a private_crypo library only used by base. * Remove lib/libssl. This has been replaced by lib/libressl which generates a private_ssl library only used by base. * NOTE: In addition, John has been working on updating dports to ensure that only the ports-based libssl and libcrypto (both nominally implemented via ressl and not openssl), and that dports packages no longer have any chance of using the private versions of these libraries from base.
Import OpenSSL 1.0.1q. * Certificate verify crash with missing PSS parameter (CVE-2015-3194) * X509_ATTRIBUTE memory leak (CVE-2015-3195) * Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs * In DSA_generate_parameters_ex, if the provided seed is too short, return an error
Import OpenSSL-1.0.1l. * Fixes for CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275 and CVE-2014-3570. * Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. * Do not resume sessions on the server if the negotiated protocol version does not match the session's version. * Tighten handling of the ChangeCipherSpec (CCS) message. * Tighten client-side session ticket handling during renegotiation. Also, while here, remove the doc/ subdirectory on the vendor branch. We don't need to distribute it in contrib/.
Import OpenSSL-1.0.1. Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: o TLS/DTLS heartbeat support. o SCTP support. o RFC 5705 TLS key material exporter. o RFC 5764 DTLS-SRTP negotiation. o Next Protocol Negotiation. o PSS signatures in certificates, requests and CRLs. o Support for password based recipient info for CMS. o Support TLS v1.2 and TLS v1.1. o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes.