gitweb.dragonflybsd.org Git - dragonfly.git/commit

author	Daniel Fojt <df@neosystem.org>
	Fri, 11 Sep 2020 14:58:25 +0000 (16:58 +0200)
committer	Daniel Fojt <df@neosystem.org>
	Sat, 12 Sep 2020 07:38:57 +0000 (09:38 +0200)
commit	f015dc589551ad8356ba343b70d1889885249ae4
tree	6d746cbdad091789ecca42da737f96058f9cb167	tree \| snapshot
parent	cca6fc5243d2098262ea81f83ad5b28d3b800f4a	commit \| diff

vendor/libressl: upgrade from 3.1.3 to 3.1.4

Interoperability and bug fixes for the TLSv1.3 client:

* Improve client certificate selection to allow EC certificates
   instead of only RSA certificates.

* Do not error out if a TLSv1.3 server requests an OCSP response as
   part of a certificate request.

* Fix SSL_shutdown behavior to match the legacy stack.  The previous
   behaviour could cause a hang.

* Fix a memory leak and add a missing error check in the handling of
   the key update message.

* Fix a memory leak in tls13_record_layer_set_traffic_key.

* Avoid calling freezero with a negative size if a server sends a
   malformed plaintext of all zeroes.

* Ensure that only PSS may be used with RSA in TLSv1.3 in order
   to avoid using PKCS1-based signatures.

* Add the P-521 curve to the list of curves supported by default
   in the client.

crypto/libressl/ChangeLog		diff \| blob \| blame \| history
crypto/libressl/VERSION		diff \| blob \| blame \| history
crypto/libressl/include/openssl/opensslv.h		diff \| blob \| blame \| history
crypto/libressl/ssl/ssl_locl.h		diff \| blob \| blame \| history
crypto/libressl/ssl/ssl_sigalgs.c		diff \| blob \| blame \| history
crypto/libressl/ssl/ssl_tlsext.c		diff \| blob \| blame \| history
crypto/libressl/ssl/t1_lib.c		diff \| blob \| blame \| history
crypto/libressl/ssl/tls13_client.c		diff \| blob \| blame \| history
crypto/libressl/ssl/tls13_legacy.c		diff \| blob \| blame \| history
crypto/libressl/ssl/tls13_lib.c		diff \| blob \| blame \| history
crypto/libressl/ssl/tls13_record_layer.c		diff \| blob \| blame \| history