This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit 26e57f413d8c226b0096c56f3c13e2d08eb2744a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Sep 27 09:17:35 2023 +0100
Update minimum recommended version of OpenSSL to 3.0.11
---
native/srclib/VERSIONS | 2 +-
native/srclib/openssl/openssl-msvcrt-1.1.1.patch | 74 ------------------------
xdocs/miscellaneous/changelog.xml | 3 +
3 files changed, 4 insertions(+), 75 deletions(-)
diff --git a/native/srclib/VERSIONS b/native/srclib/VERSIONS
index 71db84fd6..cef16403f 100644
--- a/native/srclib/VERSIONS
+++ b/native/srclib/VERSIONS
@@ -5,7 +5,7 @@ The current minimum versions are:
The following version of the libraries are recommended:
- APR 1.7.4 or later, http://apr.apache.org
-- OpenSSL 1.1.1v or later, http://www.openssl.org
+- OpenSSL 3.0.11 or later, http://www.openssl.org
Older versions should also work but are not as thoroughly tested by the Tomcat
Native team
diff --git a/native/srclib/openssl/openssl-msvcrt-1.1.1.patch
b/native/srclib/openssl/openssl-msvcrt-1.1.1.patch
deleted file mode 100644
index d0d896107..000000000
--- a/native/srclib/openssl/openssl-msvcrt-1.1.1.patch
+++ /dev/null
@@ -1,74 +0,0 @@
---- Configurations/10-main.conf
-+++ Configurations/10-main.conf
-@@ -1268,7 +1268,7 @@
- # prefer [non-debug] openssl.exe to be free from Micorosoft RTL
- # redistributable.
- bin_cflags => add(picker(debug => "/MDd",
-- release => sub { $disabled{shared} ?
"/MT" : () },
-+ release => "/MD",
- )),
- bin_lflags => add("/subsystem:console /opt:ref"),
- ex_libs => add(sub {
---- crypto/engine/eng_openssl.c
-+++ crypto/engine/eng_openssl.c
-@@ -9,6 +9,7 @@
- */
-
- #include <stdio.h>
-+#include "e_os.h"
- #include <openssl/crypto.h>
- #include "internal/cryptlib.h"
- #include "internal/engine.h"
---- crypto/o_time.c
-+++ crypto/o_time.c
-@@ -41,10 +41,6 @@
- if (gmtime_r(timer, result) == NULL)
- return NULL;
- ts = result;
--#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
-- if (gmtime_s(result, timer))
-- return NULL;
-- ts = result;
- #else
- ts = gmtime(timer);
- if (ts == NULL)
---- engines/e_capi.c
-+++ engines/e_capi.c
-@@ -15,6 +15,7 @@
- # include <wincrypt.h>
-
- # include <stdio.h>
-+# include "e_os.h"
- # include <string.h>
- # include <stdlib.h>
- # include <malloc.h>
---- test/testutil/basic_output.c
-+++ test/testutil/basic_output.c
-@@ -10,6 +10,7 @@
- #include "../testutil.h"
- #include "output.h"
- #include "tu_local.h"
-+#include "../../e_os.h"
-
- #include <openssl/crypto.h>
- #include <openssl/bio.h>
---- e_os.h
-+++ e_os.h
-@@ -149,7 +149,7 @@
- # endif
- # include <malloc.h>
- # if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) &&
defined(stdin)
--# if _MSC_VER>=1300 && _MSC_VER<1600
-+# ifdef _WIN64
- # undef stdin
- # undef stdout
- # undef stderr
-@@ -157,7 +157,7 @@
- # define stdin (&__iob_func()[0])
- # define stdout (&__iob_func()[1])
- # define stderr (&__iob_func()[2])
--# elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049)
-+# else
- # undef stdin
- # undef stdout
- # undef stderr
diff --git a/xdocs/miscellaneous/changelog.xml
b/xdocs/miscellaneous/changelog.xml
index f57f1bb26..f253a00ce 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -37,6 +37,9 @@
mode is used, disable OCSP if enabled else client certificates from
unknown certificate authorities will be rejected. (markt)
</fix>
+ <update>
+ Update the recommended minimum version of OpenSSL to 3.0.11. (markt)
+ </update>
</changelog>
</section>
<section name="Changes in 1.2.38">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
