As well as normal reviews, responding to user queries, wiki user requests, OMC business, support customer issues, handling security reports, etc., key activities this month:
- Investigated and prepared a fix where the nginx "ssl_reject_handshake" feature does not work in OpenSSL. - Completed and merged the PR to remove low-level DH use from libssl - Ongoing involvement in the regular OTC meetings (currently twice a week) - Improved the output from conf_diagnostics (some issues were being incorrectly suppressed from the error output) - Performed the alpha8 and alpha9 releases for OpenSSL 3.0 - Fixed the reading of DSA parameters files in the dsaparam app - Corrected system guessing for solaris64-x86_64-* targets - Fixed issues with the error "mark" system to enable multiple nested marks - Continued work on and merged the PR to change the default key generation type for DH/DSA - Cleaned up some functions in the apps to remove redundant error messages - Provided initial fix for clang10 issues (later superseded by a fix by Pauli) - Created a fix for RC4 based ciphersuites - Investigated and created an initial patch for the EDIPARTYNAME security issue - Investigated and fixed an issue where OSSL_STORE was forgetting the data type that we read from the PEM header when decoding the DER - Completed and merged the PR to ensure that the dhparam app no longer needs to use low level APIs - Investigated and fixed a fuzzing error in the Thawte Strong Extranet X509 extension - Removed deprecation warning suppression from genpkey - Fixed an error in missingcrypto111.txt related to ERR_load_KDF_strings - Moved some libssl global variables into SSL_CTX - Undeprecated the -dsaparam option in the dhparam app. The original motivation for this deprecation no longer applies - Implemented a Github CI solution as a replacement for Travis - Fixed no-rc2 - Fixed no-posix-io - Fixed no-err - Fixed no-engine - Completed and merged the PR to fully deprecate the DH low level APIs - Fixed the run-checker ubsan build - Fixed builds combining no-dh and no-ed Matt