CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/08/10 12:59:47
Modified files: lib/libssl : Tag: OPENBSD_6_7 ssl_locl.h ssl_sigalgs.c ssl_tlsext.c t1_lib.c tls13_client.c tls13_legacy.c tls13_lib.c tls13_record_layer.c regress/lib/libssl/client: Tag: OPENBSD_6_7 clienttest.c regress/lib/libssl/tlsext: Tag: OPENBSD_6_7 tlsexttest.c Log message: LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig