CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2020/08/10 12:59:47
Modified files:
lib/libssl : Tag: OPENBSD_6_7 ssl_locl.h ssl_sigalgs.c
ssl_tlsext.c t1_lib.c tls13_client.c
tls13_legacy.c tls13_lib.c tls13_record_layer.c
regress/lib/libssl/client: Tag: OPENBSD_6_7 clienttest.c
regress/lib/libssl/tlsext: Tag: OPENBSD_6_7 tlsexttest.c
Log message:
LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as
part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous
behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of
the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a
malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order
to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default
in the client.
This is errata/6.7/019_libssl.patch.sig
