On Fri, 22 Mar 2019 at 11:51, Ivan Zhakov <[email protected]> wrote:
>
> Hi,
>
> OpenSSL is going to be unsupported after 2019-09-11 [1]. Also next
> OpenSSL version 1.1.1 adds support for new TLS protocol version 1.3.
> TLS v1.3 more secure and faster due to TLS handshake improvements.
>
> I think it would be great to upgrade TortoiseSVN to use OpenSSL 1.1.1b.
>
> I've tested and it seems works out of the box. e_capi patch is also
> applies cleanly.
>
The only trick is to add "no-autoload-config" option during
compilation because new OpenSSL loads C:\Program Files\Common
Files\SSL\openssl.cnf by default and this is potential privilege
escalation issue. See attached patch.
--
Ivan Zhakov
--
You received this message because you are subscribed to the Google Groups
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/tortoisesvn-dev/CAPZho08qETFGMF8LAX4J%3DR8DK%2Be7Ubgm4_KeLp8O3zUAinAPYQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Index: ext/build/OpenSSL.build
===================================================================
--- ext/build/OpenSSL.build (revision 28542)
+++ ext/build/OpenSSL.build (working copy)
@@ -46,6 +46,7 @@
<arg value="no-asm" />
<arg value="no-gost" />
<arg value="no-shared" />
+ <arg value="no-autoload-config" />
<arg value="-DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi" />
<arg value="-DOPENSSL_CAPIENG_DIALOG" />
<arg value="--prefix=${opensslPrefix}" />
