- Update to 3.0.0 Alpha 6
* Allow SSL_set1_host() and SSL_add1_host() to take IP literal
addresses as well as actual hostnames. (David Woodhouse)
* The 'MinProtocol' and 'MaxProtocol' configuration commands now
silently ignore TLS protocol version bounds when configuring
DTLS-based contexts, and conversely, silently ignore DTLS protocol
version bounds when configuring TLS-based contexts. The commands
can be repeated to set bounds of both types. The same applies with
the corresponding 'min_protocol' and 'max_protocol' command-line
switches, in case some application uses both TLS and DTLS.
* SSL_CTX instances that are created for a fixed protocol version
(e.g. TLSv1_server_method()) also silently ignore version bounds.
Previously attempts to apply bounds to these protocol versions
would result in an error. Now only the 'version-flexible' SSL_CTX
instances are subject to limits in configuration files in
command-line options. (Viktor Dukhovni)
- Add lsof dependency during build to fix tests failures
- Enable test 81-test_cmp_cli.t fixed upstream
- Remove 0001-Fix-typo-for-SSL_get_peer_certificate.patch
OBS-URL: https://build.opensuse.org/request/show/826265
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=15
- Update to 3.0.0 Alpha 5
* Deprecated the 'ENGINE' API. Engines should be replaced with
providers going forward.
* Reworked the recorded ERR codes to make better space for system errors.
To distinguish them, the macro 'ERR_SYSTEM_ERROR()' indicates
if the given code is a system error (true) or an OpenSSL error (false).
* Reworked the test perl framework to better allow parallel testing.
* Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and
AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported.
* 'Configure' has been changed to figure out the configuration target if
none is given on the command line. Consequently, the 'config' script is
now only a mere wrapper. All documentation is changed to only mention
'Configure'.
* Added a library context that applications as well as other libraries can use
to form a separate context within which libcrypto operations are performed.
- There are two ways this can be used:
1) Directly, by passing a library context to functions that take
such an argument, such as 'EVP_CIPHER_fetch' and similar algorithm
fetching functions.
2) Indirectly, by creating a new library context and then assigning
it as the new default, with 'OPENSSL_CTX_set0_default'.
- All public OpenSSL functions that take an 'OPENSSL_CTX' pointer,
apart from the functions directly related to 'OPENSSL_CTX', accept
NULL to indicate that the default library context should be used.
- Library code that changes the default library context using
'OPENSSL_CTX_set0_default' should take care to restore it with a
second call before returning to the caller.
* The security strength of SHA1 and MD5 based signatures in TLS has been
reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
working at the default security level of 1 and instead requires security
OBS-URL: https://build.opensuse.org/request/show/821489
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=13
* general improvements to the built-in providers, the providers API and the internal plumbing and the provider-aware mechanisms for libssl
* general improvements and fixes in the CLI apps
* support for Automated Cryptographic Validation Protocol (ACVP) tests
* fully pluggable TLS key exchange capability from providers
* finalization of the Certificate Management Protocol (CMP) contribution, adding an impressive amount of tests for the new features
* default to the newer SP800-56B compliant algorithm for RSA keygen
* provider-rand: PRNG functionality backed by providers
* refactored naming scheme for dispatched functions (#12222)
* fixes for various issues
* extended and improved test coverage
* additions and improvements to the documentations
- Fix license: Apache-2.0
OBS-URL: https://build.opensuse.org/request/show/817891
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=12
* general improvements to the built-in providers, the providers API and the internal plumbing and the provider-aware mechanisms for libssl;
* general improvements and fixes in the CLI apps;
* cleanup of the EC API:
EC_METHOD became an internal-only concept, and functions using or returning EC_METHOD arguments have been deprecated;
EC_POINT_make_affine() and EC_POINTs_make_affine() have been deprecated in favor of automatic internal handling of conversions when needed;
EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and EC_KEY_precompute_mult() have been deprecated, as such precomputation data is now rarely used;
EC_POINTs_mul() has been deprecated, as for cryptographic applications EC_POINT_mul() is enough.
* the CMS API got support for CAdES-BES signature verification;
* introduction of a new SSL_OP_IGNORE_UNEXPECTED_EOF option;
* improvements to the RSA OAEP support;
* FFDH support in the speed app;
* CI: added external testing through the GOST engine;
* fixes for various issues;
* extended and improved test coverage;
* additions and improvements to the documentations.
* general improvements to the built-in providers, the providers API and the internal plumbing;
* the removal of legacy API functions related to FIPS mode, replaced by new provider-based mechanisms;
* the addition of a new cmp app for RFC 4210;
* extended and improved test coverage;
* improvements to the documentations;
* fixes for various issues.
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=10
