forked from pool/openssl-3
Pedro Monreal Gonzalez
037d3fe84f
* See also https://www.openssl.org/news/changelog.html * Deprecated all the libcrypto and libssl error string loading functions. Calling these functions is not necessary since OpenSSL 1.1.0, as OpenSSL now loads error strings automatically. * The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been deprecated. These are used to set the Diffie-Hellman (DH) parameters that are to be used by servers requiring ephemeral DH keys. Instead applications should consider using the built-in DH parameters that are available by calling SSL_CTX_set_dh_auto() or SSL_set_dh_auto(). * The -crypt option to the passwd command line tool has been removed. * The -C option to the x509, dhparam, dsaparam, and ecparam commands has been removed. * Added several checks to X509_verify_cert() according to requirements in RFC 5280 in case 'X509_V_FLAG_X509_STRICT' is set (which may be done by using the CLI option '-x509_strict'): - The basicConstraints of CA certificates must be marked critical. - CA certificates must explicitly include the keyUsage extension. - If a pathlenConstraint is given the key usage keyCertSign must be allowed. - The issuer name of any certificate must not be empty. - The subject name of CA certs, certs with keyUsage crlSign, and certs without subjectAlternativeName must not be empty. - If a subjectAlternativeName extension is given it must not be empty. - The signatureAlgorithm field and the cert signature must be consistent. - Any given authorityKeyIdentifier and any given subjectKeyIdentifier must not be marked critical. - The authorityKeyIdentifier must be given for X.509v3 certs unless they are self-signed. - The subjectKeyIdentifier must be given for all X.509v3 CA certs. OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=22
12 lines
488 B
Plaintext
12 lines
488 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl+/wWAACgkQ2cTSbQ5g
|
|
RJFDvwgAuocCys3M1rapCg2mwusx+Pl64TBgWVEJ3HwINnNu7DYMmvYSkN3YW94K
|
|
6YI7YH1god1/HhWqVxfAatDfctDfNz+k04m+L2v01d13OiHSajTx+J+2QSOltclD
|
|
V/Cswo/abj79YCz24d9785Py++PTkv/bd4wHvQD2i6OkCtK18Z1GNP90gjZ+Nf4a
|
|
1FLCA9W5CiN0yq3SodH6qe61XascIevYABu2o0LhU/tX9morrFsv0bazl3fZIiBL
|
|
DmkNbDn765WFAkhUKRrTRsCs9jJNwEQUYWtuA4Orjni3BDTaNTo6ij0ZjkBUxHfk
|
|
G5gbrIX+CGBPjSe+ROTa4E50SlGFSg==
|
|
=JUas
|
|
-----END PGP SIGNATURE-----
|