openbsd/src/lib, branch libressl-v3.4.2

openbsd/src/lib, branch libressl-v3.4.2 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.4.2 2021-11-24T09:28:56+00:00 In some situations, the verifier would discard the error on an unvalidated 2021-11-24T09:28:56+00:00 tb 2021-11-24T09:28:56+00:00 urn:sha1:0f0b16dc977f6ca499f0f4540078d992c96da597 certificate chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software. This is patches/common/006_x509.patch.sig This commit was manufactured by cvs2git to create branch 'OPENBSD_7_0'. 2021-09-30T18:16:13+00:00 cvs2svn admin@example.com 2021-09-30T18:16:13+00:00 urn:sha1:d7513e7d4daf94905fd4cb0a5e5c89109d2874f7 Switch two calls from memset() to explicit_bzero() 2021-09-19T09:15:22+00:00 tb 2021-09-19T09:15:22+00:00 urn:sha1:f7454b8bede1be416adc77267c65bdcb40ee9f98 This matches the documented behavior more obviously and ensures that these aren't optimized away, although this is unlikely. Discussed with deraadt and otto Implement flushing for TLSv1.3 handshakes. 2021-09-16T19:25:30+00:00 jsing 2021-09-16T19:25:30+00:00 urn:sha1:30d2e422df85a55715b7f1da39294259d57b2b4f When we finish sending a flight of records, flush the record layer output. This effectively means calling BIO_flush() on the wbio. Some things (such as apache2) have custom BIOs that perform buffering and do not actually send on BIO_write(). Without BIO_flush() the server thinks it has sent data and starts receiving records, however the client never sends records since it never received those that the server should have sent. Joint work with tb@ ok tb@ bump to LibreSSL 3.4.1 2021-09-15T17:14:26+00:00 tb 2021-09-15T17:14:26+00:00 urn:sha1:87ad048671e38be9ceea42ed9e24726a49a0167b Avoid typedef redefinition 2021-09-14T23:07:18+00:00 inoguchi 2021-09-14T23:07:18+00:00 urn:sha1:76f3844ea887613e8a6df2ccc1f84d9ac93169b3 "typedef struct ssl_st SSL;" is defined in ossl_typ.h. This reverts part of r1.204. ok tb@ zap trailing white space 2021-09-14T14:35:09+00:00 tb 2021-09-14T14:35:09+00:00 urn:sha1:746c55aa543d6248b92ed473eba70fcb07059390 Call the info cb on connect/accept exit in TLSv1.3 2021-09-14T14:31:21+00:00 tb 2021-09-14T14:31:21+00:00 urn:sha1:2b3f71d6bd6fb2c09b1e9b6022796a88a8ac4f7f The p5-Net-SSLeay test expects the info callback to be called on connect exit. This is the behavior in the legacy stack but wasn't implemented in the TLSv1.3 stack. With this commit, p5-Net-SSLeay tests are happy again after the bump. ok bluhm inoguchi jsing provide a small manual page for the SSL_set_psk_use_session_callback(3) 2021-09-14T14:30:57+00:00 schwarze 2021-09-14T14:30:57+00:00 urn:sha1:893064c29739c4260c6617f7fdd94a8a802ae9cb stub, written from scratch; OK tb@ on SSL_set_psk_use_session_callback.3 Merge the stub SSL_SESSION_is_resumable(3) manual page from the 2021-09-14T14:08:15+00:00 schwarze 2021-09-14T14:08:15+00:00 urn:sha1:1b8306e7e3cdef25c29c63bc651d4ae5597212f8 OpenSSL 1.1.1 branch, which is still under a free license. A few tweaks to wording and structure by me. OK tb@ on SSL_SESSION_is_resumable.3