1 files changed, 56 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 5ec6425..83a8946 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,54 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+3.4.1 - Stable release
+        * New Features
+          - Added support for OpenSSL 1.1.1 TLSv1.3 APIs.
+          - Enabled the new X.509 validator to allow verification of
+            modern certificate chains.
+        * Portable Improvements
+          - Ported continuous integration and test infrastructure to Github
+            actions.
+          - Added Universal Windows Platform (UWP) build support.
+          - Fixed mingw-w64 builds on newer versions with missing SSP support.
+          - Added non-executable stack annotations for CMake builds.
+        * API and Documentation Enhancements
+          - Added the following APIs from OpenSSL
+            BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve
+            EC_GROUP_order_bits EC_GROUP_set_curve
+            EC_POINT_get_affine_coordinates
+            EC_POINT_set_affine_coordinates
+            EC_POINT_set_compressed_coordinates EVP_DigestSign
+            EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey
+            SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method
+            SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data
+            SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher
+            SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable
+            SSL_SESSION_set_max_early_data SSL_get_early_data_status
+            SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio
+            SSL_set_ciphersuites SSL_set_max_early_data
+            SSL_set_post_handshake_auth
+            SSL_set_psk_use_session_callback
+            SSL_verify_client_post_handshake SSL_write_early_data
+          - Added AES-GCM constants from RFC 7714 for SRTP.
+        * Compatibility Changes
+          - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.
+          - Call the info callback on connect/accept exit in TLSv1.3,
+            needed for p5-Net-SSLeay.
+          - Default to using named curve parameter encoding from
+            pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.
+          - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.
+        * Testing and Proactive Security
+          - Added additional state machine test coverage.
+          - Improved integration test support with ruby/openssl tests.
+          - Error codes and callback support in new X.509 validator made
+            compatible with p5-Net_SSLeay tests.
+        * Internal Improvements
+          - Numerous fixes and improvements to the new X.509 validator to
+            ensure compatible error codes and callback support compatible
+            with the legacy OpenSSL validator.
 3.4.0 - Development release
        * Add support for OpenSSL 1.1.1 TLSv1.3 APIs.
@@ -36,6 +84,14 @@ LibreSSL Portable Release Notes:
        * More details to come, testing is appreciated.
+3.3.5 - Security fix
+        * A stack overread could occur when checking X.509 name constraints.
+          From GoldBinocle on GitHub.
+        * Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
+          This compensates for the expiry of the DST Root X3 certificate.
 3.3.4 - Security fix
        * In LibreSSL, printing a certificate can result in a crash in

diff --git a/ChangeLog b/ChangeLog index 5ec6425..83a8946 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,54 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	3.4.1 - Stable release
		32
		33	* New Features
		34	- Added support for OpenSSL 1.1.1 TLSv1.3 APIs.
		35	- Enabled the new X.509 validator to allow verification of
		36	modern certificate chains.
		37	* Portable Improvements
		38	- Ported continuous integration and test infrastructure to Github
		39	actions.
		40	- Added Universal Windows Platform (UWP) build support.
		41	- Fixed mingw-w64 builds on newer versions with missing SSP support.
		42	- Added non-executable stack annotations for CMake builds.
		43	* API and Documentation Enhancements
		44	- Added the following APIs from OpenSSL
		45	BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve
		46	EC_GROUP_order_bits EC_GROUP_set_curve
		47	EC_POINT_get_affine_coordinates
		48	EC_POINT_set_affine_coordinates
		49	EC_POINT_set_compressed_coordinates EVP_DigestSign
		50	EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey
		51	SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method
		52	SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data
		53	SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher
		54	SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable
		55	SSL_SESSION_set_max_early_data SSL_get_early_data_status
		56	SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio
		57	SSL_set_ciphersuites SSL_set_max_early_data
		58	SSL_set_post_handshake_auth
		59	SSL_set_psk_use_session_callback
		60	SSL_verify_client_post_handshake SSL_write_early_data
		61	- Added AES-GCM constants from RFC 7714 for SRTP.
		62	* Compatibility Changes
		63	- Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.
		64	- Call the info callback on connect/accept exit in TLSv1.3,
		65	needed for p5-Net-SSLeay.
		66	- Default to using named curve parameter encoding from
		67	pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.
		68	- Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.
		69	* Testing and Proactive Security
		70	- Added additional state machine test coverage.
		71	- Improved integration test support with ruby/openssl tests.
		72	- Error codes and callback support in new X.509 validator made
		73	compatible with p5-Net_SSLeay tests.
		74	* Internal Improvements
		75	- Numerous fixes and improvements to the new X.509 validator to
		76	ensure compatible error codes and callback support compatible
		77	with the legacy OpenSSL validator.
		78
31	3.4.0 - Development release	79	3.4.0 - Development release
32		80
33	* Add support for OpenSSL 1.1.1 TLSv1.3 APIs.	81	* Add support for OpenSSL 1.1.1 TLSv1.3 APIs.
@@ -36,6 +84,14 @@ LibreSSL Portable Release Notes:
36		84
37	* More details to come, testing is appreciated.	85	* More details to come, testing is appreciated.
38		86
		87	3.3.5 - Security fix
		88
		89	* A stack overread could occur when checking X.509 name constraints.
		90	From GoldBinocle on GitHub.
		91
		92	* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
		93	This compensates for the expiry of the DST Root X3 certificate.
		94
39	3.3.4 - Security fix	95	3.3.4 - Security fix
40		96
41	* In LibreSSL, printing a certificate can result in a crash in	97	* In LibreSSL, printing a certificate can result in a crash in