diff options
| author |   Wang Mingyu <wangmy@fujitsu.com> | 2024-03-06 16:43:28 +0800 |
|---|---|---|
| committer |   Khem Raj <raj.khem@gmail.com> | 2024-03-08 10:07:24 -0800 |
| commit | d49f1069c57d4e150e646e606dbf1bd272684d1d (patch) | |
| tree | a73dd5a6e2b928a74fb3ce2d68cd20833b656926 /meta-oe/dynamic-layers/meta-python | |
| parent | 698c93690b73ad295e806f35eea1389784944309 (diff) | |
| download | meta-openembedded-contrib-d49f1069c57d4e150e646e606dbf1bd272684d1d.tar.gz | |
stunnel: upgrade 5.69 -> 5.72
fix-openssl-no-des.patch
refreshed for 5.72
License-Update: Copyright year updated to 2024.
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.2.1.
- OpenSSL FIPS Provider updated to version 3.0.8.
* Bugfixes
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
- Fixed the console output of tstunnel.exe.
- Fixed TLS socket EOF handling with OpenSSL 3.x.
This bug caused major interoperability issues between
stunnel built with OpenSSL 3.x and Microsoft's
Schannel Security Support Provider (SSP).
- Fixed reading certificate chains from PKCS#12 files.
* Features sponsored by SAE IT-systems
- OCSP stapling is requested and verified in the client mode.
- Using "verifyChain" automatically enables OCSP
stapling in the client mode.
- OCSP stapling is always available in the server mode.
- An inconclusive OCSP verification breaks TLS negotiation.
This can be disabled with "OCSPrequire = no".
- Added the "TIMEOUTocsp" option to control the maximum
time allowed for connecting an OCSP responder.
* Features
- Added support for Red Hat OpenSSL 3.x patches.
- Added configurable delay for the "retry" option.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/dynamic-layers/meta-python')
0 files changed, 0 insertions, 0 deletions