* Mon Sep 01 2025 Jan Engelhardt <jengelh@inai.de>
- Move default config to /etc/libressl.
* Thu Aug 14 2025 Jan Engelhardt <jengelh@inai.de>
- Update to release 4.1.0
* New: libtls has a new tls_peer_cert_common_name() API call to
retrieve the peer's common name without having to inspect the
PEM.
* Bugfix: Again allow the magic values -1, -2 and -3 for the salt
length of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str()
interface.
* Sat Mar 08 2025 Jan Engelhardt <jengelh@inai.de>
- Document absence of openssl3 APIs in descriptions and a
symbol list text file in %_docdir.
* Tue Oct 15 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 4.0.0
* Added CRLfile option to the cms command of openssl(1) to
specify additional CRLs for use during verification.
* Protocol parsing in libtls was changed. The unsupported
TLSv1.1 and TLSv1.0 protocols are ignored and no longer
enable or disable TLSv1.2 in surprising ways.
* The dangerous EVP_PKEY*_check(3) family of functions was
removed. The openssl(1) pkey and pkeyparam commands no longer
support the -check and -pubcheck flags.
* Support for Whirlpool was removed. Applications still using
this should honor OPENSSL_NO_WHIRLPOOL.
* Removed X509_REQ_{get,set}_extension_nids().
* Removed typdefs for COMP_CTX, COMP_METHOD, X509_CRL_METHOD,
STORE, STORE_METHOD, and SSL_AEAD_CTX.
* i2d_ASN1_OBJECT() now returns -1 on error like most other
i2d_*.
* SPKAC support was removed from openssl(1).
* Added TLS1-PRF support to the EVP interface.
* SSL_CTX_set1_cert_store() and
SSL_CIPHER_get_handshake_digest() were added to libssl.
* The OpenSSL pkcs12 command and PKCS12_create() no longer
support setting the Microsoft-specific Local Key Set and
Cryptographic Service Provider attributes.
* Thu May 16 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 3.9.2
* A missing bounds check could lead to a crash due to
dereferencing a zero-sized allocation.
* Sat Mar 30 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 3.9.1
* Updated tests with expiring certificates
* CET-related build fixes for Windows and macOS targets
* update libtls linker script to include libssl and
libcrypto again
* Fri Mar 15 2024 Paolo Stivanin <info@paolostivanin.com>
- Update to 3.8.3:
* Improved control-flow enforcement (CET) support.
* Tue Nov 14 2023 Jan Engelhardt <jengelh@inai.de>
- Rework conflicts again
* Fri Nov 03 2023 Jan Engelhardt <jengelh@inai.de>
- Update to release 3.8.2
* Added support for truncated SHA-2 and for SHA-3.
* The BPSW primality test performs additional Miller-Rabin rounds
with random bases to reduce the likelihood of composites passing.
* Allow testing of ciphers and digests using badly aligned buffers
in openssl speed.
* Added a workaround for a poorly thought-out change in OpenSSL 3
that broke privilege separation support in libtls.
* Compatibility changes:
* Removed most public symbols that were deprecated in OpenSSL
0.9.8.
* Security fixes:
* Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no
longer be selected for use.
* Tue Jun 20 2023 Otto Hollmann <otto.hollmann@suse.com>
- Improve cross-package provides/conflicts [boo#1210313]
* Remove explicit conflicts with other devel-libraries
* Remove Obsoletes: ssl