• LibreSSL 2.6.2 Released

    From Brent Cook@21:1/5 to All on Tue Sep 26 19:05:02 2017
    Copy: libressl@openbsd.org

    We have released LibreSSL 2.6.2, which will be arriving in the
    LibreSSL directory of your local OpenBSD mirror soon. This is the third development release from the 2.6 series, which will eventually be part of OpenBSD 6.2. It includes the following fixes:

    * Provide a useful error with libtls if there are no OCSP URLs in a
    peer certificate.

    * Keep track of which keypair is in use by a TLS context, fixing a bug
    where a TLS server with SNI would only return the OCSP staple for the
    default keypair. Issue reported by William Graeber and confirmed by
    Andreas Bartelt.

    * Fixed various issues in the OCSP extension parsing code.
    The original code incorrectly passes the pointer allocated via
    CBS_stow() (using malloc()) to a d2i_*() function and then calls
    free() on the now incremented pointer, most likely resulting in a
    crash. This issue was reported by Robert Swiecki who found the issue
    using honggfuzz.

    * If tls_config_parse_protocols() is called with a NULL pointer,
    return the default protocols instead of crashing - this makes the
    behaviour more useful and mirrors what we already do in
    tls_config_set_ciphers() et al.

    The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)