./security/openssl/1.1 [TLS/SSL library and tools]
[+] Add this package to your ports tracker

[ CVSweb ] [ Homepage ] [ RSS feed ]

Version: 1.1.1l, Package name: openssl-1.1.1l
Maintained by: The OpenBSD ports mailing-list
Master sites:
Flavors (export FLAVOR=xyz, setenv FLAVOR xyz):
  • no_man
Description
OpenSSL is an open-source toolkit implementing the Secure Sockets
Layer (SSL) and Transport Layer Security (TLS) protocols as well as a
full-strength general purpose cryptography library.

This package is not intended for general-purpose use in OpenBSD - it
is present for test/comparison purposes, and occasionally to provide
support for applications which cannot be made compatible with LibreSSL
(mostly due to use of removed APIs); in the latter case care must be
taken - it will conflict if library dependencies use LibreSSL libraries.


Filesize: 9603.559 KB
Version History (View Complete History)
  • (2021-08-25) Updated to version: openssl-1.1.1l
  • (2021-03-25) Updated to version: openssl-1.1.1k
  • (2021-02-17) Updated to version: openssl-1.1.1j
  • (2020-12-08) Updated to version: openssl-1.1.1i
  • (2020-09-23) Updated to version: openssl-1.1.1h
  • (2020-04-22) Updated to version: openssl-1.1.1g
  • (2020-03-31) Updated to version: openssl-1.1.1f
  • (2020-03-18) Updated to version: openssl-1.1.1e
  • (2020-01-13) Package added to openports.se, version openssl-1.1.1d (created)
[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

   2021-09-07 14:54:33 by Theo Buehler | Files touched by this commit (4)
Log message:
openssl/sslscan: avoid printf %n, ok sthen
Note: OpenSSL still uses its own *printf() implementation, so this
would not result in a runtime failure.
   2021-06-24 09:26:09 by Klemens Nanni | Files touched by this commit (2)
Log message:
Enable s_client(1) and s_server(1) "-trace" option
Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
...
*) SSL/TLS tracing code. This parses out SSL/TLS records using the
message callback and prints the results. Needs compile time option
"enable-ssl-trace". New options to s_client and s_server to enable
tracing.
[Steve Henson]
It is especially handy when looking at TLS handshakes, e.g. to try
figure out why nc(1)/libtls TLSv1.3 fails but openssl(1)/libssl doesn't.
LibreSSL's openssl(1) has
-msg
Show all protocol messages with hex dump.
but it is not as nearly insightful as OpenSSL's s_client(1)
-trace
Show verbose trace output of protocol messages. OpenSSL needs
to be compiled with enable-ssl-trace for this option to work.
Upstream enabled "ssl-trace" by default as of 10.06.2021, see commit
726f92e016bac53175ed5d5321bce1ddf6b207d6.
Feedback sthen tb
OK tb
   2021-03-25 08:56:34 by Stuart Henderson | Files touched by this commit (3)
Log message:
update to openssl-1.1.1k
   2021-03-25 08:54:12 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to openssl-1.1.1k
   2021-02-16 10:10:06 by Stuart Henderson | Files touched by this commit (4)
Log message:
update to OpenSSL 1.1.1.j
- Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
function (CVE-2021-23841)
- Fixed the RSA_padding_check_SSLv23() function and the
RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks
- Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate functions (CVE-2021-23840)
- Fixed SRP_Calc_client_key so that it runs in constant time
   2021-01-07 13:13:47 by Stuart Henderson | Files touched by this commit (4)
Log message:
add a no_man flavour to openssl packages, to speed testing of patches
etc (avoids pod2man of ~1700 files for 1.0 / ~4k files for 1.1)
   2021-01-07 12:53:27 by Stuart Henderson | Files touched by this commit (1)
Log message:
skip generating html docs in the first place, rather than generating
them (with pod2html) and rm'ing.
   2021-01-06 15:34:13 by Stuart Henderson | Files touched by this commit (4)
Log message:
update DESCR; warn about conflicts if the library is used with software
where other library dependencies use libressl.
   2020-12-22 08:02:26 by Stuart Henderson | Files touched by this commit (1)
Log message:
add a comment reminding to bump security/sslscan, suggested by phessler
   2020-12-08 07:58:43 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to openssl-1.1.1i, notable fixes:
- Fixed NULL pointer deref in the GENERAL_NAME_cmp function, CVE-2020-1971
- In 1.1.1h, an expired trusted (root) certificate was not anymore rejected
when validating a certificate path.
   2020-12-08 07:57:47 by Stuart Henderson | Files touched by this commit (2)
Log message:
update to openssl-1.1.1i, notable fixes:
- Fixed NULL pointer deref in the GENERAL_NAME_cmp function, CVE-2020-1971
- In 1.1.1h, an expired trusted (root) certificate was not anymore rejected
when validating a certificate path.
   2020-12-03 05:21:19 by Stuart Henderson | Files touched by this commit (2)
Log message:
openssl/1.1: fix up IPV6_V6ONLY in -stable
   2020-12-03 04:58:48 by Stuart Henderson | Files touched by this commit (2)
Log message:
doh, i fail at #ifdef. actually fix previous issue.
   2020-12-03 04:38:42 by Stuart Henderson | Files touched by this commit (1)
Log message:
add a comment about the IPV6_V6ONLY patch:
On OpenBSD, setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, ...) only allows
setting to 1 (which is the default anyway). Setting to 0 results in EINVAL.
This doesn't fix everything, there are still some other problems with binds
to v6 addresses with OpenSSL 1.1 on OpenBSD.
   2020-12-02 10:32:50 by Stuart Henderson | Files touched by this commit (2)
Log message:
openssl/1.1: don't try using IPV6_V6ONLY which does EINVAL on OpenBSD
found while looking at https://marc.info/?t=160692394000004&r=1&w=2
issue in net/nagios/nsca-ng (but doesn't fix the problem)
   2020-11-25 12:58:32 by Stuart Henderson | Files touched by this commit (2)
Log message:
openssl ports: add PKGSPEC
   2020-09-23 09:24:03 by Stuart Henderson | Files touched by this commit (3)
Log message:
update to openssl-1.1.1h
   2020-07-05 04:05:40 by Marc Espie | Files touched by this commit (2)
Log message:
fix broken conflict spec. nice thinko
   2020-06-05 10:47:57 by Theo Buehler | Files touched by this commit (1)
Log message:
Enable debug package for OpenSSL 1.1.
ok sthen
   2020-04-21 22:31:54 by Theo Buehler | Files touched by this commit (3)
Log message:
update to OpenSSL 1.1.1g.
Addresses one high severity issue, CVE-2020-1967.
ok sthen
   2020-03-31 08:50:08 by Theo Buehler | Files touched by this commit (4)
Log message:
Update to OpenSSL 1.1.1f.  Commit missing Makefile.inc piece from a
"drop maintainer" commit.
ok sthen
   2020-03-17 12:38:39 by Stuart Henderson | Files touched by this commit (3)
Log message:
update to openssl 1.1.1e
   2020-02-03 13:40:41 by Stuart Henderson | Files touched by this commit (69)
Log message:
drop maintainer