From 3c79d601aaab88622628fa90fb9024d9b38afd46 Mon Sep 17 00:00:00 2001 From: Christian Grasser Date: Wed, 23 Sep 2020 22:41:58 +0200 Subject: [PATCH] update openssl to 1.1.1h containing Changes between 1.1.1g and 1.1.1h [22 Sep 2020] *) Certificates with explicit curve parameters are now disallowed in verification chains if the X509_V_FLAG_X509_STRICT flag is used. [Tomas Mraz] *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configuring DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS. SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options. [Viktor Dukhovni] *) Handshake now fails if Extended Master Secret extension is dropped on renegotiation. [Tomas Mraz] *) The Oracle Developer Studio compiler will start reporting deprecated APIs --- build_3rdparty.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build_3rdparty.py b/build_3rdparty.py index b7feb60..c217f77 100755 --- a/build_3rdparty.py +++ b/build_3rdparty.py @@ -5,8 +5,8 @@ DEPENDENT_LIBS = { 'openssl': { 'order' : 1, - 'url' : 'https://www.openssl.org/source/openssl-1.1.1g.tar.gz', - 'sha1' : 'b213a293f2127ec3e323fb3cfc0c9807664fd997', + 'url' : 'https://www.openssl.org/source/openssl-1.1.1h.tar.gz', + 'sha1' : '8d0d099e8973ec851368c8c775e05e1eadca1794', 'target': { 'mingw-w64': { 'result': ['include/openssl/ssl.h', 'lib/libssl.a', 'lib/libcrypto.a'],